axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Dierich <f.dier...@planungsgemeinschaft.de>
Subject Problem with security manager and JWS class - What is the URL of the compiled JWS classes for the policy file?
Date Wed, 12 Oct 2005 13:52:34 GMT
Hi Axis community!

I have a problem with a .jws class running on a Tomcat 4.1 with security 
switched on (on Debian GNU/Linux with Blackdown Java 1.4). The JWS class 
(which is not written by me) tries to connect to a MySQL server on the 
same machine which is prevented by the security manager, although the 
following grant is made in the policy file:

grant codeBase "file:${catalina.home}/webapps/anemos/-" {
   permission java.security.AllPermission;
};

Another web service installed at the same webapp with WSDD can make DB 
connections without problems.

If I add

grant {
   permission java.security.AllPermission;
};

to the policy file, everything works fine. So the question is (I think): 
What is the URL of the compiled JWS classes?

This is the output in catalina.out:

Connection Error: com.mysql.jdbc.CommunicationsException: Communications 
link failure due to underlying exception:

** BEGIN NESTED EXCEPTION **

java.security.AccessControlException
MESSAGE: access denied (java.net.SocketPermission localhost resolve)

STACKTRACE:

java.security.AccessControlException: access denied 
(java.net.SocketPermission localhost resolve)
         at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
         at 
java.security.AccessController.checkPermission(AccessController.java:401)
         at 
java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
         at 
java.lang.SecurityManager.checkConnect(SecurityManager.java:1023)
         at java.net.InetAddress.getAllByName0(InetAddress.java:1000)
         at java.net.InetAddress.getAllByName0(InetAddress.java:981)
         at java.net.InetAddress.getAllByName(InetAddress.java:975)
         at 
com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:137)
         at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java:283)
         at com.mysql.jdbc.Connection.createNewIO(Connection.java:2541)
         at com.mysql.jdbc.Connection.<init>(Connection.java:1474)
         at 
com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:264)
         at 
com.mysql.jdbc.jdbc2.optional.MysqlDataSource.getConnection(MysqlDataSource.java:425)
         at 
com.mysql.jdbc.jdbc2.optional.MysqlDataSource.getConnection(MysqlDataSource.java:140)
         at AnemosSDRRequestESB.AnemosConnect(AnemosSDRRequestESB.java:7484)
...


I have switched on the debug mode and it adds:

access: access allowed (java.io.FilePermission 
/var/lib/tomcat4/webapps/anemos/WEB-INF/lib/mysql-connector-java-3.1.10-bin.jar 
reaaccess: access denied (java.util.PropertyPermission 
com.mysql.jdbc.logger read)
java.lang.Exception: Stack trace
         at java.lang.Thread.dumpStack(Thread.java:1064)
         at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:258)
         at 
java.security.AccessController.checkPermission(AccessController.java:401)
         at 
java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
         at 
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1276)
         at java.lang.System.getProperty(System.java:573)
         at 
com.mysql.jdbc.ConnectionProperties.postInitialization(ConnectionProperties.java:2383)
         at 
com.mysql.jdbc.ConnectionProperties.initializeProperties(ConnectionProperties.java:2365)
         at 
com.mysql.jdbc.Connection.initializeDriverProperties(Connection.java:3617)
         at com.mysql.jdbc.Connection.<init>(Connection.java:1471)
         at 
com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:264)
         at 
com.mysql.jdbc.jdbc2.optional.MysqlDataSource.getConnection(MysqlDataSource.java:425)
         at 
com.mysql.jdbc.jdbc2.optional.MysqlDataSource.getConnection(MysqlDataSource.java:140)
         at AnemosSDRRequestESB.AnemosConnect(AnemosSDRRequestESB.java:7484)
[...]
access: access allowed (java.util.PropertyPermission java.security.debug 
read)
access: domain that failed ProtectionDomain  (null <no certificates>)
  org.apache.axis.utils.JWSClassLoader@879860
  <no principals>
  java.security.Permissions@ee6ad6 (
  (java.util.PropertyPermission java.version read)
  (java.util.PropertyPermission java.home read)
  (java.util.PropertyPermission java.vm.name read)
  (java.util.PropertyPermission java.vm.vendor read)
  (java.util.PropertyPermission javax.sql.* read)
  (java.util.PropertyPermission os.name read)
  (java.util.PropertyPermission java.vendor.url read)
  (java.util.PropertyPermission java.vm.specification.vendor read)
  (java.util.PropertyPermission java.specification.vendor read)
  (java.util.PropertyPermission os.version read)
  (java.util.PropertyPermission java.specification.name read)
  (java.util.PropertyPermission java.class.version read)
  (java.util.PropertyPermission file.separator read)
  (java.util.PropertyPermission java.vm.version read)
  (java.util.PropertyPermission os.arch read)
  (java.util.PropertyPermission java.naming.* read)
  (java.util.PropertyPermission jaxp.debug read)
  (java.util.PropertyPermission java.vm.specification.name read)
  (java.util.PropertyPermission java.vm.specification.version read)
  (java.util.PropertyPermission java.specification.version read)
  (java.util.PropertyPermission java.vendor read)
  (java.util.PropertyPermission path.separator read)
  (java.util.PropertyPermission line.separator read)
  (java.lang.RuntimePermission 
accessClassInPackage.org.apache.jasper.runtime)
  (java.lang.RuntimePermission 
accessClassInPackage.org.apache.catalina.util.*)
  (java.lang.RuntimePermission accessClassInPackage.sun.beans)
  (java.lang.RuntimePermission 
accessClassInPackage.org.apache.catalina.util)
  (java.lang.RuntimePermission accessClassInPackage.sun.beans.*)
  (java.lang.RuntimePermission getAttribute)
  (java.lang.RuntimePermission 
accessClassInPackage.org.apache.jasper.runtime.*)
  (java.lang.RuntimePermission 
defineClassInPackage.org.apache.catalina.util.*)
  (java.lang.RuntimePermission 
defineClassInPackage.org.apache.catalina.util)
)

and a second similar one.

Please help me if you can as I have spent quite a while trying all kinds 
of stuff!

Thanks and regards

Felix


Mime
View raw message