tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "eric chacon" <chacone...@hotmail.com>
Subject JNDI / Tomcat Security Policy
Date Tue, 17 Apr 2001 17:58:23 GMT
Folks,

I am trying to deploy a PoolMan DataSource with JNDI, accessible from 
Tomcat.

I'm running Tomcat 3.2.1, Linux, Postgresql 7.0.?, and Apache (using 
mod_jk.so).

I seem to be having trouble with my security policies--

Poolman 1.4.1 (the most recent version I could make work--2.0 was a crashing 
failure) comes with a DeployDataSource tool that is used to attach a 
DataSource to a JNDI server.

It is run with the command line

java -Djava.security.policy=poolman.policy DeployDataSource userdb

This policy is very simple:

grant {
        permission java.security.AllPermission;
};

If I understand this correctly, this should give ANY codeBase access to 
whatever is run in this process (basically, everything).

However...

When I try to run from my servlet, I get an AccessControl Exception (stack 
dump attached to the bottom of this email).

1) Has ANYBODY gotten this working? I can make Poolman work with standard 
datasource stuff (the test servlet works fine, reads my database, etc.)

2) Has anyone used JNDI for other things along with PoolMan? Is it standard 
practice to deploy resources (such as Data Sources) to JNDI servers from 
external (non-Tomcat) applications, and then have them be read by Tomcat (I 
would assume this is standard--I would assume this is what JNDI is for...)

3) Am I wrong about my understanding of the way Policies work?

Interesting Note: This may help--after an attempt to run the code that 
causes this exception, Tomcat stops working has has to be bounced.  
Basically, ANY attempt to play with tomcat (to reload a previously loaded 
JSP, for example) results in an access control error...

Interesting... in the ancient curse sense of the word ;)

Thanks,

E.

Failed to get datasource: dataSourceName = 
e=java.security.AccessControlExceptio
n: access denied (java.net.SocketPermission 127.0.0.1:1099 connect,resolve)
java.security.AccessControlException: access denied 
(java.net.SocketPermission 1
27.0.0.1:1099 connect,resolve)
        at 
java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:272)
        at 
java.security.AccessController.checkPermission(AccessController.java:
399)
        at 
java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
        at java.lang.SecurityManager.checkConnect(SecurityManager.java:1044)
        at java.net.Socket.<init>(Socket.java:262)
        at java.net.Socket.<init>(Socket.java:100)
        at 
sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirect
SocketFactory.java:25)
        at 
sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMaster
SocketFactory.java:120)
        at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:499)
        at 
sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:190
)
        at 
sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:174)
        at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:318)
        at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
        at 
com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java
:91)
        at 
com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java
:101)
        at javax.naming.InitialContext.lookup(InitialContext.java:350)
        at org.eric.cserve.db.DSSingleton.initialize(DSSingleton.java:91)
        at org.eric.cserve.db.DSSingleton.getDataSource(DSSingleton.java:43)
        at org.eric.cserve.db.UserDB.executeSQL(UserDB.java:14)
        at 
org.eric.mysite.authenticate.Authenticate.isAuthenticated(Authenticat
e.java:17)
        at 
org.eric.mysite.authenticate.AuthenticateServlet.doService(Authentica
teServlet.java:33)
        at 
org.eric.mysite.authenticate.AuthenticateServlet.doPost(AuthenticateS
ervlet.java:14)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
        at 
org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:4
04)
        at org.apache.tomcat.core.Handler.service(Handler.java:286)
        at 
org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372
)
        at 
org.apache.tomcat.core.ContextManager.internalService(ContextManager.
java:797)
        at 
org.apache.tomcat.core.ContextManager.service(ContextManager.java:743
)
        at 
org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processCon
nection(Ajp12ConnectionHandler.java:166)
        at 
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at 
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:498)
        at java.lang.Thread.run(Thread.java:484)
Could not find 'poolman.props' -- now attempting to read deprecated file 
name 'p
ool.props'... failed.

java.sql.SQLException:
ERROR: Unable to find and read a valid PoolMan properties file. Please 
ensure th
at 'poolman.props' is in a directory that is in your CLASSPATH.

        at com.codestudio.sql.PoolMan.connect(PoolMan.java:172)
        at 
com.codestudio.sql.PoolManDataSource.getConnection(PoolManDataSource.
java:48)
        at 
org.eric.cserve.db.DataSourceAccess.execute(DataSourceAccess.java:26)
        at org.eric.cserve.db.UserDB.executeSQL(UserDB.java:14)
        at 
org.eric.mysite.authenticate.Authenticate.isAuthenticated(Authenticat
e.java:17)
        at 
org.eric.mysite.authenticate.AuthenticateServlet.doService(Authentica
teServlet.java:33)
        at 
org.eric.mysite.authenticate.AuthenticateServlet.doPost(AuthenticateS
ervlet.java:14)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
        at 
org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:4
04)
        at org.apache.tomcat.core.Handler.service(Handler.java:286)
        at 
org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372
)
        at 
org.apache.tomcat.core.ContextManager.internalService(ContextManager.
java:797)
        at 
org.apache.tomcat.core.ContextManager.service(ContextManager.java:743
)
        at 
org.apache.tomcat.service.connector.Ajp12ConnectionHandler.processCon
nection(Ajp12ConnectionHandler.java:166)
        at 
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
416)
        at 
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
:498)
        at java.lang.Thread.run(Thread.java:484)
Error -- No Result Set returned
java.lang.NullPointerException
        at 
org.eric.mysite.authenticate.Authenticate.isAuthenticated(Authenticat
e.java:19)
        at 
org.eric.mysite.authenticate.AuthenticateServlet.doService(Authentica
teServlet.java:33)
        at 
org.eric.mysite.authenticate.AuthenticateServlet.doPost(AuthenticateS
ervlet.java:14)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
        at 
org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:4
04)
        at org.apache.tomcat.core.Handler.service(Handler.java:286)
        at 
org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com


Mime
View raw message