tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "" <rbatema...@excite.com>
Subject Tomcat 4.1.24 Security
Date Tue, 24 Jun 2003 21:56:40 GMT

I am in the process of expanding a web site I am developing to attach to a "test" server.
 In the process of my expansion into further testing, I've altered my data base access to
point to a different server than my Tomcat server.

Everything runs just fine until I attempt to access the "test" data base server.  I get a
security error message - as I expected.  Looking thru all of the documentation I could find
- I discovered that I needed to add a grant statement to the catalina.policy file pointing
to the codeBase for my JDBC driver.

(as an aside, I am uncertain what I broke, but as soon as I get a security access violation
on my external DataBase jar, tomcat server stops accepting commands on 127.0.0.1 to shutdown)

I opened catalina.policy and added my DataBase driver via this grant statement:

grant codeBase "file:${catalina.home}/common/lib/mysql-connector-java-3.0.8-stable-bin.jar"
{
  permission java.net.SocketPermission "127.0.0.1:3306", "accept, connect, listen, resolve";
};

I loaded Tomcat up with the -security command line option and reloaded my servlet.  Problem
is - now, instead of getting access to my data, I get a message in the Tomcat screen saying
that the dbcp code had tried 3 times to load before it gave up.  Making matters worse, with
-security active, I can no longer access my data source on 127.0.0.1

Reading thru any message I could find on this subject, I noticed someone mentioned having
your codeBase say "jar:file:".  I also noticed someone mentioning putting "!/-" at the end
of the codeBase string.

I've tried both of these and get the same error from the dbcp code whenever it tries to create
a database connection.  I noticed that I should turn debugging on with an option to CATALINA_OPTS
- but the volume of output is so overwhelming that I can't see SecurityManager determine if
my data base access is valid.

I gotta believe someone is using Tomcat 4.1.24 is a multi-tier environment.  This tells me
I'm missing something...

Bob Bateman

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message