tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cameron Currie" <ccur...@tamu.edu>
Subject Re: Database Connection Error Cannot create PoolableConnectionFactory
Date Thu, 20 Jul 2006 16:35:29 GMT
Okay, using this blanket statement:

grant {
        permission java.net.SocketPermission "localhost", "resolve";
        permission java.net.SocketPermission "127.0.0.1:3306",
"connect,resolve";
};

The webapp works when tomcat is started normally. This is acceptable
while the machine is being used as a development server, but when it
goes live, I'd like the grant statement to be appropriately strict.
Anyone have suggestions for what to set as the codeBase?

I have tried, with no success:
codeBase "file:${catalina.home}/webapps/-"
codeBase "file:${catalina.home}/webapps/ROOT/-"
codeBase "file:${catalina.home}/common/lib/-"
codeBase "file:${catalina.home}/common/lib/mysql-connector-blah.jar"
codeBase "jar:file:${catalina.home}/common/lib/mysql-connector-blah.jar!/-"

On 7/20/06, Cameron Currie <ccurrie@tamu.edu> wrote:
> I haven't gotten it working yet, but I think David may be on the right
> track. Here's what I did:
>
> I changed my file at '/etc/tomcat5/policy.d/03catalina.policy' to
> properly point to my connector.jar and also changed the permissions to
> include:
> permission java.net.SocketPermission "localhost", "connect,resolve";
> permission java.net.SocketPermission "localhost:3306", "connect,resolve";
>
> Alas, this did not work. I googled for information on Tomcat's
> security manager and found this message (possibly from this very
> mailing list?):
> http://marc2.theaimsgroup.com/?l=tomcat-user&m=109912397815989&w=2
>
> I also read through the tomcat security manager documentation. I found
> a debug option to pass to tomcat (-Djava.security.debug=all). In order
> to use it I started tomcat with startup.sh (as opposed to the
> /etc/init.d/ script).
>
> I saw no debugging information. But our webapps worked!
>
> I assume starting tomcat this way does not start up the security
> manager. Hopefully I can get the policy properly configured so that I
> don't have to manually start up tomcat!
>
> On 7/20/06, David Smith <dns4@cornell.edu> wrote:
> > java.security.AccessControlException indicates you are running tomcat
> > with the security manager.  You'll need to edit your catalina.policy
> > file to allow this connection.  The policy file itself has a number of
> > examples, here's just one modified to your situation below:
> >
> > grant codebase
> > "jar:file:${catalina.home}/common/lib/mysql-connector-java-3.14.jar!/-" {
> >     permission java.net.SocketPermission "127.0.0.1:3306", "connect" ;
> > }
> >
> > --David
> >
> > Bob Hall wrote:
> >
> > >Cameron,
> > >
> > >You wrote:
> > >
> > >
> > >
> > >>I have a newly installed and configured Ubuntu
> > >>server running
> > >>Tomcat5.5 and Mysql 5.0. This server was created in
> > >>an attempt to
> > >>migrate from a Red Hat server in a similar
> > >>configuration, running the
> > >>exact same webapp. Most of the
> > >>configuration/classpath differences
> > >>between the two platforms have been ironed out.
> > >>
> > >>The Problem:
> > >>
> > >>When our webapp trys to connect to the database on
> > >>localhost, an exception
> > >>
> > >>'java.security.AccessControlException: access denied
> > >>(java.net.SocketPermission localhost resolve)'
> > >>
> > >>is generated.
> > >>
> > >>
> > >>
> > >
> > >Looks like the OS is unable to resolve localhost.
> > >Does the ubuntu server have the following in its
> > >/ect/hosts file?
> > >
> > >127.0.0.1    localhost
> > >
> > >-Bob
> > >
> > >__________________________________________________
> > >Do You Yahoo!?
> > >Tired of spam?  Yahoo! Mail has the best spam protection around
> > >http://mail.yahoo.com
> > >
> > >---------------------------------------------------------------------
> > >To start a new topic, e-mail: users@tomcat.apache.org
> > >To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > >For additional commands, e-mail: users-help@tomcat.apache.org
> > >
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>
>
> --
> Cameron Currie
> ccurrie@tamu.edu
>


-- 
Cameron Currie
ccurrie@tamu.edu

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message