tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Smith <d...@cornell.edu>
Subject Re: tomcat5.5 and mysql5 permission problem on Ubuntu 7.04 (Fiesty)
Date Tue, 07 Aug 2007 11:58:21 GMT
The problem is most definitely in the security manager configuration.  
I'm not familiar with 50user.policy though -- this must be a Ubuntu 
thing.  Can you verify this is really the security policy config file 
tomcat is using?

The policy settings I see toward the bottom looks good on the suface.  
Just wondering if that file is really the active tomcat policy file.  A 
tomcat download binary uses catalina.policy in the tomcat/conf folder.  
Admittedly the rpm install may be different.

--David

Stephen Pegg wrote:

>I am having a very bad time trying to get a webapp to connect to a MySQL
>database. I am using tomcat 5.5 and mysql 5 on a Ubuntu Server 7.04 (Fiesty
>Fawn)
>
>As far as i am aware i have set everything up okay and the webapp does
>actually try and connect to the database.
>
>However, it doesn't! See tracestack below.
>
>org.apache.jasper.JasperException: Unable to get connection,
>DataSource invalid: "org.apache.commons.dbcp.SQLNestedException:
>Cannot create PoolableConnectionFactory (Communications link failure
>due to underlying exception:
>
>
>** BEGIN NESTED EXCEPTION **
>
>java.security.AccessControlException
>MESSAGE: access denied (java.net.SocketPermission localhost resolve)
>
>STACKTRACE:
>
>java.security.AccessControlException: access denied (
>java.net.SocketPermission localhost resolve)
>	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
>	at java.security.AccessController.checkPermission(AccessController.java:427)
>	at
>java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>	at java.lang.SecurityManager.checkConnect(SecurityManager.java:1031)
>	at java.net.InetAddress.getAllByName0(InetAddress.java:1117)
>	at java.net.InetAddress.getAllByName0
>(InetAddress.java:1098)
>	at java.net.InetAddress.getAllByName(InetAddress.java:1061)
>	at com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:138)
>	at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java
>:277)
>	at com.mysql.jdbc.Connection.createNewIO(Connection.java:2668)
>	at com.mysql.jdbc.Connection.<init>(Connection.java:1531)
>	at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:266)
>
>	at org.apache.commons.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:37)
>	at org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:290)
>	at org.apache.commons.dbcp.BasicDataSource.validateConnectionFactory
>(BasicDataSource.java:877)
>	at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:851)
>	at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:540)
>	at org.apache.taglibs.standard.tag.common.sql.QueryTagSupport.getConnection
>(QueryTagSupport.java:274)
>	at org.apache.taglibs.standard.tag.common.sql.QueryTagSupport.doStartTag(QueryTagSupport.java:159)
>	at org.apache.jsp.index_jsp._jspx_meth_sql_query_0(index_jsp.java:100)
>	at org.apache.jsp.index_jsp._jspService
>(index_jsp.java:58)
>	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
>	at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>	at org.apache.jasper.servlet.JspServletWrapper.service(
>JspServletWrapper.java:334)
>	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
>	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
>	at javax.servlet.http.HttpServlet.service
>(HttpServlet.java:802)
>	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>	at sun.reflect.DelegatingMethodAccessorImpl.invoke
>(DelegatingMethodAccessorImpl.java:25)
>	at java.lang.reflect.Method.invoke(Method.java:585)
>	at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
>	at java.security.AccessController.doPrivileged
>(Native Method)
>	at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
>	at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
>	at org.apache.catalina.security.SecurityUtil.doAsPrivilege
>(SecurityUtil.java:161)
>	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)
>	at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:177)
>
>	at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
>	at java.security.AccessController.doPrivileged(Native Method)
>	at org.apache.catalina.core.ApplicationFilterChain.doFilter
>(ApplicationFilterChain.java:152)
>	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
>	at
>org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
>	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
>	at org.apache.catalina.core.StandardEngineValve.invoke
>(StandardEngineValve.java:107)
>	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
>	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
>	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection
>(Http11BaseProtocol.java:664)
>	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
>	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
>
>	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
>	at java.lang.Thread.run(Thread.java:595)
>
>
>** END NESTED EXCEPTION **
>
>
>
>Last packet sent to the server was 6 ms ago.)"
>
>	org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)
>	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
>	org.apache.jasper.servlet.JspServlet.serviceJspFile
>(JspServlet.java:314)
>	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
>	javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>	sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>	sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>	sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>	java.lang.reflect.Method.invoke(Method.java:585)
>
>	org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
>	java.security.AccessController.doPrivileged(Native Method)
>	javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
>	org.apache.catalina.security.SecurityUtil.execute
>(SecurityUtil.java:275)
>	org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
>
>I can connect to the database in command line, MySQL admin and query browser
>with the same user and pass that i am using for the webapp. I gave this user
>full permissions from any host. I have read about the security manager
>possible stopping it from working even though i'm working with localhost.
>The webapp itself has the resource in its /META-INF/context.xml (see below)
>as i want to stay away from tomcats server.xml. I have a resource reference
>in the webapps /WEB-INF/web.xml (See below). I have a copy of
>mysql-connector-java-5.0.4.jar in the /common/lib/ directory as suggested.
>There is no mysql jar in the webapps /WEB-INF/lib dir. I created the webapp
>in netbeans5.5 on a windows platform, built it and deployed the
>webapp.jarusing tomcat manager.
>
>---- Context.xml ----
><Context path="/DBTest" docBase="DBTest">
><Resource name="jdbc/time_management" auth="Container" type="
>javax.sql.DataSource" maxActive="100" maxIdle="30" maxWait="10000"
>username="timemanaccess" password="timeman101" driverClassName="
>com.mysql.jdbc.Driver"
>url="jdbc:mysql://localhost:3306/time_management_db"/>
></Context>
>-----------------
>
>---- Web.xml ----
><resource-ref>
><res-ref-name>jdbc/time_management</res-ref-name>
><res-type>javax.sql.DataSource</res-type>
><res-auth>Application</res-auth>
><res-sharing-scope>Shareable</res-sharing-scope>
></resource-ref>
>-----------------
>
>I have been editing the 50user.policy to try and give permissions to
>localhost. See below.
>
>grant codeBase "file:${catalina.home}/webapps/DBTest/-" {
>      //permission java.net.SocketPermission "localhost", "resolve";
>      //permission java.net.SocketPermission "localhost:3306",
>"connect,resolve";
>    permission java.security.AllPermission;
> };
>
> grant codeBase "file:/usr/share/tomcat5.5/common/lib/mysql-
>connector-java-5.0.4.jar" {
>    //permission java.net.SocketPermission "localhost", "resolve";
>      //permission java.net.SocketPermission "localhost:3306",
>"connect,resolve";
>    permission java.security.AllPermission ;
>};
>
>I have tried a number of variations of the permissions below. None worked.
>
>Can somebody please help? I can provide more information if needed.
>
>Thanks in advance,
>Stephen
>
>  
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message