tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Smith <d...@cornell.edu>
Subject Re: tomcat5.5 and mysql5 permission problem on Ubuntu 7.04 (Fiesty)
Date Tue, 07 Aug 2007 13:10:24 GMT
So what does your 50user.policy show now?  What you posted below grants 
all permissions to both your webapp and the mysql driver jar file.

--David

Stephen Pegg wrote:

>David,
>
>I can verify that the 50user.policy file is sufficient for making the
>catalina.policy. In the Ubuntu install there are 5 seperate .policy files
>that form the catalina.policy file. The catalina.policy file is uneditable
>as any changes made are overwritten by the 5 seperate files.
>
>One update on the first post, if i change localhost to 127.0.0.1 rather than
>just saying "MESSAGE: access denied (java.net.SocketPermission localhost
>resolve)" it says "MESSAGE: access denied (java.net.SocketPermission
>127.0.0.1 connect, resolve)"
>
>I did change all references of localhost to 127.0.0.1.
>
>Stephen
>
>On 07/08/07, David Smith <dns4@cornell.edu> wrote:
>  
>
>>The problem is most definitely in the security manager configuration.
>>I'm not familiar with 50user.policy though -- this must be a Ubuntu
>>thing.  Can you verify this is really the security policy config file
>>tomcat is using?
>>
>>The policy settings I see toward the bottom looks good on the suface.
>>Just wondering if that file is really the active tomcat policy file.  A
>>tomcat download binary uses catalina.policy in the tomcat/conf folder.
>>Admittedly the rpm install may be different.
>>
>>--David
>>
>>Stephen Pegg wrote:
>>
>>    
>>
>>>I am having a very bad time trying to get a webapp to connect to a MySQL
>>>database. I am using tomcat 5.5 and mysql 5 on a Ubuntu Server 7.04(Fiesty
>>>Fawn)
>>>
>>>As far as i am aware i have set everything up okay and the webapp does
>>>actually try and connect to the database.
>>>
>>>However, it doesn't! See tracestack below.
>>>
>>>org.apache.jasper.JasperException: Unable to get connection,
>>>DataSource invalid: "org.apache.commons.dbcp.SQLNestedException:
>>>Cannot create PoolableConnectionFactory (Communications link failure
>>>due to underlying exception:
>>>
>>>
>>>** BEGIN NESTED EXCEPTION **
>>>
>>>java.security.AccessControlException
>>>MESSAGE: access denied (java.net.SocketPermission localhost resolve)
>>>
>>>STACKTRACE:
>>>
>>>java.security.AccessControlException: access denied (
>>>java.net.SocketPermission localhost resolve)
>>>      at java.security.AccessControlContext.checkPermission(
>>>      
>>>
>>AccessControlContext.java:264)
>>    
>>
>>>      at java.security.AccessController.checkPermission(
>>>      
>>>
>>AccessController.java:427)
>>    
>>
>>>      at
>>>java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>>      at java.lang.SecurityManager.checkConnect(SecurityManager.java
>>>      
>>>
>>:1031)
>>    
>>
>>>      at java.net.InetAddress.getAllByName0(InetAddress.java:1117)
>>>      at java.net.InetAddress.getAllByName0
>>>(InetAddress.java:1098)
>>>      at java.net.InetAddress.getAllByName(InetAddress.java:1061)
>>>      at com.mysql.jdbc.StandardSocketFactory.connect(
>>>      
>>>
>>StandardSocketFactory.java:138)
>>    
>>
>>>      at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java
>>>:277)
>>>      at com.mysql.jdbc.Connection.createNewIO(Connection.java:2668)
>>>      at com.mysql.jdbc.Connection.<init>(Connection.java:1531)
>>>      at com.mysql.jdbc.NonRegisteringDriver.connect(
>>>      
>>>
>>NonRegisteringDriver.java:266)
>>    
>>
>>>      at
>>>      
>>>
>>org.apache.commons.dbcp.DriverConnectionFactory.createConnection(
>>DriverConnectionFactory.java:37)
>>    
>>
>>>      at org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(
>>>      
>>>
>>PoolableConnectionFactory.java:290)
>>    
>>
>>>      at
>>>      
>>>
>>org.apache.commons.dbcp.BasicDataSource.validateConnectionFactory
>>    
>>
>>>(BasicDataSource.java:877)
>>>      at org.apache.commons.dbcp.BasicDataSource.createDataSource(
>>>      
>>>
>>BasicDataSource.java:851)
>>    
>>
>>>      at org.apache.commons.dbcp.BasicDataSource.getConnection(
>>>      
>>>
>>BasicDataSource.java:540)
>>    
>>
>>>      at
>>>      
>>>
>>org.apache.taglibs.standard.tag.common.sql.QueryTagSupport.getConnection
>>    
>>
>>>(QueryTagSupport.java:274)
>>>      at
>>>      
>>>
>>org.apache.taglibs.standard.tag.common.sql.QueryTagSupport.doStartTag(
>>QueryTagSupport.java:159)
>>    
>>
>>>      at org.apache.jsp.index_jsp._jspx_meth_sql_query_0
>>>      
>>>
>>(index_jsp.java:100)
>>    
>>
>>>      at org.apache.jsp.index_jsp._jspService
>>>(index_jsp.java:58)
>>>      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java
>>>      
>>>
>>:97)
>>    
>>
>>>      at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>      at org.apache.jasper.servlet.JspServletWrapper.service(
>>>JspServletWrapper.java:334)
>>>      at org.apache.jasper.servlet.JspServlet.serviceJspFile(
>>>      
>>>
>>JspServlet.java:314)
>>    
>>
>>>      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java
>>>      
>>>
>>:264)
>>    
>>
>>>      at javax.servlet.http.HttpServlet.service
>>>(HttpServlet.java:802)
>>>      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>      at sun.reflect.NativeMethodAccessorImpl.invoke(
>>>      
>>>
>>NativeMethodAccessorImpl.java:39)
>>    
>>
>>>      at sun.reflect.DelegatingMethodAccessorImpl.invoke
>>>(DelegatingMethodAccessorImpl.java:25)
>>>      at java.lang.reflect.Method.invoke(Method.java:585)
>>>      at org.apache.catalina.security.SecurityUtil$1.run(
>>>      
>>>
>>SecurityUtil.java:243)
>>    
>>
>>>      at java.security.AccessController.doPrivileged
>>>(Native Method)
>>>      at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
>>>      at org.apache.catalina.security.SecurityUtil.execute(
>>>      
>>>
>>SecurityUtil.java:275)
>>    
>>
>>>      at org.apache.catalina.security.SecurityUtil.doAsPrivilege
>>>(SecurityUtil.java:161)
>>>      at
>>>      
>>>
>>org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
>>ApplicationFilterChain.java:245)
>>    
>>
>>>      at org.apache.catalina.core.ApplicationFilterChain.access$0(
>>>      
>>>
>>ApplicationFilterChain.java:177)
>>    
>>
>>>      at org.apache.catalina.core.ApplicationFilterChain$1.run(
>>>      
>>>
>>ApplicationFilterChain.java:156)
>>    
>>
>>>      at java.security.AccessController.doPrivileged(Native Method)
>>>      at org.apache.catalina.core.ApplicationFilterChain.doFilter
>>>(ApplicationFilterChain.java:152)
>>>      at org.apache.catalina.core.StandardWrapperValve.invoke(
>>>      
>>>
>>StandardWrapperValve.java:213)
>>    
>>
>>>      at org.apache.catalina.core.StandardContextValve.invoke(
>>>      
>>>
>>StandardContextValve.java:178)
>>    
>>
>>>      at
>>>org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
>>>      
>>>
>>:126)
>>    
>>
>>>      at org.apache.catalina.valves.ErrorReportValve.invoke(
>>>      
>>>
>>ErrorReportValve.java:105)
>>    
>>
>>>      at org.apache.catalina.core.StandardEngineValve.invoke
>>>(StandardEngineValve.java:107)
>>>      at org.apache.catalina.connector.CoyoteAdapter.service(
>>>      
>>>
>>CoyoteAdapter.java:148)
>>    
>>
>>>      at org.apache.coyote.http11.Http11Processor.process(
>>>      
>>>
>>Http11Processor.java:869)
>>    
>>
>>>      at
>>>      
>>>
>>org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection
>>    
>>
>>>(Http11BaseProtocol.java:664)
>>>      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(
>>>      
>>>
>>PoolTcpEndpoint.java:527)
>>    
>>
>>>      at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(
>>>      
>>>
>>LeaderFollowerWorkerThread.java:80)
>>    
>>
>>>      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
>>>      
>>>
>>ThreadPool.java:684)
>>    
>>
>>>      at java.lang.Thread.run(Thread.java:595)
>>>
>>>
>>>** END NESTED EXCEPTION **
>>>
>>>
>>>
>>>Last packet sent to the server was 6 ms ago.)"
>>>
>>>      org.apache.jasper.servlet.JspServletWrapper.handleJspException(
>>>      
>>>
>>JspServletWrapper.java:512)
>>    
>>
>>>      org.apache.jasper.servlet.JspServletWrapper.service(
>>>      
>>>
>>JspServletWrapper.java:377)
>>    
>>
>>>      org.apache.jasper.servlet.JspServlet.serviceJspFile
>>>(JspServlet.java:314)
>>>      org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
>>>      javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>>>      sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>
>>>      sun.reflect.NativeMethodAccessorImpl.invoke(
>>>      
>>>
>>NativeMethodAccessorImpl.java:39)
>>    
>>
>>>      sun.reflect.DelegatingMethodAccessorImpl.invoke(
>>>      
>>>
>>DelegatingMethodAccessorImpl.java:25)
>>    
>>
>>>      java.lang.reflect.Method.invoke(Method.java:585)
>>>
>>>      org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java
>>>      
>>>
>>:243)
>>    
>>
>>>      java.security.AccessController.doPrivileged(Native Method)
>>>      javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
>>>      org.apache.catalina.security.SecurityUtil.execute
>>>(SecurityUtil.java:275)
>>>      org.apache.catalina.security.SecurityUtil.doAsPrivilege(
>>>      
>>>
>>SecurityUtil.java:161)
>>    
>>
>>>I can connect to the database in command line, MySQL admin and query
>>>      
>>>
>>browser
>>    
>>
>>>with the same user and pass that i am using for the webapp. I gave this
>>>      
>>>
>>user
>>    
>>
>>>full permissions from any host. I have read about the security manager
>>>possible stopping it from working even though i'm working with localhost.
>>>The webapp itself has the resource in its /META-INF/context.xml (see
>>>      
>>>
>>below)
>>    
>>
>>>as i want to stay away from tomcats server.xml. I have a resource
>>>      
>>>
>>reference
>>    
>>
>>>in the webapps /WEB-INF/web.xml (See below). I have a copy of
>>>mysql-connector-java-5.0.4.jar in the /common/lib/ directory as
>>>      
>>>
>>suggested.
>>    
>>
>>>There is no mysql jar in the webapps /WEB-INF/lib dir. I created the
>>>      
>>>
>>webapp
>>    
>>
>>>in netbeans5.5 on a windows platform, built it and deployed the
>>>webapp.jarusing tomcat manager.
>>>
>>>---- Context.xml ----
>>><Context path="/DBTest" docBase="DBTest">
>>><Resource name="jdbc/time_management" auth="Container" type="
>>>javax.sql.DataSource" maxActive="100" maxIdle="30" maxWait="10000"
>>>username="timemanaccess" password="timeman101" driverClassName="
>>>com.mysql.jdbc.Driver"
>>>url="jdbc:mysql://localhost:3306/time_management_db"/>
>>></Context>
>>>-----------------
>>>
>>>---- Web.xml ----
>>><resource-ref>
>>><res-ref-name>jdbc/time_management</res-ref-name>
>>><res-type>javax.sql.DataSource</res-type>
>>><res-auth>Application</res-auth>
>>><res-sharing-scope>Shareable</res-sharing-scope>
>>></resource-ref>
>>>-----------------
>>>
>>>I have been editing the 50user.policy to try and give permissions to
>>>localhost. See below.
>>>
>>>grant codeBase "file:${catalina.home}/webapps/DBTest/-" {
>>>     //permission java.net.SocketPermission "localhost", "resolve";
>>>     //permission java.net.SocketPermission "localhost:3306",
>>>"connect,resolve";
>>>   permission java.security.AllPermission;
>>>};
>>>
>>>grant codeBase "file:/usr/share/tomcat5.5/common/lib/mysql-
>>>connector-java-5.0.4.jar" {
>>>   //permission java.net.SocketPermission "localhost", "resolve";
>>>     //permission java.net.SocketPermission "localhost:3306",
>>>"connect,resolve";
>>>   permission java.security.AllPermission ;
>>>};
>>>
>>>I have tried a number of variations of the permissions below. None
>>>      
>>>
>>worked.
>>    
>>
>>>Can somebody please help? I can provide more information if needed.
>>>
>>>Thanks in advance,
>>>Stephen
>>>
>>>
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>To start a new topic, e-mail: users@tomcat.apache.org
>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>    
>>
>
>  
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message