tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephen Pegg" <stephenpe...@gmail.com>
Subject Re: tomcat5.5 and mysql5 permission problem on Ubuntu 7.04 (Fiesty)
Date Tue, 07 Aug 2007 12:06:26 GMT
David,

I can verify that the 50user.policy file is sufficient for making the
catalina.policy. In the Ubuntu install there are 5 seperate .policy files
that form the catalina.policy file. The catalina.policy file is uneditable
as any changes made are overwritten by the 5 seperate files.

One update on the first post, if i change localhost to 127.0.0.1 rather than
just saying "MESSAGE: access denied (java.net.SocketPermission localhost
resolve)" it says "MESSAGE: access denied (java.net.SocketPermission
127.0.0.1 connect, resolve)"

I did change all references of localhost to 127.0.0.1.

Stephen

On 07/08/07, David Smith <dns4@cornell.edu> wrote:
>
> The problem is most definitely in the security manager configuration.
> I'm not familiar with 50user.policy though -- this must be a Ubuntu
> thing.  Can you verify this is really the security policy config file
> tomcat is using?
>
> The policy settings I see toward the bottom looks good on the suface.
> Just wondering if that file is really the active tomcat policy file.  A
> tomcat download binary uses catalina.policy in the tomcat/conf folder.
> Admittedly the rpm install may be different.
>
> --David
>
> Stephen Pegg wrote:
>
> >I am having a very bad time trying to get a webapp to connect to a MySQL
> >database. I am using tomcat 5.5 and mysql 5 on a Ubuntu Server 7.04(Fiesty
> >Fawn)
> >
> >As far as i am aware i have set everything up okay and the webapp does
> >actually try and connect to the database.
> >
> >However, it doesn't! See tracestack below.
> >
> >org.apache.jasper.JasperException: Unable to get connection,
> >DataSource invalid: "org.apache.commons.dbcp.SQLNestedException:
> >Cannot create PoolableConnectionFactory (Communications link failure
> >due to underlying exception:
> >
> >
> >** BEGIN NESTED EXCEPTION **
> >
> >java.security.AccessControlException
> >MESSAGE: access denied (java.net.SocketPermission localhost resolve)
> >
> >STACKTRACE:
> >
> >java.security.AccessControlException: access denied (
> >java.net.SocketPermission localhost resolve)
> >       at java.security.AccessControlContext.checkPermission(
> AccessControlContext.java:264)
> >       at java.security.AccessController.checkPermission(
> AccessController.java:427)
> >       at
> >java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> >       at java.lang.SecurityManager.checkConnect(SecurityManager.java
> :1031)
> >       at java.net.InetAddress.getAllByName0(InetAddress.java:1117)
> >       at java.net.InetAddress.getAllByName0
> >(InetAddress.java:1098)
> >       at java.net.InetAddress.getAllByName(InetAddress.java:1061)
> >       at com.mysql.jdbc.StandardSocketFactory.connect(
> StandardSocketFactory.java:138)
> >       at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java
> >:277)
> >       at com.mysql.jdbc.Connection.createNewIO(Connection.java:2668)
> >       at com.mysql.jdbc.Connection.<init>(Connection.java:1531)
> >       at com.mysql.jdbc.NonRegisteringDriver.connect(
> NonRegisteringDriver.java:266)
> >
> >       at
> org.apache.commons.dbcp.DriverConnectionFactory.createConnection(
> DriverConnectionFactory.java:37)
> >       at org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(
> PoolableConnectionFactory.java:290)
> >       at
> org.apache.commons.dbcp.BasicDataSource.validateConnectionFactory
> >(BasicDataSource.java:877)
> >       at org.apache.commons.dbcp.BasicDataSource.createDataSource(
> BasicDataSource.java:851)
> >       at org.apache.commons.dbcp.BasicDataSource.getConnection(
> BasicDataSource.java:540)
> >       at
> org.apache.taglibs.standard.tag.common.sql.QueryTagSupport.getConnection
> >(QueryTagSupport.java:274)
> >       at
> org.apache.taglibs.standard.tag.common.sql.QueryTagSupport.doStartTag(
> QueryTagSupport.java:159)
> >       at org.apache.jsp.index_jsp._jspx_meth_sql_query_0
> (index_jsp.java:100)
> >       at org.apache.jsp.index_jsp._jspService
> >(index_jsp.java:58)
> >       at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java
> :97)
> >       at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> >       at org.apache.jasper.servlet.JspServletWrapper.service(
> >JspServletWrapper.java:334)
> >       at org.apache.jasper.servlet.JspServlet.serviceJspFile(
> JspServlet.java:314)
> >       at org.apache.jasper.servlet.JspServlet.service(JspServlet.java
> :264)
> >       at javax.servlet.http.HttpServlet.service
> >(HttpServlet.java:802)
> >       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >       at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:39)
> >       at sun.reflect.DelegatingMethodAccessorImpl.invoke
> >(DelegatingMethodAccessorImpl.java:25)
> >       at java.lang.reflect.Method.invoke(Method.java:585)
> >       at org.apache.catalina.security.SecurityUtil$1.run(
> SecurityUtil.java:243)
> >       at java.security.AccessController.doPrivileged
> >(Native Method)
> >       at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> >       at org.apache.catalina.security.SecurityUtil.execute(
> SecurityUtil.java:275)
> >       at org.apache.catalina.security.SecurityUtil.doAsPrivilege
> >(SecurityUtil.java:161)
> >       at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:245)
> >       at org.apache.catalina.core.ApplicationFilterChain.access$0(
> ApplicationFilterChain.java:177)
> >
> >       at org.apache.catalina.core.ApplicationFilterChain$1.run(
> ApplicationFilterChain.java:156)
> >       at java.security.AccessController.doPrivileged(Native Method)
> >       at org.apache.catalina.core.ApplicationFilterChain.doFilter
> >(ApplicationFilterChain.java:152)
> >       at org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:213)
> >       at org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:178)
> >       at
> >org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
> :126)
> >       at org.apache.catalina.valves.ErrorReportValve.invoke(
> ErrorReportValve.java:105)
> >       at org.apache.catalina.core.StandardEngineValve.invoke
> >(StandardEngineValve.java:107)
> >       at org.apache.catalina.connector.CoyoteAdapter.service(
> CoyoteAdapter.java:148)
> >       at org.apache.coyote.http11.Http11Processor.process(
> Http11Processor.java:869)
> >       at
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection
> >(Http11BaseProtocol.java:664)
> >       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(
> PoolTcpEndpoint.java:527)
> >       at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(
> LeaderFollowerWorkerThread.java:80)
> >
> >       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> ThreadPool.java:684)
> >       at java.lang.Thread.run(Thread.java:595)
> >
> >
> >** END NESTED EXCEPTION **
> >
> >
> >
> >Last packet sent to the server was 6 ms ago.)"
> >
> >       org.apache.jasper.servlet.JspServletWrapper.handleJspException(
> JspServletWrapper.java:512)
> >       org.apache.jasper.servlet.JspServletWrapper.service(
> JspServletWrapper.java:377)
> >       org.apache.jasper.servlet.JspServlet.serviceJspFile
> >(JspServlet.java:314)
> >       org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
> >       javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> >       sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >
> >       sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:39)
> >       sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:25)
> >       java.lang.reflect.Method.invoke(Method.java:585)
> >
> >       org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java
> :243)
> >       java.security.AccessController.doPrivileged(Native Method)
> >       javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> >       org.apache.catalina.security.SecurityUtil.execute
> >(SecurityUtil.java:275)
> >       org.apache.catalina.security.SecurityUtil.doAsPrivilege(
> SecurityUtil.java:161)
> >
> >I can connect to the database in command line, MySQL admin and query
> browser
> >with the same user and pass that i am using for the webapp. I gave this
> user
> >full permissions from any host. I have read about the security manager
> >possible stopping it from working even though i'm working with localhost.
> >The webapp itself has the resource in its /META-INF/context.xml (see
> below)
> >as i want to stay away from tomcats server.xml. I have a resource
> reference
> >in the webapps /WEB-INF/web.xml (See below). I have a copy of
> >mysql-connector-java-5.0.4.jar in the /common/lib/ directory as
> suggested.
> >There is no mysql jar in the webapps /WEB-INF/lib dir. I created the
> webapp
> >in netbeans5.5 on a windows platform, built it and deployed the
> >webapp.jarusing tomcat manager.
> >
> >---- Context.xml ----
> ><Context path="/DBTest" docBase="DBTest">
> ><Resource name="jdbc/time_management" auth="Container" type="
> >javax.sql.DataSource" maxActive="100" maxIdle="30" maxWait="10000"
> >username="timemanaccess" password="timeman101" driverClassName="
> >com.mysql.jdbc.Driver"
> >url="jdbc:mysql://localhost:3306/time_management_db"/>
> ></Context>
> >-----------------
> >
> >---- Web.xml ----
> ><resource-ref>
> ><res-ref-name>jdbc/time_management</res-ref-name>
> ><res-type>javax.sql.DataSource</res-type>
> ><res-auth>Application</res-auth>
> ><res-sharing-scope>Shareable</res-sharing-scope>
> ></resource-ref>
> >-----------------
> >
> >I have been editing the 50user.policy to try and give permissions to
> >localhost. See below.
> >
> >grant codeBase "file:${catalina.home}/webapps/DBTest/-" {
> >      //permission java.net.SocketPermission "localhost", "resolve";
> >      //permission java.net.SocketPermission "localhost:3306",
> >"connect,resolve";
> >    permission java.security.AllPermission;
> > };
> >
> > grant codeBase "file:/usr/share/tomcat5.5/common/lib/mysql-
> >connector-java-5.0.4.jar" {
> >    //permission java.net.SocketPermission "localhost", "resolve";
> >      //permission java.net.SocketPermission "localhost:3306",
> >"connect,resolve";
> >    permission java.security.AllPermission ;
> >};
> >
> >I have tried a number of variations of the permissions below. None
> worked.
> >
> >Can somebody please help? I can provide more information if needed.
> >
> >Thanks in advance,
> >Stephen
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message