tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Smith <d...@cornell.edu>
Subject Re: Issue with psql driver
Date Thu, 06 Sep 2007 10:05:14 GMT
Ahh... I see the root cause now.  It is indeed caused by the JVM's 
security manager:

Caused by: java.security.AccessControlException:
access denied (java.net.SocketPermission localhost
resolve)

Looking at your original post, I see (forgive the recap, but I wanted to 
refresh the relevant parts):

> I  was told I had a security problem so  I added a file called 
> chapter1.policy to  /etc/policy.d: 
> // These permissions apply to the chapter1 web application 
> grant codeBase "file:${catalina.home}/webapps/chapter1/WEB-INF/ 
> classes/-" { 
>   permission java.security.AllPermission; 
>
> }; 
>
>
> grant codeBase "file:${catalina.home}/webapps/chapter1/WEB-INF/ 
> lib/-" { 
>   permission java.security.AllPermission; 
>
> }; 
>
>
> // 
> // The permission granted to your JDBC driver 
> grant codeBase "file:${catalina.home}/common/lib/postgresql- 
> jdbc3-8.1.jar" { 
>       permission java.net.SocketPermission "localhost:5432", 
> "connect"; 
>
> }; 

I'm not familiar with "/etc/policy.d" though as the tomcat download 
stores policy info in $TOMCAT_HOME/conf/catalina.policy.  You'll have to 
verify that /etc/policy.d is really the policy file used.  I can offer 
this bit of policy code based on an example in catalina.policy:

grant codeBase 
"jar:file:${catalina.home}/common/lib/postgresql-jdbc3-8.1.jar!/-" {
      permission java.net.SocketPermission "localhost", "connect";
}

If you look at the Sun Javadocs for java.net.SocketPermission, you can 
get more detail on what's allowed in the permission line.

--David

Chris Baty wrote:
> Hi All,
> I've tried at least 4 drivers, changing the url to
> localhost:test, localhost:5432:test, 127.0.0.1:test
>
> This is my current trace:
> Error occurred: org.postgresql.util.PSQLException:
> Something unusual has occured to cause the driver to
> fail. Please report this exception.
> org.postgresql.util.PSQLException: Something unusual
> has occured to cause the driver to fail. Please report
> this exception.
> 	at org.postgresql.Driver.connect(Driver.java:276)
> 	at
> java.sql.DriverManager.getConnection(DriverManager.java:512)
> 	at
> java.sql.DriverManager.getConnection(DriverManager.java:171)
> 	at
> org.apache.jsp.jdb_jsp._jspService(jdb_jsp.java:69)
> 	at
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
> 	at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> 	at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
> 	at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
> 	at
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
> 	at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> 	at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> 	at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 	at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 	at java.lang.reflect.Method.invoke(Method.java:324)
> 	at
> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
> 	at java.security.AccessController.doPrivileged(Native
> Method)
> 	at
> javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
> 	at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:272)
> 	at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
> 	at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)
> 	at
> org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:177)
> 	at
> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
> 	at java.security.AccessController.doPrivileged(Native
> Method)
> 	at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)
> 	at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
> 	at
> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
> 	at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
> 	at
> org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
> 	at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
> 	at
> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
> 	at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
> 	at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
> 	at
> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
> 	at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
> 	at
> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
> 	at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
> 	at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> 	at
> org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
> 	at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
> 	at
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
> 	at
> org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
> 	at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
> 	at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
> 	at
> org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
> 	at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> 	at java.lang.Thread.run(Thread.java:534)
> Caused by: java.security.AccessControlException:
> access denied (java.net.SocketPermission localhost
> resolve)
> 	at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
> 	at
> java.security.AccessController.checkPermission(AccessController.java:401)
> 	at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
> 	at
> java.lang.SecurityManager.checkConnect(SecurityManager.java:1023)
> 	at
> java.net.InetAddress.getAllByName0(InetAddress.java:1000)
> 	at
> java.net.InetAddress.getAllByName0(InetAddress.java:981)
> 	at
> java.net.InetAddress.getAllByName(InetAddress.java:975)
> 	at
> java.net.InetAddress.getByName(InetAddress.java:889)
> 	at
> java.net.InetSocketAddress.<init>(InetSocketAddress.java:114)
> 	at java.net.Socket.<init>(Socket.java:124)
> 	at
> org.postgresql.core.PGStream.<init>(PGStream.java:59)
> 	at
> org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:77)
> 	at
> org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:66)
> 	at
> org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:125)
> 	at
> org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:30)
> 	at
> org.postgresql.jdbc3.Jdbc3Connection.<init>(Jdbc3Connection.java:24)
> 	at
> org.postgresql.Driver.makeConnection(Driver.java:382)
> 	at org.postgresql.Driver.connect(Driver.java:260)
> 	... 45 more
>
> Thanks.
> Chris
> --- Chris Baty <batymohn@yahoo.com> wrote:
>
>   
>> Hi David,
>> The only trace  that I can find is the Catalina log:
>>
>> Error occurred: org.postgresql.util.PSQLException:
>> Something unusual 
>> has occured to cause the driver to fail. Please
>> report this exception. 
>>
>> This comes right from my catch routine  and is  what
>> I would expect.
>>
>> Thanks.
>> Chris
>>
>>
>> ----- Original Message ----
>> From: David Smith <dns4@cornell.edu>
>> To: Tomcat Users List <users@tomcat.apache.org>
>> Sent: Wednesday, September 5, 2007 10:58:19 AM
>> Subject: Re: Issue with psql driver
>>
>>
>> Can you post the complete stack trace of your error?
>>  That would be 
>> extremely helpful in diagnosing the problem.
>>
>> ---David
>>
>>
>> Chris Baty wrote:
>>
>>     
>>> Hi Guys, 
>>> I'm trying to access psql from Tomcat5.  I have the
>>>       
>> correct driver 
>>     
>>> because my command-lind test program  works fine. 
>>>       
>> So I copied the 
>>     
>>> driver into /usr/share/tomcat5/common/lib, like the
>>>       
>> documentation 
>>     
>>> says.  Then I kept getting 
>>>
>>>
>>> Error occurred: org.postgresql.util.PSQLException:
>>>       
>> Something unusual 
>>     
>>> has occured to cause the driver to fail. Please
>>>       
>> report this exception. 
>>     
>>> I  was told I had a security problem so  I added a
>>>       
>> file called 
>>     
>>> chapter1.policy to  /etc/policy.d: 
>>> // These permissions apply to the chapter1 web
>>>       
>> application 
>>     
>>> grant codeBase
>>>       
>> "file:${catalina.home}/webapps/chapter1/WEB-INF/ 
>>     
>>> classes/-" { 
>>>  permission java.security.AllPermission; 
>>>
>>> }; 
>>>
>>>
>>> grant codeBase
>>>       
>> "file:${catalina.home}/webapps/chapter1/WEB-INF/ 
>>     
>>> lib/-" { 
>>>  permission java.security.AllPermission; 
>>>
>>> }; 
>>>
>>>
>>> // 
>>> // The permission granted to your JDBC driver 
>>> grant codeBase
>>>       
>> "file:${catalina.home}/common/lib/postgresql- 
>>     
>>> jdbc3-8.1.jar" { 
>>>      permission java.net.SocketPermission
>>>       
>> "localhost:5432", 
>>     
>>> "connect"; 
>>>
>>> }; 
>>>
>>>
>>> I still get the same PSQLException 
>>> Could anyone send me an example of a security
>>>       
>> policy that works?  I 
>>     
>>> don't understand because 03Catalina.policy
>>>       
>> contains: 
>>     
>>> // These permissions apply to the servlet API
>>>       
>> classes 
>>     
>>> // and those that are shared across all class
>>>       
>> loaders 
>>     
>>> // located in the "common" directory 
>>> grant codeBase "file:${catalina.home}/common/-" { 
>>>  permission java.security.AllPermission; 
>>>
>>> }; 
>>>
>>>
>>> Thanks.
>>>
>>>
>>>       
>>>       
>> ____________________________________________________________________________________
>>     
>>> Boardwalk for $500? In 2007? Ha! Play Monopoly Here
>>>       
>> and Now (it's updated for today's economy) at Yahoo!
>> Games.
>>
>> http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow
>>  
>>     
>>>  
>>>
>>>       
>>
>>     
> ---------------------------------------------------------------------
>   
>> To start a new topic, e-mail:
>> users@tomcat.apache.org
>> To unsubscribe, e-mail:
>> users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail:
>> users-help@tomcat.apache.org
>>
>>
>>        
>>
>>     
> ____________________________________________________________________________________
>   
>> Looking for a deal? Find great prices on flights and
>> hotels with Yahoo! FareChase.
>> http://farechase.yahoo.com/
>>     
>
>
>
>
>       ____________________________________________________________________________________
> Shape Yahoo! in your own image.  Join our Network Research Panel today!   http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7

>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>   


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message