tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Servlets / JSP can't connect to MySQL in Ubuntu Server
Date Thu, 20 Nov 2008 10:16:20 GMT
Krapacs Ambrose wrote:
> 
> Well I thought that I had tried turning off the security manager but I 
> couldn't remember how I did it. I tried again by modifying 
> /etc/init.d/tomcat and set TOMCAT_SECURITY to "no". I executed the JSP 
> again and EVERY TEST SUCCESSFULLY CONNECTED! Wow, finally!
> 
> So now I guess I need to determine the proper way to do this because I'm 
> guessing that disabling the security mangager is not smart. I really do 
> not know anything about the tomcat security  manager so I'm not sure how 
> to properly allow this in security  manager without disabling it 
> completely.
> 
So, you see, in the end it was a TCP/IP connection issue.
But it was not at the level of your MySQL server, but at the source : 
your JVM would not let your webapp do a "connect" to that port.

Now here comes a complication : finding where in the configuration you 
need to change this thing.
That depends a bit on where you got your Tomcat from.
In the end, you should find a file named like 
"(tomcat_dir)/conf/catalina.policy", which contains the permissions 
given to different webapps.
You should find enough examples in there to guess what you need to add 
to make it work. (*)
But, the file "catalina.policy" may be a file that is re-created each 
time you start Tomcat, from bits and pieces located somewhere else.
So check you Tomcat startup script carefully, and see whether it is 
doing something like that.  It may be that different bits related to 
permissions are located in a series of files under /etc/tomcat/policy.d 
for example.  If so, then add  a new file there, with the required 
permissions, and it will be picked up and concatenated with the others 
at the next startup, into a new catalina.policy file.
(And re-enable the security manager of course).

Maybe someone else will want to comment on the usefulness criteria of 
the security manager.  It does slow things down, so you may not 
necessarily want to enable it.



(*) something like :
grant codeBase "file:/var/lib/tomcat/webapps/yourwebapp/WEB-INF/classes/-" {
       permission java.net.SocketPermission "localhost", "connect,resolve";
       permission java.net.SocketPermission "*:3636", "connect,resolve";
};

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message