Re: tomcat5.5 and mysql5 permission problem on Ubuntu 7.04 (Fiesty)

Tue, 07 Aug 2007 05:01:47 -0700

The problem is most definitely in the security manager configuration. I'm not familiar with 50user.policy though -- this must be a Ubuntu thing. Can you verify this is really the security policy config file tomcat is using?
The policy settings I see toward the bottom looks good on the suface. Just wondering if that file is really the active tomcat policy file. A tomcat download binary uses catalina.policy in the tomcat/conf folder. Admittedly the rpm install may be different. 

--David

Stephen Pegg wrote:


I am having a very bad time trying to get a webapp to connect to a MySQL
database. I am using tomcat 5.5 and mysql 5 on a Ubuntu Server 7.04 (Fiesty
Fawn)

As far as i am aware i have set everything up okay and the webapp does
actually try and connect to the database.

However, it doesn't! See tracestack below.

org.apache.jasper.JasperException: Unable to get connection,
DataSource invalid: "org.apache.commons.dbcp.SQLNestedException:
Cannot create PoolableConnectionFactory (Communications link failure
due to underlying exception:


** BEGIN NESTED EXCEPTION **

java.security.AccessControlException
MESSAGE: access denied (java.net.SocketPermission localhost resolve)

STACKTRACE:

java.security.AccessControlException: access denied (
java.net.SocketPermission localhost resolve)
        at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
        at 
java.security.AccessController.checkPermission(AccessController.java:427)
        at
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkConnect(SecurityManager.java:1031)
        at java.net.InetAddress.getAllByName0(InetAddress.java:1117)
        at java.net.InetAddress.getAllByName0
(InetAddress.java:1098)
        at java.net.InetAddress.getAllByName(InetAddress.java:1061)
        at 
com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:138)
        at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java
:277)
        at com.mysql.jdbc.Connection.createNewIO(Connection.java:2668)
        at com.mysql.jdbc.Connection.<init>(Connection.java:1531)
        at 
com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:266)

        at 
org.apache.commons.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:37)
        at 
org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:290)
        at org.apache.commons.dbcp.BasicDataSource.validateConnectionFactory
(BasicDataSource.java:877)
        at 
org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:851)
        at 
org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:540)
        at 
org.apache.taglibs.standard.tag.common.sql.QueryTagSupport.getConnection
(QueryTagSupport.java:274)
        at 
org.apache.taglibs.standard.tag.common.sql.QueryTagSupport.doStartTag(QueryTagSupport.java:159)
        at org.apache.jsp.index_jsp._jspx_meth_sql_query_0(index_jsp.java:100)
        at org.apache.jsp.index_jsp._jspService
(index_jsp.java:58)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.apache.jasper.servlet.JspServletWrapper.service(
JspServletWrapper.java:334)
        at 
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
        at javax.servlet.http.HttpServlet.service
(HttpServlet.java:802)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at 
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
        at java.security.AccessController.doPrivileged
(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
        at 
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege
(SecurityUtil.java:161)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)
        at 
org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:177)

        at 
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter
(ApplicationFilterChain.java:152)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:107)
        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
        at 
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection
(Http11BaseProtocol.java:664)
        at 
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
        at 
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)

        at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
        at java.lang.Thread.run(Thread.java:595)


** END NESTED EXCEPTION **



Last packet sent to the server was 6 ms ago.)"

        
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)
        
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
        org.apache.jasper.servlet.JspServlet.serviceJspFile
(JspServlet.java:314)
        org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        java.lang.reflect.Method.invoke(Method.java:585)

        org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
        java.security.AccessController.doPrivileged(Native Method)
        javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
        org.apache.catalina.security.SecurityUtil.execute
(SecurityUtil.java:275)
        
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)

I can connect to the database in command line, MySQL admin and query browser
with the same user and pass that i am using for the webapp. I gave this user
full permissions from any host. I have read about the security manager
possible stopping it from working even though i'm working with localhost.
The webapp itself has the resource in its /META-INF/context.xml (see below)
as i want to stay away from tomcats server.xml. I have a resource reference
in the webapps /WEB-INF/web.xml (See below). I have a copy of
mysql-connector-java-5.0.4.jar in the /common/lib/ directory as suggested.
There is no mysql jar in the webapps /WEB-INF/lib dir. I created the webapp
in netbeans5.5 on a windows platform, built it and deployed the
webapp.jarusing tomcat manager.

---- Context.xml ----
<Context path="/DBTest" docBase="DBTest">
<Resource name="jdbc/time_management" auth="Container" type="
javax.sql.DataSource" maxActive="100" maxIdle="30" maxWait="10000"
username="timemanaccess" password="timeman101" driverClassName="
com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost:3306/time_management_db"/>
</Context>
-----------------

---- Web.xml ----
<resource-ref>
<res-ref-name>jdbc/time_management</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Application</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
-----------------

I have been editing the 50user.policy to try and give permissions to
localhost. See below.

grant codeBase "file:${catalina.home}/webapps/DBTest/-" {
     //permission java.net.SocketPermission "localhost", "resolve";
     //permission java.net.SocketPermission "localhost:3306",
"connect,resolve";
   permission java.security.AllPermission;
};

grant codeBase "file:/usr/share/tomcat5.5/common/lib/mysql-
connector-java-5.0.4.jar" {
   //permission java.net.SocketPermission "localhost", "resolve";
     //permission java.net.SocketPermission "localhost:3306",
"connect,resolve";
   permission java.security.AllPermission ;
};

I have tried a number of variations of the permissions below. None worked.

Can somebody please help? I can provide more information if needed.

Thanks in advance,
Stephen


 




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to