On Nov 20, 2008, at 5:16 , André Warnier wrote:
So, you see, in the end it was a TCP/IP connection issue.
But it was not at the level of your MySQL server, but at the
source : your JVM would not let your webapp do a "connect" to that
port.
Now here comes a complication : finding where in the configuration
you need to change this thing.
That depends a bit on where you got your Tomcat from.
In the end, you should find a file named like "(tomcat_dir)/conf/
catalina.policy", which contains the permissions given to different
webapps.
You should find enough examples in there to guess what you need to
add to make it work. (*)
But, the file "catalina.policy" may be a file that is re-created
each time you start Tomcat, from bits and pieces located somewhere
else.
So check you Tomcat startup script carefully, and see whether it is
doing something like that. It may be that different bits related to
permissions are located in a series of files under /etc/tomcat/
policy.d for example. If so, then add a new file there, with the
required permissions, and it will be picked up and concatenated with
the others at the next startup, into a new catalina.policy file.
(And re-enable the security manager of course).
Maybe someone else will want to comment on the usefulness criteria
of the security manager. It does slow things down, so you may not
necessarily want to enable it.
(*) something like :
grant codeBase "file:/var/lib/tomcat/webapps/yourwebapp/WEB-INF/
classes/-" {
permission java.net.SocketPermission "localhost",
"connect,resolve";
permission java.net.SocketPermission "*:3636", "connect,resolve";
};
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
I have to say that I do not think Tomcat is doing the right thing in
this particular situation. There should be some sort of security
exception being thrown indicating that the socket connection was being
block by tomcat's security manager. I did play around a little bit
with the policy files in my /var/lib/tomcat6/conf/policy.d directory
and I believe I found where I need to do this because I found an
example policy very similar to what you suggested. I got it to work
without too much trouble but then I ran into other security problems
with my application reading and writing files within its WEB-INF
directory so I will have to spend some more time with the tomcat docs
and figure out what permissions my application requires. After days of
troubleshooting this I'm more than happy with turning off the security
manager and spending some time learning how to actually configure it
properly.
Thanks again!
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
