Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Database Connectivity >> Java Database Connectivity (JDBC)

Issues With com.mysql.jdbc.Driver & java.security.AccessControlException

Hello, I am having some issues with connecting to a MySQL database using a servlet. I developed a web app in NetBeans 5.5 to tinker with the MySQL functionality. When I develop it in NetBeans, I use the bundled Tomcat server to test it. The MySQL database is on the local server. It works no problem.

I get the errors when I move the web app from my pc to that server with the MySQL database to see it on the Internet. The Tomcat server does work on the problem computer. I have successfully ran a servlet w/o MySQL functionality. Below is the exception output when I try to connect to the DB:

Communications link failure due to underlying exception:

** BEGIN NESTED EXCEPTION **

java.net.SocketException

MESSAGE: java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.120:3306 connect,resolve)

STACKTRACE:

java.net.SocketException: java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.120:3306 connect,resolve)

at com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:156)

at com.mysql.jdbc.MysqlIO.(MysqlIO.java:276)

at com.mysql.jdbc.Connection.createNewIO(Connection.java:2666)

at com.mysql.jdbc.Connection.(Connection.java:1531)

at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:266)

at java.sql.DriverManager.getConnection(DriverManager.java:525)

at java.sql.DriverManager.getConnection(DriverManager.java:140)

at Query1.processRequest(Query1.java:66)

at Query1.doGet(Query1.java:208)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:585)

at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)

at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:272)

at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)

at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:50)

at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)

at java.security.AccessController.doPrivileged(Native Method)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)

at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)

at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300)

at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374)

at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743)

at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675)

at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866)

at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)

at java.lang.Thread.run(Thread.java:595)

** END NESTED EXCEPTION **

Last packet sent to the server was 3 ms ago.

The part I don't get is why would it work on my desktop, but not on the server?

A Google search shows me that this exception is common in Java Applets, but this is a servlet.

Here are some details on the two machines:

- Both systems (my desktop and server) use Ubuntu Linux (Desktop=6.10; Server=6.06).

- My desktop is using Tomcat as a standalone (bundled w/ NetBeans); the server uses Tomcat w/ Apache

Any help would be greatly appreciated. Thanks!

[5560 byte] By [pr0gr4mm3ra] at [2007-11-26 19:49:40]
«« DAS: JMX/AMX createJDBCResourceConfig() dosent work, creates only 2 mbeans
»» java
# 1

there must be a network blocking between the server hosting the webapp and the database server

you say the application server is on the internet? but the adress of the database server (192.168.x.x) is a LAN adress, so if the appserver is outside the lan, it won't connect.

You have to grant acces to the database server to your application server.

Can you provide a clear description of the network architecture of what you want to do?

alban.maillerea at 2007-7-9 22:38:24 > top of Java-index,Database Connectivity,Java Database Connectivity (JDBC)...
# 2
Yes, the server that is running the servlet is the same server that is running the MySQL database.It works when I run the app on my desktop computer which is on the LAN with the server. It has problems when I move the app to the same machine as the MySQL db.
pr0gr4mm3ra at 2007-7-9 22:38:25 > top of Java-index,Database Connectivity,Java Database Connectivity (JDBC)...
# 3
OK i think I got it... it's a matter of the mySQL user rights... you must grant connect (and select and so on) to your mysql user from localhost (it must be explicitly granted since for mysql , localhost doesnt belong to %)Hope it helps
alban.maillerea at 2007-7-9 22:38:25 > top of Java-index,Database Connectivity,Java Database Connectivity (JDBC)...
# 4

Thanks for the response. I don't think that's it because if I intentionally try to use the wrong password in the script, I get something like:

Access denied for user 'andrew'@'192.168.0.3' (using password: YES)

Is there something in the Tomcat configuration that allows or disallows access to MySQL?

pr0gr4mm3ra at 2007-7-9 22:38:25 > top of Java-index,Database Connectivity,Java Database Connectivity (JDBC)...
# 5

Hi,

Uncomment the following line and do the necessary changes (driver.jar location and database host) in catalina.policy file, which is under Tomcat/conf. Then restart the tomcat.

The permission granted to your JDBC driver

// grant codeBase "file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar" {

//permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";

// };

Regards,

Ram

JTecha at 2007-7-9 22:38:25 > top of Java-index,Database Connectivity,Java Database Connectivity (JDBC)...
# 6

According to the Tomcat catalina.policy file, it said to edit the files in /etc/tomcat5/policy.d, so that's what I did. I added the following code...

// The permission granted to your JDBC driver

grant codeBase "file:${catalina.home}/webapps/WebTest1/WEB-INF/lib/mysql-connector-java-5.0.4-bin.jar!/-" {

permission java.net.SocketPermission "192.168.0.120:3306", "connect";

};

...with no luck. I still get the same exceptions. Is there a way to disable these restrictions? I don't need to worry about malicious java code here. This is only a development server.

pr0gr4mm3ra at 2007-7-9 22:38:25 > top of Java-index,Database Connectivity,Java Database Connectivity (JDBC)...
# 7

Hi,

Have u restarted tomcat, after made change in policy file. If still u have this problem, try with action connect and resolve. And also give permission to your project folder.

grant codeBase "file:${catalina.home}/webapps/examples/-" {

permission java.net.SocketPermission "192.168.0.120:3306", "connect,resolve";

permission java.net.SocketPermission "192.168.0.120:80", "connect,resolve";

};

Regards,

Ram

JTecha at 2007-7-9 22:38:25 > top of Java-index,Database Connectivity,Java Database Connectivity (JDBC)...
# 8

It works!! This is the code that made it happen.

grant codeBase "file:${catalina.home}/webapps/WebTest1/-" {

permission java.net.SocketPermission "192.168.0.120:3306", "connect,resolve";

};

Thank you so much! This is the final end of over a week of frustration.

Can I ask a quick side-question? I noticed that when I rebuild a servlet and load it on the Tomcat server, it doesn't refresh it unless I restart the tomcat server. Is this something like a cache?

pr0gr4mm3ra at 2007-7-9 22:38:25 > top of Java-index,Database Connectivity,Java Database Connectivity (JDBC)...
Java Database Connectivity (JDBC)

Database Connectivity New Topic

Database Connectivity Hot Topic

Database Connectivity

All Classified