You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jack Park <ja...@thinkalong.com> on 2002/07/08 00:23:48 UTC
Mac OS X, Tomcat 4.0.4, MySql "configuration denies access"
I continue to get the sql exception using the above software and
mm.mysql 2.0.8 drivers.
MySql is 3.23.51 downloaded from entropy.ch
I have granted permission to the program for both localhost (a guess) and
localhost.localdomain (which I needed on wintel and linux).
While roaming with google, someone
(http://www.macosx.com/forums/showthread.php?s=&threadid=7737&highlight=mysq
l+java) solved (I think) the same problem by making a new root user with
host = % (I confess: I have no idea how to do that!). I tried making my
program (the name I use to open a connection to mysql) a Mac User. Nothing
changed.
I see several candidate avenues of inquiry:
tomcat 4.0.4 has problems with this configuration (I think very unlikely)
mm.mysql 2.0.8 is the wrong driver for 3.23.51
3.23.51 (being a very recent release) has some problem
my configuration of the database with permissions is not consistent with
OS X needs (works fine on wintel and linux, however).
Any thoughts would be greatly appreciated.
Cheers,
Jack
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Mac OS X, Tomcat 4.0.4, MySql "configuration denies access"
Posted by Jack Park <ja...@thinkalong.com>.
At 03:22 PM 7/9/2002 +0900, you wrote:
> > Thanks, Joel.
><snip>
>If it doesn't load the examples, I'd be surprised if it really wanted to
>load your servlet. (I have been surprised before.) Usually, if it
>doesn't run the examples, it isn't running, and what you're really doing
>is serving the Tomcat example pages from apache.
>
>Is apache running? That could be getting in your way. Check the web
>sharing (ohwhatisthatcalledinEnglishMacOSX?) control panel (???). It's
>there with file sharing. Interpret "web sharing" as meaning apache.
>
>Even if you had no problems getting apache and Tomcat running together
>on the Linux and Windows set-ups, you probably want to shut it down
>while setting Tomcat up on the Mac.
I confess, apache was running. I shut it down and restarted. No change in
behavior either for examples or my wiki program.
I went in to my .login and removed CLASSPATH and CATALINA_HOME.
JAVA_HOME is set to /System/Library/Frameworks/JavaVM.framework/Home
Looking at another post written by Martin Jacobson to a different user, I
changed JAVA_HOME to /usr
No change.
Changing debug to 99 as suggested by Martin Jacobson in a message to me
today shows that booting examples is failing with "Exception starting
filter Set Character Encoding" with a ClassNotFoundException at
WebappClassLoader.java line:1406
Loading the wiki program still fails precisely where I throw a
RuntimeException because the database returned the SQLException about
"Server configuration denies access..."
>If apache is not running, and your servlet seems to be trying to run,
>have you perhaps edited the examples context instead of copying it and
>making a new context for your servlet to run in?
>
> > The404 message says the requested resource is not available, but
> > the log says it's doing a class not found problem on a filter. I just
> > downloaded tomcat 4.0.1 (because that's what I'm running on linux) and
> it's
> > doing the same error on the mac. I found some stuff with google that
> > suggests I not put anything specific to tomcat (except, perhaps, the
> > specific servlet classes) in my CLASSPATH. There is, in fact only the path
> > to the servlet classes themselves as a hedge. Perhaps that should be
> > removed. Right now, I don't see the link.
>
>I'm thinking I didn't mess with the CLASSPATH for Tomcat 3.3, but my
>memory may be wrong. I'll check when I get home tonight. (I've got it
>set up on my own iBook.)
>
>What's your server.xml look like? Have you set that (and the stuff it
>refers to) up properly? Read the comments and the XML declarations in
>there and check them against the docs again.
I have the same simple <Context assignment that has run fine under wintel
and linux. It sits just above the examples <Context declaration and just
below the manager <Context declaration.
It looks like this:
<Context path="/wiki" docBase="wiki"
reloadable="true" debug="99" trusted="false >
</Context>
> > So back to owners.
> > I followed the instructions from an OnJava article on installing tomcat.
> > Tomcat is owned by Unix user 'jackpark', while mysql, also installed
> > according to an OnJava article, is owned by (originally) Unix user 'mysql'
> > and now Unix user 'wiki'. I'd like everything to be owned by 'wiki'
>
>I think there should be no problem with that, although it isn't really
>necessary. You can control who can run as whom with your sudoers file.
>
>Are you setting the users up from the users control panel (???) or from
>the network administration app? The latter is the one you want to be
>using for users that are there just to run apps under.
the user 'mysql' was created in the NetInfo Manager by cloning another user
per instructions in an OnJava article on setting up mysql securely. As
part of the debugging process, I created the new user 'wiki' in the
preferences User panel.
If there is one single uniform resource that explains all of this without
requirement of an enormous amount of a priori tacit knowledge, perhaps one
just for OS X, I'd buy it in a heartbeat.
>Remember to keep root login disabled as much as possible.
Will do!
> >(which
> > has a password) because that's the user that a webmaster will have access
> > to. chown -R is used on the mysql installation. the user 'jackpark' is
> > running both.
> >
> > I'm not sure what subdoers means,
>
>sudoers is the file in /etc somewhere (my memory is bad today) that
>tells sudo which users are allowed to pretend to be whom.
found it. It's in /etc just as you said. Is there any simple way to browse
these Unix directories from Aqua (like there is with linux?)
> >but I almost always have to use sudo to
> > do everything.
>
>I hope that doesn't mean that you're doing "sudo root" to run this all.
>If you are, get your sudoers file set up so you can get away from that.
>
>I think there's a man entry on sudoers, but if not, read the entries on
>sudo and su very thoroughly. It may take an hour to understand, but
>it's definitely worth the effort.
>
>BTW, the openBSD site (and they'll say mean things at me for increasing
>their traffic) has some excellent manual pages on line:
>
> http://www.openbsd.org/cgi-bin/man.cgi
>
>Plug "sudoers" into the search form. You'll need to remember that there
>will be some differences, since Darwin is derived from the freeBSD, but
>I find the discussions very helpful.
Ok. That's going to take a while.
> > Right now, mac autoboots to jackpark. I'll drop that when
> > it's ready to get plugged into the web.
>
>Whatever user(s) you run mysql, tomcat, and whatever else as, make sure
>they are users that can't log on.
>
> > Is there some hint that everything should be owned and run by one user?
>
>I don't think so. It may help you to keep track of things. It may not.
>I'm pretty sure I had a separate tomcat and mysql user in my set-up at
>home.
>
> > I'm beginning to suspect that there are problems with this 'picture.'
> > (mostly made by my ignorance), particularly since two different tomcat
> > builds refuse to run their examples.
> >
> > Perhaps you'll see what's wrong with this picture.
>
>At first, it seemed you had some confusion between the mysql permissions
>system and the UNIX permissions system. But it looks like that isn't the
>problem, after all.
>
>Let's see. You said you had the driver in place. You said you were able
>to log into mysql, so your sockets must be okay. I guess I'm out of
>ideas, unless your contexts have got something in them that doesn't work
>on Mac OS X. How's the case sensitivity? No, if it's working on
>MSWindows, then you shouldn't be getting bit by case conflicts.
Ok. It's going to take me a few hours to digest all this.
Many thanks again to all who have responded to my problem (ignorance?)
Cheers
Jack
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Mac OS X, Tomcat 4.0.4, MySql "configuration denies access"
Posted by Joel Rees <jo...@alpsgiken.gr.jp>.
> Thanks, Joel.
> You're wondering about things I started wondering about myself, today.
>
> I suppose it's worse than that, however. I just found out that, while
> tomcat does seem to want to load my servlet, it will not load any of the
> examples.
If it doesn't load the examples, I'd be surprised if it really wanted to
load your servlet. (I have been surprised before.) Usually, if it
doesn't run the examples, it isn't running, and what you're really doing
is serving the Tomcat example pages from apache.
Is apache running? That could be getting in your way. Check the web
sharing (ohwhatisthatcalledinEnglishMacOSX?) control panel (???). It's
there with file sharing. Interpret "web sharing" as meaning apache.
Even if you had no problems getting apache and Tomcat running together
on the Linux and Windows set-ups, you probably want to shut it down
while setting Tomcat up on the Mac.
If apache is not running, and your servlet seems to be trying to run,
have you perhaps edited the examples context instead of copying it and
making a new context for your servlet to run in?
> The404 message says the requested resource is not available, but
> the log says it's doing a class not found problem on a filter. I just
> downloaded tomcat 4.0.1 (because that's what I'm running on linux) and it's
> doing the same error on the mac. I found some stuff with google that
> suggests I not put anything specific to tomcat (except, perhaps, the
> specific servlet classes) in my CLASSPATH. There is, in fact only the path
> to the servlet classes themselves as a hedge. Perhaps that should be
> removed. Right now, I don't see the link.
I'm thinking I didn't mess with the CLASSPATH for Tomcat 3.3, but my
memory may be wrong. I'll check when I get home tonight. (I've got it
set up on my own iBook.)
What's your server.xml look like? Have you set that (and the stuff it
refers to) up properly? Read the comments and the XML declarations in
there and check them against the docs again.
> So back to owners.
> I followed the instructions from an OnJava article on installing tomcat.
> Tomcat is owned by Unix user 'jackpark', while mysql, also installed
> according to an OnJava article, is owned by (originally) Unix user 'mysql'
> and now Unix user 'wiki'. I'd like everything to be owned by 'wiki'
I think there should be no problem with that, although it isn't really
necessary. You can control who can run as whom with your sudoers file.
Are you setting the users up from the users control panel (???) or from
the network administration app? The latter is the one you want to be
using for users that are there just to run apps under.
Remember to keep root login disabled as much as possible.
>(which
> has a password) because that's the user that a webmaster will have access
> to. chown -R is used on the mysql installation. the user 'jackpark' is
> running both.
>
> I'm not sure what subdoers means,
sudoers is the file in /etc somewhere (my memory is bad today) that
tells sudo which users are allowed to pretend to be whom.
>but I almost always have to use sudo to
> do everything.
I hope that doesn't mean that you're doing "sudo root" to run this all.
If you are, get your sudoers file set up so you can get away from that.
I think there's a man entry on sudoers, but if not, read the entries on
sudo and su very thoroughly. It may take an hour to understand, but
it's definitely worth the effort.
BTW, the openBSD site (and they'll say mean things at me for increasing
their traffic) has some excellent manual pages on line:
http://www.openbsd.org/cgi-bin/man.cgi
Plug "sudoers" into the search form. You'll need to remember that there
will be some differences, since Darwin is derived from the freeBSD, but
I find the discussions very helpful.
> Right now, mac autoboots to jackpark. I'll drop that when
> it's ready to get plugged into the web.
Whatever user(s) you run mysql, tomcat, and whatever else as, make sure
they are users that can't log on.
> Is there some hint that everything should be owned and run by one user?
I don't think so. It may help you to keep track of things. It may not.
I'm pretty sure I had a separate tomcat and mysql user in my set-up at
home.
> I'm beginning to suspect that there are problems with this 'picture.'
> (mostly made by my ignorance), particularly since two different tomcat
> builds refuse to run their examples.
>
> Perhaps you'll see what's wrong with this picture.
At first, it seemed you had some confusion between the mysql permissions
system and the UNIX permissions system. But it looks like that isn't the
problem, after all.
Let's see. You said you had the driver in place. You said you were able
to log into mysql, so your sockets must be okay. I guess I'm out of
ideas, unless your contexts have got something in them that doesn't work
on Mac OS X. How's the case sensitivity? No, if it's working on
MSWindows, then you shouldn't be getting bit by case conflicts.
> Many thanks, again.
> Jack
>
> At 01:26 PM 7/9/2002 +0900, Joel Rees wrote:
> >Been wondering some things about this thread --
> >
> >Jack, what UNIX user owns MySQL? Likewise, Tomcat? And what UNIX user
> >are they each being run by?
> >
> > > I continue to get the sql exception using the above software and
> > > mm.mysql 2.0.8 drivers.
> > > MySql is 3.23.51 downloaded from entropy.ch
> > >
> > > I have granted permission to the program for both localhost (a guess) and
> > > localhost.localdomain (which I needed on wintel and linux).
> > >
> > > While roaming with google, someone
> > >
> > (http://www.macosx.com/forums/showthread.php?s=&threadid=7737&highlight=mysq
> > > l+java) solved (I think) the same problem by making a new root user with
> > > host = % (I confess: I have no idea how to do that!). I tried making my
> > > program (the name I use to open a connection to mysql) a Mac
> > User. Nothing
> > > changed.
> >
> >Do you mean to say that you tried adding a UNIX user called mysql? Did
> >use chown on the mysql distribution to change the user/group
> >appropriately? Did you set up your sudoers and use sudo to run mysql?
> >
> > > I see several candidate avenues of inquiry:
> > > tomcat 4.0.4 has problems with this configuration (I think very
> > unlikely)
> > > mm.mysql 2.0.8 is the wrong driver for 3.23.51
> > > 3.23.51 (being a very recent release) has some problem
> > > my configuration of the database with permissions is not
> > consistent with
> > > OS X needs (works fine on wintel and linux, however).
> > >
> > > Any thoughts would be greatly appreciated.
> > > Cheers,
> > > Jack
> >
> >--
> >Joel Rees <jo...@alpsgiken.gr.jp>
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
--
Joel Rees <jo...@alpsgiken.gr.jp>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Mac OS X, Tomcat 4.0.4, MySql "configuration denies access"
Posted by Jack Park <ja...@thinkalong.com>.
Thanks, Joel.
You're wondering about things I started wondering about myself, today.
I suppose it's worse than that, however. I just found out that, while
tomcat does seem to want to load my servlet, it will not load any of the
examples. The404 message says the requested resource is not available, but
the log says it's doing a class not found problem on a filter. I just
downloaded tomcat 4.0.1 (because that's what I'm running on linux) and it's
doing the same error on the mac. I found some stuff with google that
suggests I not put anything specific to tomcat (except, perhaps, the
specific servlet classes) in my CLASSPATH. There is, in fact only the path
to the servlet classes themselves as a hedge. Perhaps that should be
removed. Right now, I don't see the link.
So back to owners.
I followed the instructions from an OnJava article on installing tomcat.
Tomcat is owned by Unix user 'jackpark', while mysql, also installed
according to an OnJava article, is owned by (originally) Unix user 'mysql'
and now Unix user 'wiki'. I'd like everything to be owned by 'wiki' (which
has a password) because that's the user that a webmaster will have access
to. chown -R is used on the mysql installation. the user 'jackpark' is
running both.
I'm not sure what subdoers means, but I almost always have to use sudo to
do everything. Right now, mac autoboots to jackpark. I'll drop that when
it's ready to get plugged into the web.
Is there some hint that everything should be owned and run by one user?
I'm beginning to suspect that there are problems with this 'picture.'
(mostly made by my ignorance), particularly since two different tomcat
builds refuse to run their examples.
Perhaps you'll see what's wrong with this picture.
Many thanks, again.
Jack
At 01:26 PM 7/9/2002 +0900, Joel Rees wrote:
>Been wondering some things about this thread --
>
>Jack, what UNIX user owns MySQL? Likewise, Tomcat? And what UNIX user
>are they each being run by?
>
> > I continue to get the sql exception using the above software and
> > mm.mysql 2.0.8 drivers.
> > MySql is 3.23.51 downloaded from entropy.ch
> >
> > I have granted permission to the program for both localhost (a guess) and
> > localhost.localdomain (which I needed on wintel and linux).
> >
> > While roaming with google, someone
> >
> (http://www.macosx.com/forums/showthread.php?s=&threadid=7737&highlight=mysq
> > l+java) solved (I think) the same problem by making a new root user with
> > host = % (I confess: I have no idea how to do that!). I tried making my
> > program (the name I use to open a connection to mysql) a Mac
> User. Nothing
> > changed.
>
>Do you mean to say that you tried adding a UNIX user called mysql? Did
>use chown on the mysql distribution to change the user/group
>appropriately? Did you set up your sudoers and use sudo to run mysql?
>
> > I see several candidate avenues of inquiry:
> > tomcat 4.0.4 has problems with this configuration (I think very
> unlikely)
> > mm.mysql 2.0.8 is the wrong driver for 3.23.51
> > 3.23.51 (being a very recent release) has some problem
> > my configuration of the database with permissions is not
> consistent with
> > OS X needs (works fine on wintel and linux, however).
> >
> > Any thoughts would be greatly appreciated.
> > Cheers,
> > Jack
>
>--
>Joel Rees <jo...@alpsgiken.gr.jp>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Mac OS X, Tomcat 4.0.4, MySql "configuration denies access"
Posted by Joel Rees <jo...@alpsgiken.gr.jp>.
Been wondering some things about this thread --
Jack, what UNIX user owns MySQL? Likewise, Tomcat? And what UNIX user
are they each being run by?
> I continue to get the sql exception using the above software and
> mm.mysql 2.0.8 drivers.
> MySql is 3.23.51 downloaded from entropy.ch
>
> I have granted permission to the program for both localhost (a guess) and
> localhost.localdomain (which I needed on wintel and linux).
>
> While roaming with google, someone
> (http://www.macosx.com/forums/showthread.php?s=&threadid=7737&highlight=mysq
> l+java) solved (I think) the same problem by making a new root user with
> host = % (I confess: I have no idea how to do that!). I tried making my
> program (the name I use to open a connection to mysql) a Mac User. Nothing
> changed.
Do you mean to say that you tried adding a UNIX user called mysql? Did
use chown on the mysql distribution to change the user/group
appropriately? Did you set up your sudoers and use sudo to run mysql?
> I see several candidate avenues of inquiry:
> tomcat 4.0.4 has problems with this configuration (I think very unlikely)
> mm.mysql 2.0.8 is the wrong driver for 3.23.51
> 3.23.51 (being a very recent release) has some problem
> my configuration of the database with permissions is not consistent with
> OS X needs (works fine on wintel and linux, however).
>
> Any thoughts would be greatly appreciated.
> Cheers,
> Jack
--
Joel Rees <jo...@alpsgiken.gr.jp>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Mac OS X, Tomcat 4.0.4, MySql "configuration denies access"
Posted by Steve Ahlstrom <sa...@americanisp.net>.
I'm using Linux, not OSX, so there will likely be differences, but shouldn't
be too much as OSX is Mach/BSD based.
I'm using connection pooling, so I've got commons-collections.jar,
commons-dbcp.jar, commons-pool.jar as well as mm.mysql-2.0.14-bin.jar
in $CATALINA_HOME/common/lib.
I connect to a datasource with the following code ...
public Connection getConn (String appl)
throws SQLException {
DataSource datasource = null;
try {
Context initialcontext = new InitialContext();
datasource =
(DataSource)initialcontext.lookup("java:comp/env/jdbc/" + appl);
}
catch (NamingException e) {
throw new SQLException(e.getMessage());
}
try {
conn = datasource.getConnection();
}
catch (SQLException e) {
throw new SQLException(newMsg, e.getSQLState(), e.getErrorCode());
}
return (conn);
}
My context for my app is ...
<Context path="/site" docBase="site" debug="0" reloadable="true">
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="site." suffix=".log"
timestamp="true"/>
<Resource name="jdbc/thought" auth="Container"
type="javax.sql.DataSource"/>
<ResourceParams name="jdbc/thought">
<parameter>
<name>factory</name>
<value>org.apache.commons.dbcp.BasicDataSourceFactory</value>
</parameter>
<parameter>
<name>username</name>
<value>root</value>
</parameter>
<parameter>
<name>password</name>
<value>admin</value>
</parameter>
<parameter>
<name>driverClassName</name><value>org.gjt.mm.mysql.Driver</value>
</parameter>
<parameter>
<name>url</name><value>jdbc:mysql://10.0.0.4:3306/thought</value>
</parameter>
</ResourceParams>
</Context>
My database name is "thought", my username is "root" and my password is
"admin".
Substitute your own as required.
The appropriate section of my web.xml file is ...
<resource-ref>
<res-ref-name>jdbc/thought</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
I'm not a MySQL expert. Your grant statement looks funny to me because
I'm not used to seeing the /* syntax. Not saying it's wrong. For all
of my MySQL questions I go to the New Riders book, MySQL, by Paul Dubois.
That's about all I can tell you other than my app's been running under
both Weblogic and HPAS for the last 9 months. I finally got it going
under Tomcat this weekend using the info above. Now if I can just figure
out how to front end Tomcat with Apache I'll be done with it.
Good luck
Steve
-----Original Message-----
From: Jack Park [mailto:jackpark@thinkalong.com]
Sent: Sunday, July 07, 2002 8:09 PM
To: Tomcat Users List
Subject: RE: Mac OS X, Tomcat 4.0.4, MySql "configuration denies access"
Thank you!
I just upgraded to 2.0.14 with no change in behavior.
I suppose I am a bit confused, and perhaps a bit of detail on what I have
done might help.
I open mysql with
DriverManager.getConnection("jdbc:mysql:///mydatabase","nexw","")
where nexw is the username and there is no password.
I have already used two different grants:
grant all privileges on mydatabase/* to nexw@localhost; <a
guess because the next try didn't work
grant all privileges on mydatabase/* to
nexw@localhost.localdomain <which works on wintel and linux
server.xml has this context for the program:
<Context
path="/wiki"
docBase="wiki"
reloadable="true"
debug="0"
trusted="false" >
</Context>
I am not aware of anything else I need to tell tomcat, particularly since
that context statement works on both WinME and Linux, and this is OS X.
Among the things I have tried is to create a Mac User called "nexw", with
no password and no root privileges. Perhaps OS X requires that, which
means this my problem is less a tomcat problem and more a Darwin-user
(ignorance) problem.
Looking at mysql:user and mysql:db, nexw is clearly a registered (with
mysql) user with granted privileges, for both localhost and for
localhost.localdomain.
That summarizes the problem, thus far. Maybe that will animate more ideas.
Thanks again.
Jack
At 05:46 PM 7/7/2002 -0600, you wrote:
>2.0.8 is a very old driver. The current version is 2.0.14
>
>I don't know how you granted permissions, but do something like ...
>
>(assuming root for username and admin for password) ...
>
>start mysql, then
>grant all on *.* to root@localhost.localdomain identified by "admin";
>
>Then "use mysql" and select * on user, make sure your grant took
>effect.
>
>If everything looks cool and it still doesn't work, check that your
>server.xml is configured correctly for your context and datasource.
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Mac OS X, Tomcat 4.0.4, MySql "configuration denies access"
Posted by Jack Park <ja...@thinkalong.com>.
Thank you!
I just upgraded to 2.0.14 with no change in behavior.
I suppose I am a bit confused, and perhaps a bit of detail on what I have
done might help.
I open mysql with
DriverManager.getConnection("jdbc:mysql:///mydatabase","nexw","")
where nexw is the username and there is no password.
I have already used two different grants:
grant all privileges on mydatabase/* to nexw@localhost; <a
guess because the next try didn't work
grant all privileges on mydatabase/* to
nexw@localhost.localdomain <which works on wintel and linux
server.xml has this context for the program:
<Context
path="/wiki"
docBase="wiki"
reloadable="true"
debug="0"
trusted="false" >
</Context>
I am not aware of anything else I need to tell tomcat, particularly since
that context statement works on both WinME and Linux, and this is OS X.
Among the things I have tried is to create a Mac User called "nexw", with
no password and no root privileges. Perhaps OS X requires that, which
means this my problem is less a tomcat problem and more a Darwin-user
(ignorance) problem.
Looking at mysql:user and mysql:db, nexw is clearly a registered (with
mysql) user with granted privileges, for both localhost and for
localhost.localdomain.
That summarizes the problem, thus far. Maybe that will animate more ideas.
Thanks again.
Jack
At 05:46 PM 7/7/2002 -0600, you wrote:
>2.0.8 is a very old driver. The current version is 2.0.14
>
>I don't know how you granted permissions, but do something like ...
>
>(assuming root for username and admin for password) ...
>
>start mysql, then
>grant all on *.* to root@localhost.localdomain identified by "admin";
>
>Then "use mysql" and select * on user, make sure your grant took
>effect.
>
>If everything looks cool and it still doesn't work, check that your
>server.xml is configured correctly for your context and datasource.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Mac OS X, Tomcat 4.0.4, MySql "configuration denies access"
Posted by Martin Jacobson <ma...@libero.it>.
Jack Park wrote:
> Thank you!
> I've now got even more food for thought. You used JDBCRealm. Here is
> what the Tomcat how-to on that says:
>
> "This document describes how to configure Tomcat to support container
> managed security, by connecting to an existing "database" of usernames,
> passwords, and user roles. You only need to care about this if you are
> using a web application that includes one or more <security-constraint>
> elements, and a <login-config> element defining how users are required
> to authenticate themselves. If you are not utilizing these features, you
> can safely skip this document."
>
> I should say that I am doing this in a verbose fashion in the hopes that
> other OS X users will be able to find it with google when/if they need
> it. My similar query at http://forums.osxfaq.com/viewforum.php?forum=15
> has had 3 hits (one of which is mine) in the same time span as this post
> here; here there have been responses of great value to this inquiry,
> there have been none elsewhere.
>
> Now, do I need container managed security? Did you? Or was that an
> approach that happened to get your installation working in absence of
> other considerations? In a reply here by Steve Ahlstrom, he does not
> appear to use JDBCRealm, but does use a greatly expanded <Context...>
> entry in server.xml, and additional information (compared to what I use)
> in his application's web.xml. Security in my program has, all along,
> been handled by authentication routines built into my code (though I can
> imagine handing that work over to something else in the future).
>
I configured container managed security simply because the application
requires it. I used it as an example because my application code
accesses the database via a connection pool and JNDI, so it's more
complicated to explain.
In another (later) post, you describe your Unix accounts; mine are
somewhat different. In case it helps, I'll describe them...
First, I'm an old-time Unix guy (SVR4, Solaris, Linux), but I don't know
the ins-and-outs of BSD, nor NextStep, so I didn't know about sudo when
I started hacking about.
I enabled root in NetInfo, and made sure that my user (martin) was a
member of a group that root was also in. Hence, I was able to su root.
I created a login account for mysql, and installed mysql as per
instructions.
I created a mysql user 'tomcat' which can only perform selects on one
database. Also, tomcat can only connect from 'localhost' or 'macx'.
I created another account which can do anything on the same single
database when connecting from 'localhost', and this is the account that
the application code uses.
To run tomcat, I cd to the base directory, su root, and type
bin/startup.sh - this is because I use tomcat in standalone mode, and
use ports 80/443.
I suggest (if you haven't already done so) setting debug=9
everywhere(!), and then post the logs, with any relevant <server.xml>,
<web.xml> and code snippets.
Martin
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Mac OS X, Tomcat 4.0.4, MySql "configuration denies access"
Posted by Jack Park <ja...@thinkalong.com>.
Thank you!
I've now got even more food for thought. You used JDBCRealm. Here is what
the Tomcat how-to on that says:
"This document describes how to configure Tomcat to support container
managed security, by connecting to an existing "database" of usernames,
passwords, and user roles. You only need to care about this if you are
using a web application that includes one or more <security-constraint>
elements, and a <login-config> element defining how users are required to
authenticate themselves. If you are not utilizing these features, you can
safely skip this document."
I should say that I am doing this in a verbose fashion in the hopes that
other OS X users will be able to find it with google when/if they need it.
My similar query at http://forums.osxfaq.com/viewforum.php?forum=15 has had
3 hits (one of which is mine) in the same time span as this post here; here
there have been responses of great value to this inquiry, there have been
none elsewhere.
Now, do I need container managed security? Did you? Or was that an
approach that happened to get your installation working in absence of other
considerations? In a reply here by Steve Ahlstrom, he does not appear to
use JDBCRealm, but does use a greatly expanded <Context...> entry in
server.xml, and additional information (compared to what I use) in his
application's web.xml. Security in my program has, all along, been handled
by authentication routines built into my code (though I can imagine handing
that work over to something else in the future).
I do absolutely none of these things in my WinME and Linux (RH 7.2)
installations of essentially the same software. On ME, I have the same
program running on tomcat 4.01 alone and on tomcat 3.23 running inside JBoss.
As far as I can determine, the OS X security thing, whatever that means, is
vastly more involved in whatever happens between my program and MySQL than
was either Linux or Windows. If that is so, then I would think that is a
"good thing." Right now, though, it's keeping me from turning on my web site.
WRT database permissions, I have learned that there are two tables in the
MySQL:mysql database, user and db. In user, you don't really want to give
any particular user global permissions; instead, you are encouraged
(according, if I recall rightly, to an OnJava article on databases for the
Mac) to grant specific permissions (ALL, in my case) to specific users for
specific databases using inserts in the "db" table. It appears that the
GRANT statement handles it that way for you.
The question I am trying to find an answer for right now deals with the
notion of "connect" coming to MySql by way of mm.mysql from a program that
happens to be running under Tomcat. In both my wintel and linux boxes, I
learned that if I used GRANT with the TO statement using some
<name>@localhost.localdomain (which I found out because the error trace
made it clear that the database was not happy receiving something from
<name>@localhost.localdomain (my original grant just used
<name>@localhost), but I'm not seeing any kind of error message to that
effect now, suggesting that the system is happy with
<name>@localhost.localdomain. The question really is this: "what does
MySql on OS X really want to see?", and that's because the "user" and "db"
tables of MySql:mysql reflect precisely what they are (I think) supposed to
reflect.
I wonder if there is some gap (in the trace) of behavior. My error message
is generated by a try-catch when I do the connect: the message itself is
just that of the SQLException that got thrown. It seems that I might have
to go back and do a complete rebuild of mm.mysql in order to catch the
error earlier.
What's particularly interesting is that the several papers at OnJava that
show how to use Tomcat with servlets and MySql have boilerplate examples
that I think I am mirroring, but mine doesn't work. There must be
something deeper in the Mac OS X security architecture that's either not
well documented, or that I have just missed.
Still hoping to provoke more ideas.
Many thanks.
Jack
At 11:39 AM 7/8/2002 +0200, Martin Jacobson wrote:
>Jack Park wrote:
>
>>I continue to get the sql exception using the above software and
>>mm.mysql 2.0.8 drivers.
>>MySql is 3.23.51 downloaded from entropy.ch
>>I have granted permission to the program for both localhost (a guess) and
>>localhost.localdomain (which I needed on wintel and linux).
>>While roaming with google, someone
>>(http://www.macosx.com/forums/showthread.php?s=&threadid=7737&highlight=my
>>sq l+java) solved (I think) the same problem by making a new root user
>>with host = % (I confess: I have no idea how to do that!). I tried
>>making my program (the name I use to open a connection to mysql) a Mac User.
>>Nothing changed.
>>I see several candidate avenues of inquiry:
>> tomcat 4.0.4 has problems with this configuration (I think very
>> unlikely)
>> mm.mysql 2.0.8 is the wrong driver for 3.23.51
>> 3.23.51 (being a very recent release) has some problem
>> my configuration of the database with permissions is not consistent
>> with OS X needs (works fine on wintel and linux, however).
>
>
>Hi,
>
>I am successfully using mysql (3.23.46) & Tomcat (4.1.4) with mm.mysql
>driver (2.0.14) on Mac OS X (10.1.5).
>
>My normal db connection is via JNDI/Datasource, but I also use JDBCRealm
>user authentication, which is a simpler configuration to show :-)
>
>I created a mysql user called 'tomcat' (no need to create a Unix account),
>with no password...
>
>
>mysql> select * from user where user like 'tomcat';
>+----------------+--------+----------+-------------+-------------+---------
>----+-------------+-------------+-----------+-------------+---------------+
>--------------+-----------+------------+-----------------+------------+----
>--------+
>| Host | User | Password | Select_priv | Insert_priv |
>Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv |
>Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv |
>Index_priv | Alter_priv |
>+----------------+--------+----------+-------------+-------------+---------
>----+-------------+-------------+-----------+-------------+---------------+
>--------------+-----------+------------+-----------------+------------+----
>--------+
>| localhost | tomcat | | Y | N |
>N | N | N | N | N | N |
>N | N | N | N | N |
>N |
>+----------------+--------+----------+-------------+-------------+---------
>----+-------------+-------------+-----------+-------------+---------------+
>--------------+-----------+------------+-----------------+------------+----
>--------+
>
>and then configured <server.xml> ...
>
><Realm
> className="org.apache.catalina.realm.JDBCRealm"
> debug="0"
> driverName="org.gjt.mm.mysql.Driver"
> connectionURL="jdbc:mysql://localhost/radiation?user=tomcat"
> userTable="user"
> userNameCol="user_id"
> userCredCol="password"
> userRoleTable="user_role"
> roleNameCol="role_id"
>/>
>
>In fact, I'm lying :-)
>I (occasionally) had problems because mysql would refuse the connection
>with a message like "user tomcat@macx has insufficient privileges" (or
>something in that vein). To solve that, I simply added another line to the
>"user" table for tomcat, with "macx" as the hostname. I don't know why
>this happens - however, I use a Powerbook, both at home and at work, so
>I'm constantly changing my Location setting, with consequent change in IP
>address, and mysql may be getting confused.
>
>Although I'm using 4.1.4, this also worked on 4.0.4b3, so your Tomcat
>version is not an issue. I suspect that the problem can be solved by
>fiddling with mysql's privileges, which are (IMHO) somewhat arcane!
>
>Hope this helps,
>Martin.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Mac OS X, Tomcat 4.0.4, MySql "configuration denies access"
Posted by Martin Jacobson <ma...@libero.it>.
Jack Park wrote:
> I continue to get the sql exception using the above software and
> mm.mysql 2.0.8 drivers.
> MySql is 3.23.51 downloaded from entropy.ch
>
> I have granted permission to the program for both localhost (a guess)
> and localhost.localdomain (which I needed on wintel and linux).
>
> While roaming with google, someone
> (http://www.macosx.com/forums/showthread.php?s=&threadid=7737&highlight=mysq
> l+java) solved (I think) the same problem by making a new root user with
> host = % (I confess: I have no idea how to do that!). I tried making my
> program (the name I use to open a connection to mysql) a Mac User.
> Nothing changed.
>
> I see several candidate avenues of inquiry:
> tomcat 4.0.4 has problems with this configuration (I think very
> unlikely)
> mm.mysql 2.0.8 is the wrong driver for 3.23.51
> 3.23.51 (being a very recent release) has some problem
> my configuration of the database with permissions is not consistent
> with OS X needs (works fine on wintel and linux, however).
>
Hi,
I am successfully using mysql (3.23.46) & Tomcat (4.1.4) with mm.mysql
driver (2.0.14) on Mac OS X (10.1.5).
My normal db connection is via JNDI/Datasource, but I also use JDBCRealm
user authentication, which is a simpler configuration to show :-)
I created a mysql user called 'tomcat' (no need to create a Unix
account), with no password...
mysql> select * from user where user like 'tomcat';
+----------------+--------+----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+
| Host | User | Password | Select_priv | Insert_priv |
Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv |
Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv
| Index_priv | Alter_priv |
+----------------+--------+----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+
| localhost | tomcat | | Y | N | N
| N | N | N | N | N
| N | N | N | N | N
| N |
+----------------+--------+----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+
and then configured <server.xml> ...
<Realm
className="org.apache.catalina.realm.JDBCRealm"
debug="0"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/radiation?user=tomcat"
userTable="user"
userNameCol="user_id"
userCredCol="password"
userRoleTable="user_role"
roleNameCol="role_id"
/>
In fact, I'm lying :-)
I (occasionally) had problems because mysql would refuse the connection
with a message like "user tomcat@macx has insufficient privileges" (or
something in that vein). To solve that, I simply added another line to
the "user" table for tomcat, with "macx" as the hostname. I don't know
why this happens - however, I use a Powerbook, both at home and at work,
so I'm constantly changing my Location setting, with consequent change
in IP address, and mysql may be getting confused.
Although I'm using 4.1.4, this also worked on 4.0.4b3, so your Tomcat
version is not an issue. I suspect that the problem can be solved by
fiddling with mysql's privileges, which are (IMHO) somewhat arcane!
Hope this helps,
Martin.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: documentation on mod_jk
Posted by "Nikolas A. Rathert" <ni...@igd.fhg.de>.
Ukiah,
there are several places where you could find information. The most
detailed one could be found here:
http://atlassw1.phy.bnl.gov/jakarta-tomcat/mod_jk-howto.html
If there still are questions go to
http://www.galatea.com/flashguides/index
Cheers and good luck,
Nick
Ukiah Smith wrote:
> I am looking for a how-to or other documentation on configuring
> mod_jk. I have installed it, and it serves the basic dynamic pages
> from tomcat. I want information that explains how to configure so that
> I can create my own custom configs instead of copying the examples
> without really understanding them.
>
> thanks //Ukiah Smith
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
--
Nikolas A. Rathert
Fraunhofer Institute for Computer Graphics
e-Learning & Knowledge Management
Fraunhoferstrasse 5
D-64283 Darmstadt
Germany
Fon +49 6151 155 552
Fax +49 6151 155 569
email: nikolas.rathert@igd.fhg.de
www: http://www.igd.fhg.de
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
documentation on mod_jk
Posted by Ukiah Smith <so...@mac.com>.
I am looking for a how-to or other documentation on configuring
mod_jk. I have installed it, and it serves the basic dynamic pages
from tomcat. I want information that explains how to configure so that
I can create my own custom configs instead of copying the examples
without really understanding them.
thanks //Ukiah Smith
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Mac OS X, Tomcat 4.0.4, MySql "configuration denies access"
Posted by Steve Ahlstrom <sa...@americanisp.net>.
2.0.8 is a very old driver. The current version is 2.0.14
I don't know how you granted permissions, but do something like ...
(assuming root for username and admin for password) ...
start mysql, then
grant all on *.* to root@localhost.localdomain identified by "admin";
Then "use mysql" and select * on user, make sure your grant took
effect.
If everything looks cool and it still doesn't work, check that your
server.xml is configured correctly for your context and datasource.
-----Original Message-----
From: Jack Park [mailto:jackpark@thinkalong.com]
Sent: Sunday, July 07, 2002 4:24 PM
To: tomcat-user@jakarta.apache.org
Subject: Mac OS X, Tomcat 4.0.4, MySql "configuration denies access"
I continue to get the sql exception using the above software and
mm.mysql 2.0.8 drivers.
MySql is 3.23.51 downloaded from entropy.ch
I have granted permission to the program for both localhost (a guess) and
localhost.localdomain (which I needed on wintel and linux).
While roaming with google, someone
(http://www.macosx.com/forums/showthread.php?s=&threadid=7737&highlight=mysq
l+java) solved (I think) the same problem by making a new root user with
host = % (I confess: I have no idea how to do that!). I tried making my
program (the name I use to open a connection to mysql) a Mac User. Nothing
changed.
I see several candidate avenues of inquiry:
tomcat 4.0.4 has problems with this configuration (I think very unlikely)
mm.mysql 2.0.8 is the wrong driver for 3.23.51
3.23.51 (being a very recent release) has some problem
my configuration of the database with permissions is not consistent with
OS X needs (works fine on wintel and linux, however).
Any thoughts would be greatly appreciated.
Cheers,
Jack
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>