You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by rb...@excite.com on 2003/06/24 23:56:40 UTC
Tomcat 4.1.24 Security
I am in the process of expanding a web site I am developing to attach to a "test" server. In the process of my expansion into further testing, I've altered my data base access to point to a different server than my Tomcat server.
Everything runs just fine until I attempt to access the "test" data base server. I get a security error message - as I expected. Looking thru all of the documentation I could find - I discovered that I needed to add a grant statement to the catalina.policy file pointing to the codeBase for my JDBC driver.
(as an aside, I am uncertain what I broke, but as soon as I get a security access violation on my external DataBase jar, tomcat server stops accepting commands on 127.0.0.1 to shutdown)
I opened catalina.policy and added my DataBase driver via this grant statement:
grant codeBase "file:${catalina.home}/common/lib/mysql-connector-java-3.0.8-stable-bin.jar" {
permission java.net.SocketPermission "127.0.0.1:3306", "accept, connect, listen, resolve";
};
I loaded Tomcat up with the -security command line option and reloaded my servlet. Problem is - now, instead of getting access to my data, I get a message in the Tomcat screen saying that the dbcp code had tried 3 times to load before it gave up. Making matters worse, with -security active, I can no longer access my data source on 127.0.0.1
Reading thru any message I could find on this subject, I noticed someone mentioned having your codeBase say "jar:file:". I also noticed someone mentioning putting "!/-" at the end of the codeBase string.
I've tried both of these and get the same error from the dbcp code whenever it tries to create a database connection. I noticed that I should turn debugging on with an option to CATALINA_OPTS - but the volume of output is so overwhelming that I can't see SecurityManager determine if my data base access is valid.
I gotta believe someone is using Tomcat 4.1.24 is a multi-tier environment. This tells me I'm missing something...
Bob Bateman
_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Tomcat 4.1.24 Security
Posted by Mike Curwen <gb...@gb-im.com>.
> -----Original Message-----
> From: rbatemanmi@excite.com [mailto:rbatemanmi@excite.com]
> Sent: Tuesday, June 24, 2003 4:57 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Tomcat 4.1.24 Security
>
> that the dbcp code had tried 3 times to load before it gave up.
This makes me think all is fine on the Tomcat end. If you've changed
from accessing your db from 'localhost' to 127.0.0.1, then you'll have
to make sure your mysql database accepts connections from 127.0.0.1 (I'm
fairly certain it treats them differently)
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org