Hi Axis community!
I have a problem with a .jws class running on a Tomcat 4.1 with security
switched on (on Debian GNU/Linux with Blackdown Java 1.4). The JWS class
(which is not written by me) tries to connect to a MySQL server on the
same machine which is prevented by the security manager, although the
following grant is made in the policy file:
grant codeBase "file:${catalina.home}/webapps/anemos/-" {
permission java.security.AllPermission;
};
Another web service installed at the same webapp with WSDD can make DB
connections without problems.
If I add
grant {
permission java.security.AllPermission;
};
to the policy file, everything works fine. So the question is (I think):
What is the URL of the compiled JWS classes?
This is the output in catalina.out:
Connection Error: com.mysql.jdbc.CommunicationsException: Communications
link failure due to underlying exception:
** BEGIN NESTED EXCEPTION **
java.security.AccessControlException
MESSAGE: access denied (java.net.SocketPermission localhost resolve)
STACKTRACE:
java.security.AccessControlException: access denied
(java.net.SocketPermission localhost resolve)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at
java.security.AccessController.checkPermission(AccessController.java:401)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at
java.lang.SecurityManager.checkConnect(SecurityManager.java:1023)
at java.net.InetAddress.getAllByName0(InetAddress.java:1000)
at java.net.InetAddress.getAllByName0(InetAddress.java:981)
at java.net.InetAddress.getAllByName(InetAddress.java:975)
at
com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:137)
at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java:283)
at com.mysql.jdbc.Connection.createNewIO(Connection.java:2541)
at com.mysql.jdbc.Connection.<init>(Connection.java:1474)
at
com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:264)
at
com.mysql.jdbc.jdbc2.optional.MysqlDataSource.getConnection(MysqlDataSource.java:425)
at
com.mysql.jdbc.jdbc2.optional.MysqlDataSource.getConnection(MysqlDataSource.java:140)
at AnemosSDRRequestESB.AnemosConnect(AnemosSDRRequestESB.java:7484)
...
I have switched on the debug mode and it adds:
access: access allowed (java.io.FilePermission
/var/lib/tomcat4/webapps/anemos/WEB-INF/lib/mysql-connector-java-3.1.10-bin.jar
reaaccess: access denied (java.util.PropertyPermission
com.mysql.jdbc.logger read)
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1064)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:258)
at
java.security.AccessController.checkPermission(AccessController.java:401)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1276)
at java.lang.System.getProperty(System.java:573)
at
com.mysql.jdbc.ConnectionProperties.postInitialization(ConnectionProperties.java:2383)
at
com.mysql.jdbc.ConnectionProperties.initializeProperties(ConnectionProperties.java:2365)
at
com.mysql.jdbc.Connection.initializeDriverProperties(Connection.java:3617)
at com.mysql.jdbc.Connection.<init>(Connection.java:1471)
at
com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:264)
at
com.mysql.jdbc.jdbc2.optional.MysqlDataSource.getConnection(MysqlDataSource.java:425)
at
com.mysql.jdbc.jdbc2.optional.MysqlDataSource.getConnection(MysqlDataSource.java:140)
at AnemosSDRRequestESB.AnemosConnect(AnemosSDRRequestESB.java:7484)
[...]
access: access allowed (java.util.PropertyPermission java.security.debug
read)
access: domain that failed ProtectionDomain (null <no certificates>)
[EMAIL PROTECTED]
<no principals>
[EMAIL PROTECTED] (
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission java.home read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission javax.sql.* read)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.util.PropertyPermission java.specification.vendor read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission java.naming.* read)
(java.util.PropertyPermission jaxp.debug read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission line.separator read)
(java.lang.RuntimePermission
accessClassInPackage.org.apache.jasper.runtime)
(java.lang.RuntimePermission
accessClassInPackage.org.apache.catalina.util.*)
(java.lang.RuntimePermission accessClassInPackage.sun.beans)
(java.lang.RuntimePermission
accessClassInPackage.org.apache.catalina.util)
(java.lang.RuntimePermission accessClassInPackage.sun.beans.*)
(java.lang.RuntimePermission getAttribute)
(java.lang.RuntimePermission
accessClassInPackage.org.apache.jasper.runtime.*)
(java.lang.RuntimePermission
defineClassInPackage.org.apache.catalina.util.*)
(java.lang.RuntimePermission
defineClassInPackage.org.apache.catalina.util)
)
and a second similar one.
Please help me if you can as I have spent quite a while trying all kinds
of stuff!
Thanks and regards
Felix
