Ville, I am not a Security Manager expert. However, I have a few suggestions to try.
In the section of your policy where you grant permissions to web applications, do you have a grant for all webapps? If you do not, add the following. If you do, add the following permission so all host names are resolved using DNS: grant { // Let all host names be resolved using DNS permission java.net.SocketPermission "*", "resolve"; }; In the second grant that you provided, there are two dashes at the end of the codebase. I don't have any like that. In addition, most of my grants for jar files follow this format: grant codeBase "jar:file:${catalina.home}/webapps/test/WEB-INF/lib/dbtags.jar!/-" { permission java.net.SocketPermission "xx.xx.xx.xx:1521", "connect"; }; I hope this helps. Regards, Garrel Renick -----Original Message----- From: Ville Sulko [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 26, 2002 8:08 AM To: [EMAIL PROTECTED] Subject: DBtags with Oracle and Security Manager : SocketPermission Hi! I'm trying to get DBTags to work to an Oracle DB. The problem I'm having is that when Tomcat (4.0.2) is running with Security Manager enabled, I always get an exception when my JSP-page tries to connect to the DB. Here is the relevant code and config : /test/dbtest.jsp ---------------- <%@ taglib uri="http://jakarta.apache.org/taglibs/dbtags" prefix="sql" %> <sql:connection id="conn1"> <sql:url>jdbc:oracle:thin:@xx.xx.xx.xx:1521:TEST</sql:url> <sql:driver>oracle.jdbc.driver.OracleDriver</sql:driver> <sql:userId>user</sql:userId> <sql:password>passwd</sql:password> </sql:connection> ... <sql:closeConnection conn="conn1"/> catalina.policy --------------- grant codeBase "file:${catalina.home}/webapps/test/-" { permission java.net.SocketPermission "xx.xx.xx.xx:1521", "connect"; } grant codeBase "file:${catalina.home}/webapps/test/WEB-INF/lib/dbtags.jar!/--" { permission java.net.SocketPermission "xx.xx.xx.xx:1521", "connect"; } Tomcat is started with 'catalina.sh start -security'. Oracle thin-client jar is installed as $CATALINA_HOME/common/lib/classes12_01.jar. The exception I get when accessing the JSP is : java.security.AccessControlException: access denied (java.net.SocketPermission xx.xx.xx.xx resolve) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:272) at java.security.AccessController.checkPermission(AccessController.java:399) at java.lang.SecurityManager.checkPermission(SecurityManager.java:545) at java.lang.SecurityManager.checkConnect(SecurityManager.java:1042) at java.net.InetAddress.getAllByName0(InetAddress.java:559) at java.net.InetAddress.getAllByName0(InetAddress.java:540) at java.net.InetAddress.getByName(InetAddress.java:449) at java.net.Socket.<init>(Socket.java:100) at oracle.net.nt.TcpNTAdapter.connect(Unknown Source) at oracle.net.nt.ConnOption.connect(Unknown Source) at oracle.net.nt.ConnStrategy.execute(Unknown Source) at oracle.net.resolver.AddrResolution.resolveAndExecute(Unknown Source) at oracle.net.ns.NSProtocol.establishConnection(Unknown Source) at oracle.net.ns.NSProtocol.connect(Unknown Source) at oracle.jdbc.ttc7.TTC7Protocol.connect(TTC7Protocol.java:1120) at oracle.jdbc.ttc7.TTC7Protocol.logon(TTC7Protocol.java:195) at oracle.jdbc.driver.OracleConnection.<init>(OracleConnection.java:198) at oracle.jdbc.driver.OracleDriver.getConnectionInstance(OracleDriver.java:251) at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:224) at java.sql.DriverManager.getConnection(DriverManager.java:517) at java.sql.DriverManager.getConnection(DriverManager.java:177) at org.apache.taglibs.dbtags.connection.ConnectionTag.doEndTag(ConnectionTag.java:225) at org.apache.jsp.dbtest$jsp._jspService(dbtest$jsp.java:237) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) .... The JSP works just fine when run without the security manager. I have also tried to grant 'permission java.security.AllPermission;' for the two above grants in catalina.policy, but the result is exactly the same... Anyone, any ideas? Regards, Ville -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>