DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=35034>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=35034 Summary: jndi datasources & security manager Product: Tomcat 5 Version: 5.5.9 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] Running tomcat with security manager: To get a datasource (with jndi) and to use statements you have to grant several accessClassInPackage Permissions to tomcat internal packages to the webapp: permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.dbcp.collections"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.dbcp.pool.impl"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.dbcp.dbcp"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.dbcp.pool"; Additionally dbcp needs a permission java.lang.RuntimePermission "getClassLoader"; permission to load the jdbc driver. And in most cases you need some socket permissions. Datasources will be made available by the container (with JNDI). So the app doesn't matter where the database resides nor how the container makes the connection. The app is not interested in the details how the container will get the connection - it is only interested to have a connection. There is no need to give the whole app a permission to connect to some server only because the container wants to make some connection to this server. The permission if a app should be able to make a connection is given by a resource-link entry in context.xml. The permission to connect to the database server should be given at the container level and only there. Why should the whole app have permission to access tomcat internal packages (org.apache.tomcat.*)? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
