Basically yes. I forget whether "connect" implies "resolve", but it is possible to use one permission regardless, i.e.
permission java.net.SocketPermission "<host>:<port>", "connect, resolve"; Just "connect" may be enough. Also, what you specify for the host name can vary depending on what is used by the code that tries to connect. Your error below suggests you will need "localhost" as the host name. It has been a while, so I don't recall whether the IP address would satisfy the permission check. A little trial-and-error should be able to determine what host name is needed. I believe you will need a permission for each different host name used, if code happens to be inconsistent. You can also restrict the permission to just that webapp by specifying the codeBase to be the full path to the base of your webapp, i.e. something like: codeBase "file:/var/lib/tomcat4/webapps/myapp/-" Larry > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Oege de Moor > Sent: Tuesday, January 18, 2005 12:24 PM > To: Tomcat Users List > Subject: RE: tomcat4 + postgresql jdbc > > > Do you mean I should add something like: > > grant codeBase "file:/var/lib/tomcat4/webapps/-" { > permission java.net.SocketPermission "127.0.0.1:5432", > "connect"; > permission java.net.SocketPermission "127.0.0.1:5432", > "resolve"; > }; > > Unfortunately that still doesn't work... > > On Tue, 18 Jan 2005, Larry Isaacs wrote: > > > If you are running Tomcat with a security manager, you will need > > to make sure the catalina.policy file includes permission for > > your webapp to connect to the server in question. The examples > > found in the comments at the end of the default catalina.policy > > file are examples of such a permission. > > > > Cheers, > > Larry > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Oege de Moor > > > Sent: Tuesday, January 18, 2005 11:54 AM > > > To: Tomcat Users List > > > Subject: RE: tomcat4 + postgresql jdbc > > > > > > > > > Thanks for the suggestion! > > > > > > I can successfully connect with a normal Java program. > > > In pg_hba.conf, I've got the line > > > > > > host all all 127.0.0.1 > > > 255.255.255.255 trust > > > host all all 192.168.53.2 > > > 255.255.255.0 trust > > > > > > so all IP connections from the local network > (192.168.53.xx) should > > > be accepted, even without a password... > > > > > > -Oege > > > > > > On Tue, 18 Jan 2005, Carlos Martins wrote: > > > > > > > Hi, > > > > > > > > Is it possible that the database connection credentials are > > > not right? Have you tried connecting to the database from the > > > standard client with the same username and password? > > > > > > > > Regards > > > > Carlos > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Oege de Moor > > > > Sent: terça-feira, 18 de Janeiro de 2005 16:27 > > > > To: [email protected] > > > > Subject: tomcat4 + postgresql jdbc > > > > > > > > I'm attempting to install tomcat4 + postgresql jdbc under > > > Debian linux. > > > > I've put the jdbc jar at > > > /usr/share/tomcat4/common/lib/pg74.215.jdbc3.jar > > > > > > > > When I attempt to connect to a database via jsp, I get > > > > java.security.AccessControlException: access denied > > > > (java.net.SocketPermission localhost resolve) > > > > > > > > I've put a file "test2.jsp" at /var/lib/tomcat4/webapps/ROOT, > > > > with the following contents: > > > > > > > > ------------------------- > > > > > > > > <[EMAIL PROTECTED] import="java.sql.*"%> > > > > <% > > > > // Define the connection > > > > Connection con = null; > > > > // Check that the DB2Driver class is available > > > > Class.forName("org.postgresql.Driver"); > > > > try { > > > > // Attempt to connect to the Database > > > > con = > > > > > DriverManager.getConnection("jdbc:postgresql:demodb","oege","xxx"); > > > > out.println("The test is complete, your Database has been > > > > contacted"); > > > > } > > > > // Make sure to catch any exceptions > > > > catch (SQLException e) { > > > > out.println(e.getMessage()); > > > > } > > > > %> > > > > --------------------------- > > > > > > > > When I point my web browser at http://localhost:8180/test2.jsp, > > > > the above exception occurs. The full stack trace is > appended below. > > > > > > > > I've attempted adding this line to the security policy file > > > > in /etc/tomcat4/policy.d/99examples.policy: > > > > > > > > grant codeBase > > > "file:/usr/share/tomcat4/common/lib/pg74.215.jdbc3.jar!/-" > > > > { > > > > permission java.security.AllPermission; > > > > }; > > > > > > > > > > > > Any help would be much appreciated! > > > > > > > > -Oege > > > > > > > > > > > > Something unusual has occured to cause the driver to fail. > > > Please report > > > > this exception: Exception: > > > java.security.AccessControlException: access > > > > denied (java.net.SocketPermission localhost resolve) > Stack Trace: > > > > java.security.AccessControlException: access denied > > > > (java.net.SocketPermission localhost resolve) at > > > > > > > java.security.AccessControlContext.checkPermission(AccessContr > > > olContext.java:269) > > > > at > > > > > > > java.security.AccessController.checkPermission(AccessControlle > > > r.java:401) > > > > at > > > > java.lang.SecurityManager.checkPermission(SecurityManager.java:524) at > > > > > java.lang.SecurityManager.checkConnect(SecurityManager.java:1023) at > > > > java.net.InetAddress.getAllByName0(InetAddress.java:1000) at > > > > java.net.InetAddress.getAllByName0(InetAddress.java:981) at > > > > java.net.InetAddress.getAllByName(InetAddress.java:975) at > > > > java.net.InetAddress.getByName(InetAddress.java:889) at > > > > java.net.InetSocketAddress.(InetSocketAddress.java:114) at > > > > java.net.Socket.(Socket.java:124) at > > > > org.postgresql.core.PGStream.(PGStream.java:47) at > > > > > > > org.postgresql.jdbc1.AbstractJdbc1Connection.openConnection(Ab > > > stractJdbc1Connection.java:197) > > > > at org.postgresql.Driver.connect(Driver.java:139) at > > > > java.sql.DriverManager.getConnection(DriverManager.java:512) at > > > > java.sql.DriverManager.getConnection(DriverManager.java:171) at > > > > org.apache.jsp.test2_jsp._jspService(test2_jsp.java:51) at > > > > > > > > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:92) at > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at > > > > > > > org.apache.jasper.servlet.JspServletWrapper.service(JspServlet > > > Wrapper.java:162) > > > > at > > > > > > > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet > > > .java:240) > > > > at > > > > org.apache.jasper.servlet.JspServlet.service(JspServlet.java:187) at > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at > > > > > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilt > > > er(ApplicationFilterChain.java:200) > > > > at > > > > > > > org.apache.catalina.core.ApplicationFilterChain.access$000(App > > > licationFilterChain.java:51) > > > > at > > > > > > > org.apache.catalina.core.ApplicationFilterChain$1.run(Applicat > > > ionFilterChain.java:129) > > > > at java.security.AccessController.doPrivileged(Native Method) at > > > > > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli > > > cationFilterChain.java:125) > > > > at > > > > > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardW > > > rapperValve.java:209) > > > > at > > > > > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv > > > eContext.invokeNext(StandardPipeline.java:596) > > > > at > > > > > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel > > > ine.java:433) > > > > at > > > > org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:948) > > > > at > > > > > > > org.apache.catalina.core.StandardContextValve.invoke(StandardC > > > ontextValve.java:144) > > > > at > > > > > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv > > > eContext.invokeNext(StandardPipeline.java:596) > > > > at > > > > > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel > > > ine.java:433) > > > > at > > > > org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:948) > > > > at > > > > > > > org.apache.catalina.core.StandardContext.invoke(StandardContex > > > t.java:2358) > > > > at > > > > > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHost > > > Valve.java:133) > > > > at > > > > > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv > > > eContext.invokeNext(StandardPipeline.java:596) > > > > at > > > > > > > org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDi > > > spatcherValve.java:118) > > > > at > > > > > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv > > > eContext.invokeNext(StandardPipeline.java:594) > > > > at > > > > > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReport > > > Valve.java:116) > > > > at > > > > > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv > > > eContext.invokeNext(StandardPipeline.java:594) > > > > at > > > > > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel > > > ine.java:433) > > > > at > > > > org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:948) > > > > at > > > > > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEn > > > gineValve.java:127) > > > > at > > > > > > > org.apache.catalina.core.StandardPipeline$StandardPipelineValv > > > eContext.invokeNext(StandardPipeline.java:596) > > > > at > > > > > > > org.apache.catalina.core.StandardPipeline.invoke(StandardPipel > > > ine.java:433) > > > > at > > > > org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:948) > > > > at > > > org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter. > > > java:152) > > > > at > > > > > > > org.apache.coyote.http11.Http11Processor.process(Http11Process > > > or.java:799) > > > > at > > > > > > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandle > > > r.processConnection(Http11Protocol.java:705) > > > > at > > > > > > > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoi > > > nt.java:577) > > > > at > > > > > > > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > > > ThreadPool.java:683) > > > > at java.lang.Thread.run(Thread.java:534) End of Stack Trace > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > ---------- > > > > Esta mensagem e quaisquer anexos são confidenciais, > podendo conter > > > > informação sujeita a sigilo profissional ou qualquer > outro dever de > > > > confidencialidade ou de segredo. Caso não seja o > > > destinatário deste e-mail, > > > > não deverá usar, copiar ou revelar o seu conteúdo, > > > solicitando-se que > > > > contacte o emissor com a brevidade possível e apague > esta mensagem. > > > > Obrigado pela colaboração. > > > > ---------- > > > > The information transmitted is intended for the person > or entity to > > > > which it is addressed only and may contain confidential > > > and/or privileged > > > > material. Any review, retransmission, dissemination or > > > other use of, or > > > > taking of any action in reliance upon, this information by > > > persons or > > > > entities other than the intended recipient is prohibited. > > > If you received > > > > this in error, please contact the sender and delete the > > > material from any > > > > computer. > > > > Thank you for your cooperation. > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
