-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Krapacs,
Krapacs Ambrose wrote: > I have to say that I do not think Tomcat is doing the right thing in > this particular situation. There should be some sort of security > exception being thrown indicating that the socket connection was being > block by tomcat's security manager. There was (from your original post): > com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications > link failure > Last packet sent to the server was 0 ms > ago.(jdbc:mysql://localhost?user=invuser&password=admin)) > > org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:852) > > org.apache.jasper.runtime.PageContextImpl.access$1100(PageContextImpl.java:71) > org.apache.jasper.runtime.PageContextImpl$12.run(PageContextImpl.java:768) > java.security.AccessController.doPrivileged(Native Method) > > org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:766) > org.apache.jsp.install_jsp._jspService(install_jsp.java:141) > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) > javax.servlet.http.HttpServlet.service(HttpServlet.java:717) > > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374) > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342) > org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267) > javax.servlet.http.HttpServlet.service(HttpServlet.java:717) > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > java.lang.reflect.Method.invoke(Method.java:616) > org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244) > java.security.AccessController.doPrivileged(Native Method) > javax.security.auth.Subject.doAsPrivileged(Subject.java:537) > org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276) > > org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) Note the "CommunicationsException" being thrown from the doAsPrivilege() method: that's a dead giveaway that it's a security error (at least to those of us who have seen them before). You're right: the error message could have been a bit better, but it's no shock that's what happened. > I did play around a little bit with > the policy files in my /var/lib/tomcat6/conf/policy.d directory and I > believe I found where I need to do this because I found an example > policy very similar to what you suggested. I got it to work without too > much trouble but then I ran into other security problems with my > application reading and writing files within its WEB-INF directory so I > will have to spend some more time with the tomcat docs and figure out > what permissions my application requires. After days of troubleshooting > this I'm more than happy with turning off the security manager and > spending some time learning how to actually configure it properly. SecurityManagers are such a pain in the ass IMO. If you're writing your own applications and deploying them yourself, I say give up on the SecurityManager because you're not protecting yourself from anyone but yourself. SecurityManagers are best used when either untrusted or partially-trusted code will be running in your Tomcat instance. I'm sure a lot of folks will disagree with me on this one, but the SecurityManager is more trouble than it's worth if you ask me. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkklfwAACgkQ9CaO5/Lv0PA5JQCglwxr+H2oT9nofNh9531p82r8 EMoAoLmNKRJGM/1GC7prMzgOYtNOr2Dz =Wkon -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]