Issues Resolved With java.security.AccessControlException
When I first set up the Tomcat 5.5 server on my tinkering box, I can into security issues with getting the dumb programs to connect to the MySQL server – even on localhost. Thanks to the Java community, I found my answer an answer was provided for me.
I got the errors when I moved the web app from my pc to that server with the MySQL database to see it on the Internet. The Tomcat server did on the problem computer. I have successfully ran a servlet w/o MySQL functionality. Below is the exception output when I tried to connect to the DB:
Communications link failure due to underlying exception:** BEGIN NESTED EXCEPTION **java.net.SocketException MESSAGE: java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.120:3306 connect,resolve) STACKTRACE:java.net.SocketException: java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.120:3306 connect,resolve) at com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:156) at com.mysql.jdbc.MysqlIO.(MysqlIO.java:276) at com.mysql.jdbc.Connection.createNewIO(Connection.java:2666) at com.mysql.jdbc.Connection.(Connection.java:1531) at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:266) at java.sql.DriverManager.getConnection(DriverManager.java:525) at java.sql.DriverManager.getConnection(DriverManager.java:140) at Query1.processRequest(Query1.java:66) at Query1.doGet(Query1.java:208) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:272) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245) at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:50) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) ** END NESTED EXCEPTION **Last packet sent to the server was 3 ms ago.
My issue was strictly with the Tomcat software on the production server because when I ran it within the bundled version from within NetBeans, it worked fine and dandy.
Turns out, it was a Catalina permissions issue. I had to grant the web app permission to connect to the database. The following code worked for me.
grant codeBase "file:${catalina.home}/webapps/WebTest1/-" { permission java.net.SocketPermission "192.168.0.120:3306", "connect,resolve"; };
If you decide to use it, be sure to change the first line to the directory of your web application.
This entry was posted on Thursday, August 9th, 2007 at 5:27 pm and is filed under Java. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Andrew Wells October 14th, 2007 at 8:24 am
Yes, I forgot to mention which file that code belongs in. Glad you had success with it.