Issues Resolved With java.security.AccessControlException

When I first set up the Tomcat 5.5 server on my tinkering box, I can into security issues with getting the dumb programs to connect to the MySQL server – even on localhost. Thanks to the Java community, I found my answer an answer was provided for me.

I got the errors when I moved the web app from my pc to that server with the MySQL database to see it on the Internet. The Tomcat server did on the problem computer. I have successfully ran a servlet w/o MySQL functionality. Below is the exception output when I tried to connect to the DB:

Communications link failure due to underlying exception:** BEGIN NESTED EXCEPTION **java.net.SocketException
MESSAGE: java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.120:3306 connect,resolve)

STACKTRACE:java.net.SocketException: java.security.AccessControlException: access denied (java.net.SocketPermission 192.168.0.120:3306 connect,resolve)
 at com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:156)
 at com.mysql.jdbc.MysqlIO.(MysqlIO.java:276)
 at com.mysql.jdbc.Connection.createNewIO(Connection.java:2666)
 at com.mysql.jdbc.Connection.(Connection.java:1531)
 at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:266)
 at java.sql.DriverManager.getConnection(DriverManager.java:525)
 at java.sql.DriverManager.getConnection(DriverManager.java:140)
 at Query1.processRequest(Query1.java:66)
 at Query1.doGet(Query1.java:208)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
 at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:272)
 at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)
 at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:50)
 at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
 at java.security.AccessController.doPrivileged(Native Method)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
 at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
 at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
 at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
 at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
 at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
 at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
 at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
 at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300)
 at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374)
 at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743)
 at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675)
 at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866)
 at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
 at java.lang.Thread.run(Thread.java:595)

** END NESTED EXCEPTION **Last packet sent to the server was 3 ms ago.

My issue was strictly with the Tomcat software on the production server because when I ran it within the bundled version from within NetBeans, it worked fine and dandy.

Turns out, it was a Catalina permissions issue. I had to grant the web app permission to connect to the database. The following code worked for me.

grant codeBase "file:${catalina.home}/webapps/WebTest1/-" {
permission java.net.SocketPermission "192.168.0.120:3306", "connect,resolve";
};

If you decide to use it, be sure to change the first line to the directory of your web application.

This entry was posted on Thursday, August 9th, 2007 at 5:27 pm and is filed under Java. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “Issues Resolved With java.security.AccessControlException”

malvinc October 14th, 2007 at 6:16 am

Solved the access problem which an application encounters when trying to connect to MySql Server by adding the above permission in the /etc/tomcat5/policy.d/04webapps.policy file in tomcat version 5.

MySql used was -5.0.24a-Debian_9ubuntu2.1-log

Andrew Wells October 14th, 2007 at 8:24 am

Yes, I forgot to mention which file that code belongs in. Glad you had success with it.

Germ111 November 1st, 2007 at 10:47 am

Andrew,

Thanks so much for the solution. This was exactly my problem. I’d been messing with wrong policy files and this worked like a charm. I was able to get by with localhost.

grant codeBase “file:${catalina.home}/webapps/dbapp/-” {
permission java.net.SocketPermission “localhost:3306″, “connect,resolve”;
};

Andrew Wells November 1st, 2007 at 11:11 am

Thanks for posting your solution, Germ111. I’m glad I was able to help.

Leandro February 27th, 2009 at 9:17 am

Thanks guys!! That hint just saved my life!!!!

Thanks so much!!!

rama October 27th, 2009 at 2:05 am

Thanks for posting this solution. you made my life easy. I got jsp to connect to mysql database in tomcat but I am still getting the same error when I am executing same jsp through netbeans.

Leave a Reply