Tomcat security manager - c3p0 and hibernate
I am using a Tomcat security enabled server, and Hibernate3 with c3p0. Here are my policies in catalina.policy (I found these lines on the net and changed a bit):
grant codeBase "file:${catalina.base}/webapps/omiccir/-"
{
/////////////// FilePermission //////////
permission java.io.FilePermission "${catalina.home}/log4j.properties", "read";
permission java.io.FilePermission "${catalina.home}/logging.properties", "read";
permission java.io.FilePermission "${catalina.home}/hibernate.properties", "read";
permission java.io.FilePermission "${java.home}/lib/xerces.properties", "read";
//permission java.io.FilePermission "opproject.log", "write";
//permission java.io.FilePermission "${catalina.home}/Onepoint Project Home/-", "read, write, delete";
// FIXME line below is VERY system specific, take care!
permission java.io.FilePermission "/tmp/tomcat6-tmp", "write";
// thought it was java.io.tmpdir, but may be wrong //
permission java.io.FilePermission "${java.io.tmpdir}/tomcat6-tmp", "write";
/////////////// LoggingPermission //////////
permission java.util.logging.LoggingPermission "control";
/////////////// PropertyPermission //////////
permission java.util.PropertyPermission "org.apache.cxf.Logger", "read";
permission java.util.PropertyPermission "org.apache.commons.logging.*", "read";
permission java.util.PropertyPermission "log4j.*", "read";
permission java.util.PropertyPermission "logger.home", "read";
permission java.util.PropertyPermission "user.*", "read";
permission java.util.PropertyPermission "org.apache.xerces.*", "read";
permission java.util.PropertyPermission "ONEPOINT_PROJECT_HOME", "read";
permission java.util.PropertyPermission "com.sun.xml.bind.v2.*", "read";
permission java.util.PropertyPermission "com.sun.xml.bind.v2.runtime.JAXBContextImpl.fastBoot", "write";
permission java.util.PropertyPermission "cglib.debugLocation", "read";
permission java.util.PropertyPermission "org.dom4j.*", "read";
permission java.util.PropertyPermission "c3p0.*", "read";
permission java.util.PropertyPermission "net.sf.ehcache.*", "read";
permission java.util.PropertyPermission "ANTLR_DO_NOT_EXIT", "read";
permission java.util.PropertyPermission "ANTLR_USE_DIRECT_CLASS_LOADING", "read";
/////////////// RuntimePermission //////////
permission java.lang.RuntimePermission "accessClassInPackage.sun.jdbc.odbc";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.http";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.http.res";
permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect.generics.reflectiveObjects";
permission java.lang.RuntimePermission "accessClassInPackage.sun.util.calendar";
permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "getProtectionDomain";
/////////////// ReflectPermission //////////
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.net.SocketPermission "*", "resolve";
permission java.net.SocketPermission "localhost:5432", "connect,resolve";
//What is this line??
//permission java.net.SocketPermission "www.onepoint.at:80", "connect,resolve";
/////////////// MBean...Permission /////////
permission javax.management.MBeanServerPermission "createMBeanServer";
permission javax.management.MBeanPermission "com.mchange.v2.c3p0.*", "*";
permission javax.management.MBeanTrustPermission "register";
permission java.util.PropertyPermission "*", "read,write";
}
I don't know what is wrong, but it seems that there is a problem with c3p0, and this goes away when I use Tomcat without a security manager.
This is my stack trace:
org.apache.jasper.JasperException: org.hibernate.exception.GenericJDBCException: Cannot open connection
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:491)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:419)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
root cause
org.hibernate.exception.GenericJDBCException: Cannot open connection
org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:140)
org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:128)
org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:66)
org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:52)
org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:449)
org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:167)
org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:160)
org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:81)
org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1473)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:345)
$Proxy4.beginTransaction(Unknown Source)
ir.omicc.classes.Publisher.getTop5New开发者_Python百科s(Publisher.java:100)
org.apache.jsp.index_jsp._jspService(index_jsp.java:229)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
root cause
java.sql.SQLException: Connections could not be acquired from the underlying database!
com.mchange.v2.sql.SqlUtils.toSQLException(SqlUtils.java:106)
com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool.checkoutPooledConnection(C3P0PooledConnectionPool.java:529)
com.mchange.v2.c3p0.impl.AbstractPoolBackedDataSource.getConnection(AbstractPoolBackedDataSource.java:128)
org.hibernate.connection.C3P0ConnectionProvider.getConnection(C3P0ConnectionProvider.java:78)
org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:446)
org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:167)
org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:160)
org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:81)
org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1473)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:345)
$Proxy4.beginTransaction(Unknown Source)
ir.omicc.classes.Publisher.getTop5News(Publisher.java:100)
org.apache.jsp.index_jsp._jspService(index_jsp.java:229)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
root cause
com.mchange.v2.resourcepool.CannotAcquireResourceException: A ResourcePool could not acquire a resource from its primary factory or source.
com.mchange.v2.resourcepool.BasicResourcePool.awaitAvailable(BasicResourcePool.java:1319)
com.mchange.v2.resourcepool.BasicResourcePool.prelimCheckoutResource(BasicResourcePool.java:557)
com.mchange.v2.resourcepool.BasicResourcePool.checkoutResource(BasicResourcePool.java:477)
com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool.checkoutPooledConnection(C3P0PooledConnectionPool.java:525)
com.mchange.v2.c3p0.impl.AbstractPoolBackedDataSource.getConnection(AbstractPoolBackedDataSource.java:128)
org.hibernate.connection.C3P0ConnectionProvider.getConnection(C3P0ConnectionProvider.java:78)
org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:446)
org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:167)
org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:160)
org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:81)
org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1473)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:345)
$Proxy4.beginTransaction(Unknown Source)
ir.omicc.classes.Publisher.getTop5News(Publisher.java:100)
org.apache.jsp.index_jsp._jspService(index_jsp.java:229)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
Going by the stacktraces in the exception, it looks like the failure is due the inability to find a physical connection in the connection pool, after waiting for a sufficient period of time. The reason for this could be deduced to the following two permissions granted in the policy:
permission java.net.SocketPermission "*", "resolve";
permission java.net.SocketPermission "localhost:5432", "connect,resolve";
The "connect" action has been allowed only to the localhost, and only at port 5432. If this is not the database server, then it is most likely that physical connections were not created. You'll need to grant the appropriate permission (SocketPermission) for the required actions (connect,resolve) to the database server.
Note - the exception stack traces do not indicate that a permission was denied when creating the physical connection. This was deduced; you might want to look for other stack traces or other log files, or enable a lower level of logging, to determine if there are other failures.
Related:
- c3p0 pool cannot establish a coonection. How to debug this?. The tips (especially the third one) in the answer to this question, would go some way in resolving this issue.
give the socket permission to your jdbc driver
grant codeBase "jar:file:${catalina.home}${file.separator}webapps${file.separator}strutsspringjpaexample${file.separator}WEB-INF${file.separator}lib${file.separator}mysql-*.jar!/-" { permission java.net.SocketPermission "localhost:3306","connect"; };
加载中,请稍侯......
精彩评论