Another comment, grant codeBase will not accept !, check ${java.home}/docs/guide/security/permissions.html or api javadoc. You have to use
- file:${path}/- for all classes and jars in this dir and subdirs; - file:${path}/* for all classes and jars in this dir; - file:${path}/my.jar for this jar -----Original Message----- From: Phillip Qin [mailto:[EMAIL PROTECTED] Sent: June 25, 2003 9:42 AM To: 'Tomcat Users List' Subject: RE: Tomcat 4.1.24 Security If you grant resolve to jdbc jar, then you don't need to specify the ip in the url, use host.domain:port -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: June 24, 2003 5:57 PM To: [EMAIL PROTECTED] Subject: Tomcat 4.1.24 Security I am in the process of expanding a web site I am developing to attach to a "test" server. In the process of my expansion into further testing, I've altered my data base access to point to a different server than my Tomcat server. Everything runs just fine until I attempt to access the "test" data base server. I get a security error message - as I expected. Looking thru all of the documentation I could find - I discovered that I needed to add a grant statement to the catalina.policy file pointing to the codeBase for my JDBC driver. (as an aside, I am uncertain what I broke, but as soon as I get a security access violation on my external DataBase jar, tomcat server stops accepting commands on 127.0.0.1 to shutdown) I opened catalina.policy and added my DataBase driver via this grant statement: grant codeBase "file:${catalina.home}/common/lib/mysql-connector-java-3.0.8-stable-bin.jar" { permission java.net.SocketPermission "127.0.0.1:3306", "accept, connect, listen, resolve"; }; I loaded Tomcat up with the -security command line option and reloaded my servlet. Problem is - now, instead of getting access to my data, I get a message in the Tomcat screen saying that the dbcp code had tried 3 times to load before it gave up. Making matters worse, with -security active, I can no longer access my data source on 127.0.0.1 Reading thru any message I could find on this subject, I noticed someone mentioned having your codeBase say "jar:file:". I also noticed someone mentioning putting "!/-" at the end of the codeBase string. I've tried both of these and get the same error from the dbcp code whenever it tries to create a database connection. I noticed that I should turn debugging on with an option to CATALINA_OPTS - but the volume of output is so overwhelming that I can't see SecurityManager determine if my data base access is valid. I gotta believe someone is using Tomcat 4.1.24 is a multi-tier environment. This tells me I'm missing something... Bob Bateman _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]