Tomcat安全管理器- c3p0和hibernate
Tomcat安全管理器- c3p0和hibernate
提问于 2011-06-09 16:24:42
我使用的是启用了Tomcat安全功能的服务器,以及带有c3p0的Hibernate3。以下是我在catalina.policy中的策略(我在网上找到了这些行,并做了一些修改):
grant codeBase "file:${catalina.base}/webapps/omiccir/-"
{
/////////////// FilePermission //////////
permission java.io.FilePermission "${catalina.home}/log4j.properties", "read";
permission java.io.FilePermission "${catalina.home}/logging.properties", "read";
permission java.io.FilePermission "${catalina.home}/hibernate.properties", "read";
permission java.io.FilePermission "${java.home}/lib/xerces.properties", "read";
//permission java.io.FilePermission "opproject.log", "write";
//permission java.io.FilePermission "${catalina.home}/Onepoint Project Home/-", "read, write, delete";
// FIXME line below is VERY system specific, take care!
permission java.io.FilePermission "/tmp/tomcat6-tmp", "write";
// thought it was java.io.tmpdir, but may be wrong //
permission java.io.FilePermission "${java.io.tmpdir}/tomcat6-tmp", "write";
/////////////// LoggingPermission //////////
permission java.util.logging.LoggingPermission "control";
/////////////// PropertyPermission //////////
permission java.util.PropertyPermission "org.apache.cxf.Logger", "read";
permission java.util.PropertyPermission "org.apache.commons.logging.*", "read";
permission java.util.PropertyPermission "log4j.*", "read";
permission java.util.PropertyPermission "logger.home", "read";
permission java.util.PropertyPermission "user.*", "read";
permission java.util.PropertyPermission "org.apache.xerces.*", "read";
permission java.util.PropertyPermission "ONEPOINT_PROJECT_HOME", "read";
permission java.util.PropertyPermission "com.sun.xml.bind.v2.*", "read";
permission java.util.PropertyPermission "com.sun.xml.bind.v2.runtime.JAXBContextImpl.fastBoot", "write";
permission java.util.PropertyPermission "cglib.debugLocation", "read";
permission java.util.PropertyPermission "org.dom4j.*", "read";
permission java.util.PropertyPermission "c3p0.*", "read";
permission java.util.PropertyPermission "net.sf.ehcache.*", "read";
permission java.util.PropertyPermission "ANTLR_DO_NOT_EXIT", "read";
permission java.util.PropertyPermission "ANTLR_USE_DIRECT_CLASS_LOADING", "read";
/////////////// RuntimePermission //////////
permission java.lang.RuntimePermission "accessClassInPackage.sun.jdbc.odbc";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.http";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.http.res";
permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect.generics.reflectiveObjects";
permission java.lang.RuntimePermission "accessClassInPackage.sun.util.calendar";
permission java.lang.RuntimePermission "defineClassInPackage.java.lang";
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "getProtectionDomain";
/////////////// ReflectPermission //////////
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.net.SocketPermission "*", "resolve";
permission java.net.SocketPermission "localhost:5432", "connect,resolve";
//What is this line??
//permission java.net.SocketPermission "www.onepoint.at:80", "connect,resolve";
/////////////// MBean...Permission /////////
permission javax.management.MBeanServerPermission "createMBeanServer";
permission javax.management.MBeanPermission "com.mchange.v2.c3p0.*", "*";
permission javax.management.MBeanTrustPermission "register";
permission java.util.PropertyPermission "*", "read,write";
}我不知道哪里出了问题,但似乎c3p0出了问题,当我在没有安全管理器的情况下使用Tomcat时,这个问题就消失了。
这是我的堆栈跟踪:
org.apache.jasper.JasperException: org.hibernate.exception.GenericJDBCException: Cannot open connection
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:491)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:419)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
root cause
org.hibernate.exception.GenericJDBCException: Cannot open connection
org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:140)
org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:128)
org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:66)
org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:52)
org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:449)
org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:167)
org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:160)
org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:81)
org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1473)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:345)
$Proxy4.beginTransaction(Unknown Source)
ir.omicc.classes.Publisher.getTop5News(Publisher.java:100)
org.apache.jsp.index_jsp._jspService(index_jsp.java:229)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
root cause
java.sql.SQLException: Connections could not be acquired from the underlying database!
com.mchange.v2.sql.SqlUtils.toSQLException(SqlUtils.java:106)
com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool.checkoutPooledConnection(C3P0PooledConnectionPool.java:529)
com.mchange.v2.c3p0.impl.AbstractPoolBackedDataSource.getConnection(AbstractPoolBackedDataSource.java:128)
org.hibernate.connection.C3P0ConnectionProvider.getConnection(C3P0ConnectionProvider.java:78)
org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:446)
org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:167)
org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:160)
org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:81)
org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1473)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:345)
$Proxy4.beginTransaction(Unknown Source)
ir.omicc.classes.Publisher.getTop5News(Publisher.java:100)
org.apache.jsp.index_jsp._jspService(index_jsp.java:229)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
root cause
com.mchange.v2.resourcepool.CannotAcquireResourceException: A ResourcePool could not acquire a resource from its primary factory or source.
com.mchange.v2.resourcepool.BasicResourcePool.awaitAvailable(BasicResourcePool.java:1319)
com.mchange.v2.resourcepool.BasicResourcePool.prelimCheckoutResource(BasicResourcePool.java:557)
com.mchange.v2.resourcepool.BasicResourcePool.checkoutResource(BasicResourcePool.java:477)
com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool.checkoutPooledConnection(C3P0PooledConnectionPool.java:525)
com.mchange.v2.c3p0.impl.AbstractPoolBackedDataSource.getConnection(AbstractPoolBackedDataSource.java:128)
org.hibernate.connection.C3P0ConnectionProvider.getConnection(C3P0ConnectionProvider.java:78)
org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:446)
org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:167)
org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:160)
org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:81)
org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1473)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:345)
$Proxy4.beginTransaction(Unknown Source)
ir.omicc.classes.Publisher.getTop5News(Publisher.java:100)
org.apache.jsp.index_jsp._jspService(index_jsp.java:229)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:269)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:301)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)回答 2
Stack Overflow用户
回答已采纳
发布于 2011-06-09 16:41:32
根据异常中的堆栈跟踪,看起来失败是由于在等待了足够长的一段时间后无法在连接池中找到物理连接。原因可以推断为策略中授予的以下两个权限:
permission java.net.SocketPermission "*", "resolve";
permission java.net.SocketPermission "localhost:5432", "connect,resolve";"connect“操作仅允许本地主机执行,且仅在端口5432上执行。如果这不是数据库服务器,则很可能没有创建物理连接。您需要向数据库服务器授予所需操作(connect、resolve)的适当权限(SocketPermission)。
注意-异常堆栈跟踪并不表示创建物理连接时权限被拒绝。这是推断出来的;您可能希望查找其他堆栈跟踪或其他日志文件,或者启用较低级别的日志记录,以确定是否存在其他故障。
与相关:
- c3p0 pool cannot establish a coonection. How to debug this?.这个问题的答案中的技巧(特别是第三个)将在一定程度上解决这个问题。
Stack Overflow用户
发布于 2011-12-22 21:52:29
将套接字权限授予jdbc驱动程序
连接权限"jar:file:${catalina.home}${file.separator}webapps${file.separator}strutsspringjpaexample${file.separator}WEB-INF${file.separator}lib${file.separator}mysql-*.jar!/-“{
codeBase java.net.SocketPermission "localhost:3306","connect";};
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/6290015
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号