JSLEE Discussions
  [Search] Search   [Recent Topics] Recent Topics   [Hottest Topics] Hottest Topics   [Groups] Back to home page 
[Register] Register / 
[Login] Login 
java.security.AccessControlException
Forum Index » Rhino SLEE Discussions
Author Message
inovar_test


Joined: 12/08/2017 08:20:01
Messages: 20
Offline

We're getting the java.security.AccessControlException: access denied ("java.net.SocketPermission" "192.168.62.183:3306" "connect,resolve") when using the mariadb driver to connect to a database.

We've tried to add the java.net.SocketPermission permission to the sbb-jar.xml in the sbb deployable unit as well as to the library-jar.xml in the library deployable unit that contains the mariadb driver jar, but that didn't work.

Adding the permission to the rhino.policy in the deployments section clears the exception. but we need to avoid restarting the Rhino node during the deployment.

The complete exception is as follows:
2017-12-15 14:55:00.021 ERROR [com.inovar.slee.pcm] <Thread-3659> Exception caught in PCMStatistics.connectToDb( boolean )
java.security.AccessControlException: access denied ("java.net.SocketPermission" "192.168.62.183:3306" "connect,resolve")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051)
at java.net.Socket.connect(Socket.java:584)
at java.net.Socket.connect(Socket.java:538)
at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connect(AbstractConnectProtocol.java:401)
at org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol.connectWithoutProxy(AbstractConnectProtocol.java:1029)
at org.mariadb.jdbc.internal.util.Utils.retrieveProxy(Utils.java:483)
at org.mariadb.jdbc.Driver.connect(Driver.java:106)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:270)
at com.inovar.slee.pcm.PCMStatistics.connectToDb(PCMStatistics.java:144)
at com.inovar.slee.pcm.PCMStatistics.flushAll(PCMStatistics.java:305)
at com.inovar.slee.pcm.PCMStatistics$StatsFlusher$1.run(PCMStatistics.java:75)
at java.lang.Thread.run(Thread.java:748)




stevena


Joined: 27/03/2008 13:43:16
Messages: 274
Location: Cambridge, UK
Offline

Installing JDBC drivers as library jars is really not the right approach you should be taking, but anyway, you find a line like below in read-config-variables (production Rhino) or config/jvm_args (Rhino SDK):

#-Djava.security.debug=access,failure


If you uncomment that line and restart the node, the Java security system will dump lots of debugging information about security accesses. When your access control permission failure occurs you can find out which protection domain failed the permissions check.

Given that it appears to be a thread started by the JDBC driver that's failing the permission check, resolving this might be difficult. Using a AccessControl.doPrivileged() block around the code that starts the thread(s) might work, if you know where that occurs.

Steven Adams
Senior Software Engineer
OpenCloud
 
Forum Index » Rhino SLEE Discussions
Go to:   
Powered by JForum 2.1.8 © JForum Team