java.net.SocketPermission error trying to access MySQL database from servlet

Posted on 2007-04-05
Medium Priority
Last Modified: 2013-11-24
Apologies for any incorrect terminology I may use. Some of this is quite new to me.

I have a small Java program that connects to a MySQL database and retrieves and displays some data from it. The code runs fine at the command line.

A similar piece of Java code that runs in the context of a servlet gives this error at the point where it starts making the connection to the MySQL database: -

com.mysql.jdbc.CommunicationsException: Communications link failure due to underlying exception:


MESSAGE: java.security.AccessControlException: access denied (java.net.SocketPermission connect,resolve)


java.net.SocketException: java.security.AccessControlException: access denied (java.net.SocketPermission connect,resolve)
        at com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:156)
        at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java:277)
        at com.mysql.jdbc.Connection.createNewIO(Connection.java:2668)
        at com.mysql.jdbc.Connection.<init>(Connection.java:1531)
        at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:266)
        at java.sql.DriverManager.getConnection(DriverManager.java:525)
        at java.sql.DriverManager.getConnection(DriverManager.java:171)
        at ShowPVersions.doGet(ShowPVersions.java:31)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:275)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245)
        at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:177)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
        at java.lang.Thread.run(Thread.java:595)


The Java code is: -

import java.sql.*;

public class ShowPVersions {
  public static void main(String args[]){
    System.out.println("Looking for P Version Information");
    try {
        Statement stmt;
      ResultSet rs;

      //Register the JDBC driver for MySQL.

      String url = "jdbc:mysql://";

      Connection con = DriverManager.getConnection(url,"USER", "SECRET");

      //Display URL and connection information
      System.out.println("URL: " + url);
      System.out.println("Connection: " + con);

      //Get a Statement object
      stmt = con.createStatement();

      stmt = con.createStatement(

      //Query the database, storing the result
      // in an object of type ResultSet
      rs = stmt.executeQuery("SELECT * from PVersion");

      System.out.println("Versions: -");
        String strVer = rs.getString("Version");
        String strTime = rs.getString("InstallTime");
        System.out.println("\t" + strVer + "\t" + strTime);

    }catch( Exception e ) {

I'm running the following: -

Debian etch
MySQL 5.0
Tomcat 5.5
Sun JRE 5.0
Question by:SimonFisher
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 10

Expert Comment

ID: 18857378
In Tomcat/conf, you would find catalina.conf
Add these lines (after modifying to your configurartion values) and restart TomCat

grant codeBase "file:${catalina.home}/webapps/ExamplApp/WEB-INF/lib/MySQLDriverJar.jar!/-" {
     permission java.net.SocketPermission "<The DB Server IP Address>", "connect";

Hope it helps

Author Comment

ID: 18857917
The MySQL driver/jar file is symbolically linked so it appears at various places under /usr/share/tomcat and /usr/share/java. It's not in my application area.

My MySQL database server is on the same machine as Tomcat.

It appears that under Debian, you don't edit /var/lib/tomcat5.5/conf/catalina.policy directly, but make changes to files in /etc/tomcat5.5/policy.d/ which then get merged to form the catalina.policy file. So, I've added this to /etc/tomcat5.5/policy.d/50user.policy

I can confitm that after restarting tomcat, the catalina.policy file does contain the required addition: -

grant codeBase "file:/usr/share/tomcat5.5/common/lib/mysql.jar!/-" {
     permission java.net.SocketPermission "", "connect";

I still get the error.
LVL 30

Expert Comment

by:Mayank S
ID: 18860620
>> "file:/usr/share/tomcat5.5/common/lib/mysql.jar!/"

Try grant codeBase "file:/usr/share/tomcat5.5/common/lib/mysql.jar" {
permission java.net.SocketPermission "*", "connect";
More Than Just A Video Library

Train for your certification. Learn the latest DevOps tools. Grow your skillset to do better work.

At Linux Academy, we release new training modules every week so you'll always be up to date on the latest tech.


Author Comment

ID: 18903952
Still getting the same error message.
LVL 30

Expert Comment

by:Mayank S
ID: 18928428
Try giving all files under lib the same permission
LVL 30

Expert Comment

by:Mayank S
ID: 19069752
What was the result of: >> Try giving all files under lib the same permission

Author Comment

ID: 19070671
The solution I used was to modify the file /etc/tomcat5.5/policy.d/04webapps.policy such that within a section starting: -

    grant {

I added: -

    permission java.net.SocketPermission "", "connect,resolve";
    permission java.util.PropertyPermission "file.encoding", "read";

I found this solution from elsewhere.

Author Comment

ID: 19070689
mayankeagle's suggestion "Try giving all files under lib the same permission" wasn't detailed enough for me to follow. I was away on holiday from April 13th (shortly after I posted "Still getting the same error message." and found the solution on my return, after seeing your suggestion but before I had asked you to elaborate.
LVL 30

Expert Comment

by:Mayank S
ID: 19072642
All files under lib the same permission means you need to repeat the permission you are giving to one file to all other files in the directory. Since you have:

Try grant codeBase "file:/usr/share/tomcat5.5/common/lib/mysql.jar" {
permission java.net.SocketPermission "*", "connect";

Suppose you also have another abc.jar and xyz.jar in the same lib directory, then also give:

Try grant codeBase "file:/usr/share/tomcat5.5/common/lib/abc.jar" {
permission java.net.SocketPermission "*", "connect";

Try grant codeBase "file:/usr/share/tomcat5.5/common/lib/xyz.jar" {
permission java.net.SocketPermission "*", "connect";

LVL 30

Expert Comment

by:Mayank S
ID: 19072648
you can reply back and ask for clarification if you fail to understand any of the comments because we come here only when we find free time from our work, so sometimes our replies might not be very elaborate.

Author Comment

ID: 19072803
I would have asked for elaboration __IF__ I hadn't already found the solution elsewhere.

As it is, I do not feel that any of the comments or suggestions made contributed to me finding the solution. Do you think otherwise?
LVL 30

Expert Comment

by:Mayank S
ID: 19073992
Well, I wouldn't know myself as to whether my comments helped or not and whether you tried them or not, or whether you're looking for a solution of your own or not, if you don't reply to my comment to let me know.

Accepted Solution

Vee_Mod earned 0 total points
ID: 19080909
Closed, 500 points refunded.
Community Support Moderator

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java contains several comparison operators (e.g., <, <=, >, >=, ==, !=) that allow you to compare primitive values. However, these operators cannot be used to compare the contents of objects. Interface Comparable is used to allow objects of a cl…
By the end of 1980s, object oriented programming using languages like C++, Simula69 and ObjectPascal gained momentum. It looked like programmers finally found the perfect language. C++ successfully combined the object oriented principles of Simula w…
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
Suggested Courses
Course of the Month10 days, 1 hour left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question