SocketPermission error
Jack Kemanjian
Hello,
I am using jbuilder7 to connect to sybase ASE 12.5 and get the
following error message right after I try to make a connect to my data
server. The database server is running on host 67.81.57.171 off of port
4100 as defined in the sybase interfaces file. Anyone know why I am
getting a socket permission error? The code I am trying to invoke is as
follows:
Class.forName("com.sybase.jdbc.SybDriver").newInstance();
Connection conn =
DriverManager.getConnection("jdbc:sybase:Tds:67.81.57.171:4100","sa","");
Thanks in advance.
-Jake
Here is the error message:
access denied (java.net.SocketPermission 67.81.57.171:4100 connect,resolve)
java.security.AccessControlException: access denied
(java.net.SocketPermission 67.81.57.171:4100 connect,resolve)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:272)
at
java.security.AccessController.checkPermission(AccessController.java:399)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:545)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1044)
at java.net.Socket.(Socket.java:262)
at java.net.Socket.(Socket.java:100)
at com.sybase.timedio.RawDbio.doConnect(RawDbio.java)
at com.sybase.timedio.InStreamMgr.(InStreamMgr.java)
at com.sybase.tds.Tds.login(Tds.java)
at com.sybase.jdbc.SybConnection.tryLogin(SybConnection.java)
at com.sybase.jdbc.SybConnection.regularConnect(SybConnection.java)
at com.sybase.jdbc.SybConnection.(SybConnection.java)
at com.sybase.jdbc.SybDriver.connect(SybDriver.java)
at java.sql.DriverManager.getConnection(DriverManager.java:517)
at java.sql.DriverManager.getConnection(DriverManager.java:177)
at
com.borland.samples.shoppingcart.TestJdbcOdbc.tryDB(TestJdbcOdbc.java:39)
at
com.borland.samples.shoppingcart.TestJdbcOdbc.jbInit(TestJdbcOdbc.java:82)
at
com.borland.samples.shoppingcart.TestJdbcOdbc.(TestJdbcOdbc.java:12)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:586)
at sun.plugin.AppletViewer.createApplet(AppletViewer.java:1316)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:515)
at sun.applet.AppletPanel.run(AppletPanel.java:293)
at
sun.plugin.navig.motif.MotifAppletViewer.maf_run(MotifAppletViewer.java:131)
at
sun.plugin.navig.motif.MotifAppletViewer.run(MotifAppletViewer.java:127)
at java.lang.Thread.run(Thread.java:484)
java.lang.NullPointerException
at
com.borland.samples.shoppingcart.TestJdbcOdbc.tryDB(TestJdbcOdbc.java:73)
at
com.borland.samples.shoppingcart.TestJdbcOdbc.jbInit(TestJdbcOdbc.java:82)
at
com.borland.samples.shoppingcart.TestJdbcOdbc.(TestJdbcOdbc.java:12)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:586)
at sun.plugin.AppletViewer.createApplet(AppletViewer.java:1316)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:515)
at sun.applet.AppletPanel.run(AppletPanel.java:293)
at
sun.plugin.navig.motif.MotifAppletViewer.maf_run(MotifAppletViewer.java:131)
at
sun.plugin.navig.motif.MotifAppletViewer.run(MotifAppletViewer.java:127)
at java.lang.Thread.run(Thread.java:484)
Mark Hansen
> Hello,
> I am using jbuilder7 to connect to sybase ASE 12.5 and get the
> following error message right after I try to make a connect to my data
> server. The database server is running on host 67.81.57.171 off of port
> 4100 as defined in the sybase interfaces file. Anyone know why I am
> getting a socket permission error? The code I am trying to invoke is as
> follows:
> Class.forName("com.sybase.jdbc.SybDriver").newInstance();
> Connection conn =
> DriverManager.getConnection("jdbc:sybase:Tds:67.81.57.171:4100","sa","");
Yes. You're running from within a Java Application server container, and
they generally do not allow the applications to access system resources,
like sockets.
This is because web applications are modules you may purchase off the
shelf (at K Mart?) and just plug in, and so strict security measures
are in order.
To allow your application the access it desires, you need to create
a security policy file and install it into the application server
(Borland, in this case).
You'll have to check with Borland on how this is to be set up, but
you'll need to create a security policy that looks something like
this:
grant codeBase "...code base..." {
permission java.security.AllPermission;
... or whatever specific permission is necessary
};
I don't have an example handy for the specific permission necessary
to read/write to a socket, but if you find the API for the "grant"
statement of the security policy file, there should be plenty of
examples there.
Hope that helps,
Mark Hansen
> Jack Kemanjian wrote:
>> Hello,
>> I am using jbuilder7 to connect to sybase ASE 12.5 and get the
>> following error message right after I try to make a connect to my data
>> server. The database server is running on host 67.81.57.171 off of port
>> 4100 as defined in the sybase interfaces file. Anyone know why I am
>> getting a socket permission error? The code I am trying to invoke is as
>> follows:
>> Class.forName("com.sybase.jdbc.SybDriver").newInstance();
>> Connection conn =
>> DriverManager.getConnection("jdbc:sybase:Tds:67.81.57.171:4100","sa","");
>
> Yes. You're running from within a Java Application server container, and
> they generally do not allow the applications to access system resources,
> like sockets.
Here is a little more information. You can see the Java Security documentation
on the Sun web site (http://java.sun.com). The section on Java Security
can be read here:
<http://java.sun.com/j2se/1.4.1/docs/guide/security/index.html>
Here is a page that talks about the Security Permissions. Look for
the section on Socket Permissions for examples specific to what
you're trying to do:
<http://java.sun.com/j2se/1.4.1/docs/guide/security/permissions.html>
Once you create the security policy that you need, you'll have to
check with Borland for information on how to install a new security
policy in their application server.
Hope this help...
Mark Hansen
not running within the Borland Application server.
Applets have special restrictions placed on them, and I'm not sure
if you can evade them using the security policy files documented on
the Sun site. I think one restriction is that an applet can connect
to the host from which it was served, but no other. If your Sybase
database is on a host different than your applet (or web server that
served it, if you're running from within a browser) it will not be
allowed to make the connection.
I'm not sure what you can do to get around this.
Sorry for the misdirection - I should have looked more closely at
the stack trace in the first place.
Jack Kemanjian
Thanks for your help. The data server is running on the same machine
that deployed the applet. Both web server and database server run on the
same machine i.e. 67.81.57.171; webserver off of port 6003 and data
server off of 4100. There sould be no restriction since the applet is
only calling back the machine it was deployed from.
-Jake
Mark Hansen
> Mark,
> Thanks for your help. The data server is running on the same machine
> that deployed the applet. Both web server and database server run on the
> same machine i.e. 67.81.57.171; webserver off of port 6003 and data
> server off of 4100. There sould be no restriction since the applet is
> only calling back the machine it was deployed from.
That's right. It should not have a problem if it's just going back to
the same host. I don't know what the problem might be then.