tomcat cannot connect to mysql

Is there anything in the error logs about this?

Thanks
chuck

Hi Chuck,

theres nothing in the error log of both mysql & tomcat.

Thanks,
Swapnil

Chuck Short wrote:
> Is there anything in the error logs about this?
>
> Thanks
> chuck
>
> ** Changed in: mysql-dfsg-5.0 (Ubuntu)
> Status: New => Incomplete
>
>

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Ok I'm giving you all information I have. The application currently throwing this exception at me is ActiTime, a freeware (but not free) web-based time management application.

The full error message is:
Unable to instantiate logger class 'com.mysql.jdbc.log.Jdk14Logger', exception in constructor?

Running Ubuntu 8.04 LTS server edition on AMD 64 using the certified versions of tomcat5.5 and mysql. Versions are:

Kernel 2.6.24-21-server
Tomcat 5.5.25-5
Mysql 5.0.51a-3
Libmysql-Java 5.1.5
liblog4j1.2-java 1.2.15-2 (in /usr/share/java/)
Sun Java (java-6-sun-1.6.0.07)

The application requests to use Sun Java instead of the free gjc environment. So: the whole gjc environment is uninstalled (hopefully) and >>update-alternatives --config java<< only returns Sun Java 1.5 and 1.6.
I have followed the vendors instructions and edited server.xml and the policy file accordingly.

What other information do you need?

Without more information (like a complete Java stack trace) it is difficult to debug where it may come from. Did you contact the ActiTime developers about it ? If they can translate their error into a bug into Ubuntu, that would be great.

FWIW the class in that error message is in libmysql-java and support for JDBC4 was dropped between the gutsy and the hardy versions. Maybe ActiTime was depending on it somehow ?

Thank you *very* much for that fast answer.

I contacted the ActiTime developers. They're very helpful and would like me to turn off security completely and tell me what's happening. For two reasons I wouldn't like to do that:
1) I don't know how to do that
2) I don't want to do that because the docs (yeah I read the docs!!) explicitly warned doing this "unless you know what you're doing." So I don't. See 1).

So, they said it's very likely a permission problem. I grepped the logfile with "grep -i permiss catalina*" and it really gave some read permission denied. And it was related to logging. A config file /var/lib/tomcat5.5/webapps/actitime/WEB-INF/classes/logging.properties was denied read access to, unfortunately there is no such file with that name.

The full line was:
Caused by: java.security.AccessControlException: access denied (java.io.FilePermission /var/lib/tomcat5.5/webapps/actitime/WEB-INF/classes/logging.properties read)

Here's the policy:

grant codeBase "file:/var/lib/tomcat5.5/webapps/actitime/-" {
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.util.PropertyPermission "*", "read,write";
  permission java.io.FilePermission "<<ALL FILES>>", "read";
  // Database access
  permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.compiler";
  permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.compiler.*";
  // Net access to Mysql
  permission java.net.SocketPermission "127.0.0.1:3306", "connect,resolve";
};

grant codeBase "file:/var/lib/tomcat5.5/webapps/actitime/WEB-INF/lib/*" {
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.util.PropertyPermission "*", "read";
};

For some reason I hoped that the line with "<<ALL FILES>>" and "read" would include permission to read files there. Even changing to "read,write" didn't help (in case the app wanted to actually create it's 'logging.properties' file).

Oh and by the way, it works out of the box on my OpenSuSE test install at home :-(

But you wanted a stack trace. Here's a stack trace attached. I have started the server, accessed the page with the error message once and shut down the server immediately so it should contain everything.

Hi Thierry, in the last 2 days I have learned more about Tomcat than ever before. Thanks for your final hint:JDBC4 support was dropped. So I looked for JDBC4 related lines in the config and finally found a suspicious mysql-connector-3.1.10-bin.jar in their lib file. Looks like they have hard-coded that version into their software. I have created a symbolic link to /usr/share/java/mysql-connector-bin.jar with that name and now it works although I haven't tested it enough to call this a solution.
I'm sure this were 7 hours of my lifetime well spent :-)
Thank you!

I'm happy you found a solution.
Just a few other information: the file system permissions problem you describe is caused by files owned by root and non-world-readable. Running "sudo ..." should allow you to access those files. The complete error line points to a problem with policies : Tomcat runs by default with a restrictive policy : you might need to add permissions to the /etc/tomcat5.5/policy.d/ directory, or turn off policy completely by having TOMCATn_SECURITY=no in /etc/default/tomcat5.5.

Hi Olray,

I am having the same problem with my actiTIME install. Can you give me some guidance on setting up the symlink above? Did you create a symlink to /usr/share/java/mysql-connector-bin.jar in the usr/share/tomcat5.5/webapps/actitime/WEB-INF/lib directory? I don't have the mysql-connector-bin.jar connector in /usr/share/java, did you install this seperately?

From above:
liblog4j1.2-java 1.2.15-2 (in /usr/share/java/)

Also what is Libmysql-Java 5.1.5, does this need to be installed seperately as well?

Thanks.

Hi everybody,

That's what we've found while investigating this issue with actiTIME.

This error appears when running Tomcat 5.5.* in the security mode.
There might be several possible solutions:

1. Run Tomcat without security option (recommended if running Tomcat in security mode is not important).

2. Recommended if running Tomcat in security mode:

Due to the specific default configuration of the security mode on Tomcat 5.5.* it is nessesary to add the following line to atalina.policy file to the section grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar":

permission java.io.FilePermission <actitime_path>${file.separator}WEB-INF${file.separator}classes\${file.separator}logging.properties", "read";}

where actitime_path is the path to the directory to which actiTIME is installed.

3. Not recommended.

You may update your Java Connector.

We don't recommend this workaround because we haven't tested actiTIME for work with the new connector and we can't guarantee its proper work.However, no bugs were ecnountered up to date.

The new Java Connector could be dowloaded here:
http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.7.tar.gz/from/pick#mirrors

To update your Java Connector please go to

        <actitime dir>\WEB-INF\lib

There you will find the file mysql-connector-java-3.1.10-bin.jar.
Please delete it and copy to this directory the file mysql-connector-java-5.1.7-bin.jar which you can take from the downloaded archive. Then restart the server and check if it is working fine.

Regards,

Alexandra Osipova
---
Product Coordinator
Actimind, Inc.
http://www.actimind.com