-->
These old forums are deprecated now and set to read-only. We are waiting for you on our new forums!
More modern, Discourse-based and with GitHub/Google/Twitter authentication built-in.

View unanswered posts | View active topics


Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]


Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 1 post ] 
  Previous topic | Next topic 
Author Message
MountainBeast
 Post subject: Security Manager and Hibernate
PostPosted: Sun Sep 26, 2010 9:22 am 
Newbie

Joined: Tue May 18, 2010 6:16 am
Posts: 5
Good afternoon, ladies and gentlemen,

I have biult a web application using Hibernate for java. The application works fine on my local machine without SecurityManager, but when it is deployed on the remote server, the following exception is thrown:

Sep 23, 2010 3:07:12 PM org.apache.catalina.core.StandardWrapperValve invoke
INFO: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.jdbc.odbc)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:114)
at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:66)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at java.sql.DriverManager.getCallerClass(DriverManager.java:477)
at java.sql.DriverManager.getConnection(DriverManager.java:576)
at java.sql.DriverManager.getConnection(DriverManager.java:185)
at org.apache.jsp.dbtester_jsp._jspService(dbtester_jsp.java:84)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
....................and so on.....................

the remote server runs SecurityManager which sims to dislike access to sun.jdbc.odbc package. Sun also does not recommend direct use of any classes in the "sun." namespace.

I am using custom connection provider which does as little as:
//during initialisation
Class.forName(driver);

//later on connection request
Connection conn = DriverManager.getConnection(connURL, username, password);
conn.setAutoCommit(true);
return conn;

I am not implementing/using connection pooling as it makes no sense due to short configured connection timeout on the server. The same situation also occured with the default hibernate pooling mechanism, and with c3p0.

my hibernate.cfg.xml:

<hibernate-configuration>
<session-factory>
<property name="hibernate.dialect">org.hibernate.dialect.MySQLDialect</property>
<property name="hibernate.connection.driver_class">com.mysql.jdbc.Driver</property>
<property name="hibernate.connection.url">jdbc:mysql://localhost/database_name</property>
<property name="hibernate.connection.username">user</property>
<property name="hibernate.connection.password">password</property>

<property name="hibernate.connection.provider_class">snowhouse.UnpooledConnectionProvider</property>


<mapping resource="snowhouse/Staff.hbm.xml"/>
<mapping resource........
</session-factory>
</hibernate-configuration>


My question in this case is whether Hibernate attempts to use the mentioned package at runtime, or have I done something bizzare with this? Any suggestions??
Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 1 post ] 

Board index » Hibernate & Java Persistence » Hibernate Users

All times are UTC - 5 hours [ DST ]

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
© Copyright 2014, Red Hat Inc. All rights reserved. JBoss and Hibernate are registered trademarks and servicemarks of Red Hat, Inc.