---

Hej Ng,

Jeg bruger eclipse til at udvikle et jsp-projekt, der skal køre på en tomcat
5.5.

Jeg bruger et realm til at styre adgangskontrol og en connection-pool til
database, hvilket jeg har sat op i context.xml filen

Min tomcat-server er sat op til at bruge https-protokolen mellem serveren og
klienten.
Det jeg mangler er at sætte tomcat op til at bruge SSL-forbindelse til
databasen.

Jeg har søgt på google, men uden held.

hvad skal ændres i nedenstående context.xml for at database-kommunikationen
sker over SSL?
(Databasen er sat op, samt de certifikater der skal bruges til tomcaten)

<?xml version="1.0" encoding="UTF-8"?>
<Context path="/WSSMedical" reloadable="true">
<Realm debug="MyRealm"
className="org.apache.catalina.realm.JDBCRealm"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost:3306/netB"
connectionName="netBweb" connectionPassword="netBpass"
userTable="ansat" userNameCol="anavn"
userCredCol="kode" userRoleTable="ansatroller"
roleNameCol="ronavn"/>

<Resource name="jdbc/WSSMedical_DB" auth="Container"
type="javax.sql.DataSource" username="netBweb" password="netBpass"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost/netB"
maxActive="8" maxIdle="4"/>

</Context>


--
MVH
Kasper

---

"Kasper Lindberg" <NoSp@m.invalid> writes:

[snip]
> connectionURL="jdbc:mysql://localhost:3306/netB"

Har du proevet med en connectionURL ala:
connectionURL="jdbc:mysql://localhost:3306/netB?requireSSL=true&useSSL=true"

(gaar ud fra hvad du siger er at keystores er sat korrekt op for tomcat'en?)

Mvh,
Soren

---

"Soren (News)" <sorend@rediffmail.com> wrote in message
news:87zluy810k.fsf@ser.gratissip.dk...
> "Kasper Lindberg" <NoSp@m.invalid> writes:
>
> [snip]
>> connectionURL="jdbc:mysql://localhost:3306/netB"
>
> Har du proevet med en connectionURL ala:
> connectionURL="jdbc:mysql://localhost:3306/netB?requireSSL=true&useSSL=true"
>
tja... det gør jeg når jeg ved hvordan resten skal sættes op
>
> (gaar ud fra hvad du siger er at keystores er sat korrekt op for
> tomcat'en?)

Keystores er sat op, ja, men hvordan referer til jeg disse?

Jeg bruger dette til at opsætte min https-forbindelse

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true" keystoreFile="C:/Program
Files/bpel_engine/apache-tomcat-5.5.17/.keystore"
keystorePass="TomcatServer" clientAuth="false" sslProtocol="TLS" />


--
MVH
Kasper

---

"Kasper Lindberg" <NoSp@m.invalid> writes:

[snip]
>
> Keystores er sat op, ja, men hvordan referer til jeg disse?

Du kan se her, soeg efter f.eks. clientCertificateKeyStoreUrl for at finde noget om emnet;
http://dev.mysql.com/doc/refman/5.0/en/connector-j-reference-configuration-properties.html

Alternativt hvis du bruger en tidligere version af mysql driveren, saa kan man goere det
paa JVM niveau ved at tilfoeje noget ala i opstartsfilerne:
-Djavax.net.ssl.keyStore=/mit/keystore \
-Djavax.net.ssl.keyStorePassword=hemmeligt \
-Djavax.net.ssl.trustStore=/mit/truststore \
-Djavax.net.ssl.trustStorePassword=hemmeligt \
-Djavax.net.debug=all

> Jeg bruger dette til at opsætte min https-forbindelse

(Der behoeves svjv. ikke vaere sammenhaeng mellem SSL opsaetning paa HTTP og paa
SSL paa mysql protokollen)

Mvh,
Soren

---

"Soren (News)" <sorend@rediffmail.com> wrote in message
news:87r6gaf0f7.fsf@ser.gratissip.dk...
> "Kasper Lindberg" <NoSp@m.invalid> writes:
>
> [snip]
>>
>> Keystores er sat op, ja, men hvordan referer til jeg disse?
>
> Du kan se her, soeg efter f.eks. clientCertificateKeyStoreUrl for at finde
> noget om emnet;
> http://dev.mysql.com/doc/refman/5.0/en/connector-j-reference-configuration-properties.html
>

tja ... Det ligner det jeg skal bruge, men kan ikke få det til at virke.

Dette realm:

<Realm debug="MyRealm"
className="org.apache.catalina.realm.JDBCRealm"
driverName="com.mysql.jdbc.Driver"

connectionURL="jdbc:mysql://localhost/netB?useSSL=true&amp;requireSSL=true&amp;clientCertificateKeyStoreType=JKS&amp;clientCertificateKeyStorePassword=TomcatServer&amp;clientCertificateKeyStoreUrl=file:C:/Program
Files/bpel_engine/apache-tomcat-5.5.17/.keystore&amp;trustCertificateKeyStoreType=JKS&amp;trustCertificateKeyStorePassword=TomcatTrust&amp;trustCertificateKeyStoreUrl=file:C:/Program
Files/bpel_engine/apache-tomcat-5.5.17/.truststore"

connectionName="netBuser"
connectionPassword="netBpass"
userTable="ansat"
userNameCol="anavn"
userCredCol="kode"
userRoleTable="ansatroller"
roleNameCol="ronavn"/>


Giver denne/disse exception(s)

23-01-2008 11:25:34 org.apache.catalina.realm.JDBCRealm authenticate
SEVERE: Exception performing authentication
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link
failure

Last packet sent to the server was 0 ms ago.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
at
com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1074)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2104)
at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:729)
at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:46)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:302)
at
com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:283)
at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:699)
at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:344)
at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.IllegalStateException: KeyManagerFactoryImpl is not
initialized
at
com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl.engineGetKeyManagers(KeyManagerFactoryImpl.java:30)
at
javax.net.ssl.KeyManagerFactory.getKeyManagers(KeyManagerFactory.java:272)
at
com.mysql.jdbc.ExportControlled.getSSLSocketFactoryDefaultOrConfigured(ExportControlled.java:221)
at
com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:77)
at com.mysql.jdbc.MysqlIO.negotiateSSLConnection(MysqlIO.java:4357)
at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1302)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2032)
... 23 more


--
Kasper