My First Tomcat Experience

I’ve decided, for various reasons, to use Jasper Reports to do the reporting for our app.

I hired someone to help with the initial Tomcat setup; boy am I glad I did…

The project that I contracted was to create a script to set up Tomcat, with Jasper Server, to access MySQL, with example Python scripts to trigger and pull down pre-cooked reports.

So far we’ve got Tomcat running on one port, Apache 2 running on another, the Jasper web UI pages being served by Tomcat, phpMyAdmin set up and working and MySQL accessible from our local network by IP and locally on the server.

At least until this morning.

As per a previous post, I had enabled remote access to MySQL by modifying the `my.cnf` file and, at that time, I had questioned whether having two `bind-address` statements in the config would work.

This morning, I couldn’t connect to the Jasper server either locally on the server itself or remotely from within my networkand, in the sea of Java exception messages, I pulled out `AccessControlException` and went hunting.

I found this post:

The Problem:

When our webapp trys to connect to the database on localhost, an exception

‘java.security.AccessControlException: access denied
(java.net.SocketPermission localhost resolve)’

Well, that kind of looks like what I’m getting.

So, it would seem that I can’t access the local MySQL server via localhost’s IP address any more which would make sense if it’s a “whoever gets there last” scheme for IP addresses in the configuration.

But phpMyAdmin Can Do It!

Thing is…phpMyAdmin is still working, so it is able to get at the local MySQL so perhaps it’s just a difference in how they specify local access; maybe Tomcat’s not using the local port?

I figured I’d work from what was working (phpMyAdmin) backwards so I started looking for the configuration files.

Holy crap.

Check this out:

$ sudo find / -name phpmyadmin
/usr/share/dbconfig-common/data/phpmyadmin
/usr/share/doc-base/phpmyadmin
/usr/share/doc/phpmyadmin
/usr/share/phpmyadmin
/etc/phpmyadmin
/var/lib/doc-base/omf/phpmyadmin
/var/lib/doc-base/documents/phpmyadmin
/var/lib/phpmyadmin

WTF?! Nine (9) different places where pieces of phpMyAdmin had ended up? I understand that documentation might be separate, but is this really necessary?

Note that this is how it is set up by using the Ubuntu `aptitude` utility which is very damn handy but this is just silly.

Turns out that the actual PHP files for the server are in `/usr/share/phpmyadmin` and the actual database access configuration seems to be in ` /etc/dbconfig-common/phpmyadmin.conf`, which actually just fills in the `pma_table_info` table with default access information.

In `phpmyadmin.conf`, where it fills in the `pma_table_info` record, the only thing actually specified is `mysql` as the database type. The host and port are left blank as shown below:

# dbc_dbserver: database host.  
#       leave unset to use localhost (or a more efficient local method
#       if it exists).
dbc_dbserver=''

# dbc_dbport: remote database port
#       leave unset to use the default.  only applicable if you are
#       using a remote database.
dbc_dbport=''

So, I went and did the same thing to Jasper’s configuration file at ` /var/lib/tomcat6/conf/Catalina/localhost/jasperserver.xml`

I changed the line:

       url="jdbc:mysql://localhost:3306/jasperserver?useUnicode=true&characterEncoding=UTF-8"  

to read:

        url="jdbc:mysql:///jasperserver?useUnicode=true&characterEncoding=UTF-8" 

Restarted the server with:

	#  sudo /etc/init.d/tomcat6 restart

No joy.

Bind to One or All

Well, I still don’t have a satisfactory reason for why phpMyAdmin can connect to the server whether localhost is specified or not but I suspect it’s something Java-ish that I’ll just have to ask my guy about after New Years.

For now…

You can either have MySQL bind to one address, or all. After a bit more poking around, I finally found the doc and now it says that ‘whoever gets there last wins’ where previous versions didn’t address the issue.

So…if I want to restrict access, I can do it through a combination of firewall settings and permissions in the database.