Permission denied error using register.properties to externalize database credentials on Tomcat 7

Solution Unverified - Updated -

Environment

  • Tomcat 7

Issue

  • Receiving the following exception when externalizing database connection credentials in register.properties:
Unable to make the Oracle Connection.
Load register.properties
java.io.FileNotFoundException: /path/to/myapp/resources/register.properties (Permission denied)
    at java.io.FileInputStream.open(Native Method)
    at java.io.FileInputStream.<init>(FileInputStream.java:137)

Resolution

Instead of trying to externalize the database connection username/password using a properties file, use the built in Tomcat connection pooling. You will get all the benefits of connection pooling in addition to removing username and password from the application code. See Tomcat 7 connection pooling on Red Hat JBoss Web Server.

If there is a valid use case for this, the likely cause of the exception is the tomcat user does not have read and execute set for all levels of the directory where register.properties resides.

For example, assuming the file needs to be accessible by "tomcat:tomcat" user/group only:

chown -R tomcat:tomcat /path/to/myapp/resources/register.properties
chmod -R 700 /path/to/myapp/resources/register.properties

So the tomcat user will have "rwx", and anyone else "---".

A second possibility is that Tomcat is set up to comply to the security manager, which prohibits access to files outside the deployed context. For example, TOMCAT_HOME/webapps/myapp.war/ can only access files underneath the directory.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.