This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes JDBC and the fly likes JDBC connection through Secure Sockets Layer Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "JDBC connection through Secure Sockets Layer" Watch "JDBC connection through Secure Sockets Layer" New topic
Author

JDBC connection through Secure Sockets Layer

Benjamin Weaver
Ranch Hand

Joined: Apr 08, 2003
Posts: 161
Does anyone have any sample JDBC code enabling connection to a remote database running on a server equiped with an SSL (Secure Sockets Layer)?

I run a database on our Linux development server. The database is Postgresql8.1. I want to test and develop my tomcat web application on my own, windows machine, hitting the remote database on the development server. I can't connect using JDBC to this database. I suspect it's an SSL/ssh problem.

I will confess my ignorance: all I can tell you is that when I log into the remote development server, I must do so using ssh, or sftp, etc. That's why I suspect the presence of an SSL layer. The important thing is to get through this protective layer with my JDBC code.

Going the other way, running the same JDBC code in a test program on the development server, I can hit a database running on my own machine (my own Linux partitition; same ip address) just fine.

But when trying to hit the development server database I get the following error:

org.postgresql.util.PSQLException: The connection attempt failed.

...(stack trace)...

Caused by: java.net.NoRouteToHostException: No route to host
Scott Johnson
Ranch Hand

Joined: Aug 24, 2005
Posts: 518
If the remote site only allows connections via SSL you can setup an SSL tunnel and route your database communications over it.
Benjamin Weaver
Ranch Hand

Joined: Apr 08, 2003
Posts: 161
Thanks, Scott, for that reference. It looks useful.

So, for Tomcat, would you modify catalina.sh or otherwise insure that ssl tunnelling commands similar to the ones provided in the example for the standalone java program are incuded in the Tomcat startup java commandline?

In the example, the command-line example arguments for a stand-alone Java jdbc program called TutRead are:

dbc>java TutRead tuxpoh 9090 dbuserid yourpasswdhere

I am assuming that something like "tuxpoh 9090 dbuserid yourpasswdhere" would have to be fed into the Tomcat java commandline. Is this right?
Scott Johnson
Ranch Hand

Joined: Aug 24, 2005
Posts: 518
Benjamin,

There are two parts to this solution. First you have to setup the tunnel as in this example:



This step is completely independent of Tomcat and Java. This is simply runs ssh and tells it to listen on a port (9090) and forward whatever is received on that port to a port on a remote computer (port 50001 on server saam.) In your case the ssh command needs to be run on the remote development server -- not your local server. You will change the ports and servers to whatever is appropriate for your environment.

The second step is to reconfigure the program you wrote to connect to the port that ssh is listening on instead of the database server and port.

[Benjamin] I am assuming that something like "tuxpoh 9090 dbuserid yourpasswdhere" would have to be fed into the Tomcat java commandline. Is this right?

These are the normal database connection parameters. You read these parameters from where ever you would normally read them like a config file.

The example put them on the command line because it was easy. Passing user ids and passwords on a command line isn't wise.
Benjamin Weaver
Ranch Hand

Joined: Apr 08, 2003
Posts: 161
This has turned out to be a bit of a difficult problem. I have become practiced with the steps you have recommended, but have realized that our firewall is very tight. The firewall seems to allow ssh connections only on 22 (and perhaps 443), and does not allow forwarding to or from 22.

My next step will be to try a tool called corkscrew. Corkscrew works by routing sss/ssl calls by proxy over http. It had been my intuition that some kind of http proxy might work. I will see if this does turn out to work.

But perhaps I am wrong. If so, wonderful; I'll try anything. Any perspectives are welcome!

Yours truly (from the trenches).
Benjamin Weaver
Ranch Hand

Joined: Apr 08, 2003
Posts: 161
Thanks for all your help. Problem was not as difficult as I had imagined. I did not understand firewalls. Our development server is under our control. When I hit it from my own pc the connection is direct within the local network; there is no need to penetrate a network firewall as I am already inside it. So, it was simply a matter of reconfiguring our own dev server firewall using the linux redhat-config-securitymanager-tui tool. Using that tool I opened up a port and, behold, the database connection was mine.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JDBC connection through Secure Sockets Layer