Does anyone have any sample JDBC code enabling connection to a remote database running on a server equiped with an SSL (Secure Sockets Layer)?
I run a database on our Linux development server. The database is Postgresql8.1. I want to test and develop my tomcat web application on my own, windows machine, hitting the remote database on the development server. I can't connect using JDBC to this database. I suspect it's an SSL/ssh problem.
I will confess my ignorance: all I can tell you is that when I log into the remote development server, I must do so using ssh, or sftp, etc. That's why I suspect the presence of an SSL layer. The important thing is to get through this protective layer with my JDBC code.
Going the other way, running the same JDBC code in a test program on the development server, I can hit a database running on my own machine (my own Linux partitition; same ip address) just fine.
But when trying to hit the development server database I get the following error:
org.postgresql.util.PSQLException: The connection attempt failed.
Caused by: java.net.NoRouteToHostException: No route to host
Thanks, Scott, for that reference. It looks useful.
So, for Tomcat, would you modify catalina.sh or otherwise insure that ssl tunnelling commands similar to the ones provided in the example for the standalone java program are incuded in the Tomcat startup java commandline?
In the example, the command-line example arguments for a stand-alone Java jdbc program called TutRead are:
There are two parts to this solution. First you have to setup the tunnel as in this example:
This step is completely independent of Tomcat and Java. This is simply runs ssh and tells it to listen on a port (9090) and forward whatever is received on that port to a port on a remote computer (port 50001 on server saam.) In your case the ssh command needs to be run on the remote development server -- not your local server. You will change the ports and servers to whatever is appropriate for your environment.
The second step is to reconfigure the program you wrote to connect to the port that ssh is listening on instead of the database server and port.
[Benjamin] I am assuming that something like "tuxpoh 9090 dbuserid yourpasswdhere" would have to be fed into the Tomcat java commandline. Is this right?
These are the normal database connection parameters. You read these parameters from where ever you would normally read them like a config file.
The example put them on the command line because it was easy. Passing user ids and passwords on a command line isn't wise.
This has turned out to be a bit of a difficult problem. I have become practiced with the steps you have recommended, but have realized that our firewall is very tight. The firewall seems to allow ssh connections only on 22 (and perhaps 443), and does not allow forwarding to or from 22.
My next step will be to try a tool called corkscrew. Corkscrew works by routing sss/ssl calls by proxy over http. It had been my intuition that some kind of http proxy might work. I will see if this does turn out to work.
But perhaps I am wrong. If so, wonderful; I'll try anything. Any perspectives are welcome!
Thanks for all your help. Problem was not as difficult as I had imagined. I did not understand firewalls. Our development server is under our control. When I hit it from my own pc the connection is direct within the local network; there is no need to penetrate a network firewall as I am already inside it. So, it was simply a matter of reconfiguring our own dev server firewall using the linux redhat-config-securitymanager-tui tool. Using that tool I opened up a port and, behold, the database connection was mine.