This question already has answers here:
Java JDBC Access denied for user [closed]
(4 answers)
Closed 5 years ago.
This is my JDBC Connection Pool configuration:
<jdbc-connection-pool max-pool-size="300" steady-pool-size="3" datasource-classname="com.mysql.jdbc.jdbc2.optional.MysqlDataSource" name="teDS" wrap-jdbc-objects="false" connection-validation-method="auto-commit" res-type="javax.sql.DataSource">
<property name="URL" value="jdbc:mysql://localhost:3306/db"></property>
<property name="port" value="3306"></property>
<property name="DatabaseName" value="db"></property>
<property name="serverName" value="localhost"></property>
<property name="password" value="XXX"></property>
<property name="url" value="jdbc:mysql://localhost:3306/db"></property>
<property name="user" value="user"></property>
</jdbc-connection-pool>
PLEASE HELP ME
But I PING connection have this error:
An error has occurred
Ping Connection Pool failed for teDS. Connection could not be allocated because: Access denied for user 'user'#'127.0.0.1' (using password: YES) Please check the server.log for more details.
Ping ERROR
A user in MySQL is identified by a username AND a host.
To allow a connection, we need to create a user in MySQL that has a matching username and host. To create a user that is an exact match:
GRANT USAGE ON *.* TO 'user'#'127.0.0.1' IDENTIFIED BY 'supersecretpassword' ;
GRANT SELECT, INSERT, UPDATE, DELETE ON somedatabase.* TO 'user'#'127.0.0.1' ;
To replicate the privileges of an existing user, we could make use of a SHOW GRANTS statement to extract privileges for some other user
SHOW GRANTS FOR 'user'#'localhost'
We can copy the output from that, and use that as a basis for GRANT statements for the new user, replacing 'localhost' with '127.0.0.1'.
As another option, it's also possible to create a user with a '%' wildcard for a hostname, rather than '127.0.0.1'. That would allow connections from any IP address.
If the user exists, then the password could be wrong. Verify that the password the pool configuration is using matches what is stored in the mysql.user table.
SELECT password FROM mysql.user WHERE user = 'user' and host = '127.0.0.1';
SELECT PASSWORD('supersecretpassword') ;
And compare the hash values.
The error message that is being returned looks like it is from MySQL server:
Access denied for user 'user'#'127.0.0.1' (using password: YES)
That makes is appear that a successful TCP handshake through port 3306 has happened, and MySQL Server is attempting to authenticate: user='user', host='127.0.0.1', and password=PASSWORD('XXX').
Either the user doesn't exist in the mysql.user table, the password is incorrect, or (possibly) the user doesn't have privileges on database='db'.
(If DML changes were applied to the privileges table in the mysql database, issue a FLUSH PRIVILEGES to make those changes effective. (FLUSH PRIVILEGES isn't required if changes are applied using GRANT and REVOKE syntax, only required if changes are applied using INSERT, UPDATE, DELETE.)
Related
I have a MySQL database which i access through Java JDBC and it works correct in my local network(using localhost or 192.168.*.* local adress). But i also want to access it remotely from internet and when i connect to it using my global adress 176.214.186.243 (it is dynamyc adress but it stays still for 2 days of my tries) i get next error com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
In MySQL workbench i have priveleges showed on Picture(All ot them.
But i still cant connect to database using global IP.
What am i doing wrong?
mysql restricts access for any combination of user, table and remote address. In your case the user most likely can access everything locally, but not from extern (e.g for root this would be a good thing). This can be changed by:
GRANT ALL ON <database>.* TO 'client'#'%.%.%.%' IDENTIFIED BY '<a password for external usage>';
FLUSH PRIVILEGES;
<database>.* grants access to alle tables in <database>
I already added your username which seems to be client
%.%.%.% means any IP Adress where the 1.-4. digit can be anything
maybe you can limit the range of IPs or use a FQDN instead
<a password for external usage> is just for this connections and can be something else.
More infos here
you should grant the specified user the privilege to access from a certain IP address like:
GRANT [privileges|ALL PRIVILEGES] ON schema.table TO 'username'#'hostname'
IDENTIFIED BY 'password'
WITH GRANT OPTION;
FLUSH PRIVILEGES;
privileges can be operation names like select, drop and ... or if you want to grant all the privileges to a user set "ALL PRIVILEGES"
schema.table can just specified a single table or it may be something like . to support all the schemas and tables.
username which is also called role is abvious but it can be % to grant all the users the given privileges.
hostname can be ip or host name or as like as username can be % to grant the specified users the given privileges.
for further information use can follow https://dev.mysql.com/doc/refman/8.0/en/grant.html, https://stackoverflow.com/a/6239145/2137378
The mysql documentation is much more prefered. check you mysql version and continue the exact versions documentation on mysql.
Definitely, above descriptions are to let the mysql engine know its remote users and if there is some obstacles between these two like firewall should be resolved somehow. e.g. if you are on ubuntu you can check if the firewall is the main problem by disabling it using:
sudo ufw disable
After disabling the firewall and granting the privileges, remote access was ok then you know the firewall is the issue. to enable if use:
sudo ufw enable
The idea is to connect to a mysql database on a remote system using plain jdbc in java(only using servlets,no frameworks or orm involved).I manage to connect at first,but then the account limit kicks in and I have to restart the server,I would like to remove some of these limits and set it to infinite?
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: User 'root' has exceeded the 'max_connections_per_hour' resource (current value: 100)
The easiest way to do this is by using MySQL workbench.
Connect to your database with root user.
Choose "management" --> "users and privileges".
Select needed user, then select "acount limits". Change "Max. queries" to 0.
Also it can be done from command line
Example:
grant usage on *.* to 'root'#'localhost' with MAX_QUERIES_PER_HOUR 0;
I am trying to connect to a mysql database. When I am trying to connect over mysql Workbench, I can but over java application, it says:
Caused by: java.sql.SQLException: Access denied for user 'root'#'1.2.3.4' (using password: YES)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1084)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4232)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:4164)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:926)
at com.mysql.jdbc.MysqlIO.proceedHandshakeWithPluggableAuthentication(MysqlIO.java:1748)
at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1288)
at com.mysql.jdbc.ConnectionImpl.coreConnect(ConnectionImpl.java:2506)
at com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2539)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2321)
The datasource definition is:
<bean id="datasource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://3.3.3.3:3306"/>
<property name="username" value="root"/>
<property name="password" value="12345"/>
</bean>
and in db , user_priviliges table is:
'root'#'%', 'def', 'USAGE', 'NO'
Could please help me to solve this problem?
EDIT:
I am using jdbcTemplate and the error is on this exact line:
getJdbcTemplate().queryForList(sql.toString());
You need to create a an account for 'root'#'localhost' in addition to the 'root'#'%' account that you already have (with the same password). Why? See the mysql docs on this subject. Here is the relevant part:
Two of the accounts have a user name of monty and a password of some_pass. Both accounts are superuser accounts with full privileges to do anything. The 'monty'#'localhost' account can be used only when connecting from the local host. The 'monty'#'%' account uses the '%' wildcard for the host part, so it can be used to connect from any host.
It is necessary to have both accounts for monty to be able to connect from anywhere as monty. Without the localhost account, the anonymous-user account for localhost that is created by mysql_install_db would take precedence when monty connects from the local host. As a result, monty would be treated as an anonymous user. The reason for this is that the anonymous-user account has a more specific Host column value than the 'monty'#'%' account and thus comes earlier in the user table sort order. (user table sorting is discussed in Section 6.2.4, “Access Control, Stage 1: Connection Verification”.)
I have spring web application , that i am trying to connect with postgress.
Here is the db connection properties
datasource.driver=org.postgresql.Driver
datasource.url=jdbc:postgresql://localhost:5432/sampleDb
datasource.username=postgres
datasource.password=postgres
Here is the application context
<bean id="appDataSource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName">
<value>${datasource.driver}</value>
</property>
<property name="url">
<value>${datasource.url}</value>
</property>
<property name="username">
<value>${datasource.username}</value>
</property>
<property name="password">
<value>${datasource.password}</value>
</property>
</bean>
When i starting application it get an error messege.
Cannot create PoolableConnectionFactory (Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
Why would this happen?
I restored this database form another machine.I dont know what they written in that sql file. There is a code in that sql dump file.
REVOKE ALL ON TABLE workflow_type FROM PUBLIC;
REVOKE ALL ON TABLE workflow_type FROM postgres;
GRANT ALL ON TABLE workflow_type TO postgres;
GRANT SELECT,INSERT,DELETE,REFERENCES,UPDATE ON TABLE workflow_type TO user1;
Is this happend becouse of this query?
did you try to connect with psql under command line before? its just to test if you pg_hba.conf was fine.
if you can't connect with psql. Open you pg_hba.conf file and if you are on a local computer replace md5 by trust to have something like :
local all all trust
this permit everybody to connect to you postgres server.
retry connection with psql command line.
If its work, retry to launch your server to see if spring can now connect to the db fine.
Is your Postgres up and running on localhost:5432? Are you able to connect to the DB via command line (e.g. psql <dbname> -h localhost -U <username> -W)?
I've installed the MS SQL Server 2008 and I want to use it in a Java project with Struts.
Unfortunately I cannot configure it in Java. I am using the Windows authentication for MsSql. Is that possible?
My beans.xml file looks like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.microsoft.sqlserver.jdbc.SQLServerDriver" />
<!-- S2-Install-Start: INSERT DB SERVER HERE -->
<property name="url" value="jdbc:sqlserver://localhost:1433;DatabaseName=MyDatabase" />
S2-Install-End:
<property name="username" value="Stefana\Steffi" />
S2-Install-Start: INSERT DB PASSWORD HERE
<property name="password" value="" />
S2-Install-End:
</bean>
I don't know what should I write in the user and password fields? When I connect to the Ms Sql Server, I get the following:
Servertype: DatabaseEngine
Servername: Stefana\SQLEXPRESS
Authentication: Windows Authentication
Username:Stefana\Steffi
Password:
You can use Windows authentication if you use the jTDS JDBC Driver for SQL Server. The jTDS driver is free, open source and generally more powerful than the official Microsoft one.
If you include the jTDS jar in your project, I believe this datasource URL should work:
jdbc:jtds://localhost:1433/MyDatabase;domain=Stefana
Because you're running on Windows the jTDS driver is capable of using a native library to automatically log you in with your current credentials. However it's usually a better idea to explicitly specify the username and password, because that way your web app won't behave differently depending on who starts it up.
Note also that SQL Server 2008 probably won't have TCP connections enabled by default. Unless you turn that on you won't be able to connect with either the Microsoft driver or the jTDS one.
To enable TCP connections:
Open Sql Server Configuration Manager (it should be on your Start menu)
In the tree on the left, navigate to SQL Server Network Configuration then Protocols for MSSQLSERVER
You should see TCP/IP in the list of protocols.
If its status is Disabled then double-click it, and change the Enabled option to Yes and click OK
You now need to restart SQL Server. Navigate to the SQL Server Services item
Right-click on SQL Server (MSSQLSERVER) in the list of services
Choose Restart
You should now be able to connect to SQL Server from your Java web app
This is not the right thing to do.
Do you own that database? Your config says "localhost", so I'll assume yes. You should be using another username and password for your application from SQL Server, not Windows Authentication. I'd create a separate user just for this application. Give it access only to the application schema, and GRANT the minimum permissions necessary to accomplish its mission (e.g. no DELETE permission if not needed; no access to SYSTEM tables if not needed; no running stored procedures if not needed).
A better solution is to use a JNDI data source and not have passwords in plain text on your machine.
replace the property:
<property name="url" value="jdbc:sqlserver://localhost:1433;DatabaseName=MyDatabase" />
for:
<property name="url" value="jdbc:sqlserver://localhost:1433;DatabaseName=MyDatabase;" />
Done!!!