Search code examples
javamysqlservletsssl

WARN: Establishing SSL connection without server's identity verification is not recommended


Hello I am trying to connect to a mysql database via a java servlet using eclipse and tomcat, but I take the following error: "WARN: Establishing SSL connection without server's identity verification is not recommended".I added "useSSL=false?" to the connection url but still get the same error.Any suggestions? The servlet's code is :

package com.simpleWebApplication.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet("/register")
public class RegisterServlet extends HttpServlet {
private static final long serialVersionUID = 1L;

/**
 * @see HttpServlet#HttpServlet()
 */
public RegisterServlet() {
    super();
    // TODO Auto-generated constructor stub
}

protected void doPost(HttpServletRequest request, HttpServletResponse
response)
              throws ServletException, IOException {
          doGet(request, response);


          response.setContentType("text/html");
          PrintWriter out = response.getWriter();

          String idusers = request.getParameter("0");
          String name = request.getParameter("name");
          String surname = request.getParameter("surname");
          String gender = request.getParameter("gender");
          String birthdate = request.getParameter("birthdate");
          String workAddress = request.getParameter("workAddress");
          String homeAddress = request.getParameter("homeAddress");

          try{
              Class.forName("com.mysql.jdbc.Driver");

              Connection con =    DriverManager.getConnection("jdbc:mysql://localhost:3306/mysys?autoReconnect=true&useSSL=false","root","pass");

              PreparedStatement ps = con.prepareStatement("insert into Users     values(?,?,?,?,?,?)");

              ps.setString(1, idusers);
              ps.setString(2, name);
              ps.setString(3, surname);
              ps.setString(4, gender);
              ps.setString(5, birthday);
              ps.setString(6, workAddress);
              ps.setString(7, homeAddress);

              int i=ps.executeUpdate();

              if(i>0)
              {
                out.println("You are sucessfully registered");
              }

            }
            catch(Exception se)
            {
                se.printStackTrace();
            }
          }

      }

and here is register.jsp page that is connected with the servlet.

 <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
 pageEncoding="ISO-8859-1"%>
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>Register New User</title>
 </head>
 <body>
 <form action="register" method="post">
 <table align="center" bgcolor="#ffffff" border="1" width="70%">
 <tr>
    <td colspan="2" align="center">User Details </td>
 </tr>
 <tr>
    <td>Name </td>
    <td><input type="text" name="name" maxlength="25"></td>
 </tr>
 <tr>
    <td>Surname </td>
    <td><input type="text" name="surname" maxlength="40"></td>
 </tr>
 <tr>
    <td>Gender </td>
    <td><select>
 <option value="male">Male</option>
 <option value="female">Female</option>
 </select></td>
  </tr>
  <tr>
    <td>Birthdate </td>
    <td><input type="date" name="birthdate" maxlength="30"></td>
   </tr> 
 <tr>
 <tr>
    <td>Work Address </td>
    <td><input type="text" name="workaddress" maxlength="30"></td>
 </tr>
 <tr>
    <td>Home Address </td>
    <td><input type="text" name="homeaddress" maxlength="30"></td>
 </tr>
    <td colspan="2" align="center"><input type="submit" value="Submit"></td>
 </tr> 
 </table>
  </form>
    </body>
        </html>

Stack error:

    Wed Sep 28 08:58:53 EEST 2016 WARN: Establishing SSL connection without         server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
java.sql.SQLException: Access denied for user 'username'@'localhost' (using password: YES)
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:963)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3966)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3902)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:875)
    at com.mysql.jdbc.MysqlIO.proceedHandshakeWithPluggableAuthentication(MysqlIO.java:1712)
    at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1228)
    at com.mysql.jdbc.ConnectionImpl.coreConnect(ConnectionImpl.java:2253)
    at com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2284)
    at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2083)
    at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:806)
    at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:47)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
    at java.lang.reflect.Constructor.newInstance(Unknown Source)
    at com.mysql.jdbc.Util.handleNewInstance(Util.java:404)
    at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:410)
    at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:328)
    at java.sql.DriverManager.getConnection(Unknown Source)
    at java.sql.DriverManager.getConnection(Unknown Source)
    at com.simpleWebApplication.servlet.RegisterServlet.doPost(RegisterServlet.java:47)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:442)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1082)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:623)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Unknown Source)

enter image description here


Solution

  • Try deleting the line doGet (request, response); since you don't have get method in the example above. I always get this warning too with JDBC but everything runs fine.