Tomcat/Hibernate connection to MySql fails with "Communications link failure" & "Permission denied"

I just also tracked down this issue. My symptoms were the exact same as yours and I even tried the exact things you tried. In summary my problem only occured because I was using tomcat on centos with SELinux.

Some folks helped me diagnose using the following commands to look at security events and why some actions were not permittted:

sudo ausearch -m avc
sudo grep "tcp_socket" /var/log/audit/audit.log | audit2why // translates log into some human readable reasons why the audit record was generated

I saw entries like:

type=AVC msg=audit(1507861264.561:64750): avc: denied { name_connect } for pid=1326 comm="java" dest=3306 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket

Was caused by: Missing type enforcement (TE) allow rule.

You can use audit2allow to generate a loadable module to allow this access.

And then found this article about tomcat and SELinux https://noobient.com/post/165972214381/selinux-woes-with-tomcat-on-centos-74

You can run the following command to see if tomcat is running in the tomcat_t security context.

$ps auxZ | grep tomcat

For the purposes of truly determining if my error was SELinux, I disabled SELinux

$ sestatus // shows: SELinux status:                 enabled
$ sudo vim /etc/selinux/config // set "SELINUX=disabled"
$ sudo shutdown -r now
$ sestatus // shows: SELinux status:                 disabled

restarted my machine and saw that tomcat was now making the outbound connection.

Great, now I at least know WHY that was happening. Of course if you need SELinux, disabling it is NOT a solution. Another workaround which is probably not a solution is to install tomcat without going through yum. Yum will installed tomcat using the security context.

I think the course of action now is to modify the security context or set of rules governing tomcat to allow it to make outgoing connections.