You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by John <li...@johndubchak.com> on 2008/10/12 02:07:04 UTC
SecurityException trying to use JavaMail
Hi,
I have a webapp setup to send an email notification using javamail. The
code works in both Tomcat and JBoss, but in Geronimo I am getting a
SecurityException. Here is a subset of the stacktrace:
java.lang.SecurityException
at javax.mail.Session.getDefaultInstance(Session.java:137)
at
com.esa.gaf.server.mail.MailServiceImpl.createSession(MailServiceImpl.java:121)
at
com.esa.gaf.server.mail.MailServiceImpl.sendMail(MailServiceImpl.java:61)
at
com.esa.web.recruiting.app.server.service.RecruitingServiceImpl.notify(RecruitingServiceImpl.java:267)
at
com.esa.web.recruiting.app.server.service.RecruitingServiceImpl.addRecruit(RecruitingServiceImpl.java:246)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
FWIW, I initially had the war built to include the necessary javamail
dependencies. I suspect, since Geronimo includes a Javamail car, that I
don't need to include these, but am finding little guidance in the
documentation or through googling to point me in the right direction.
The mail server is configured correctly and I am using a valid user to
send the email from. Is there something special I need to do in order
to get this to work correctly?
Thanks,
John
Re: SecurityException trying to use JavaMail
Posted by John <li...@johndubchak.com>.
Rick McGuire wrote:
>> The simpler solution, if you are not dependent upon the properties
>> that the javamail session has been configured with, would be to use
>> getInstance() rather than getDefaultInstance().
Hi Rick and Kevan,
Thank you both for your response and I apologize for the delayed
response as I was out of town for a few days.
The fix suggested above (changing from getDefaultInstance to
getInstance) works fine.
Thanks again,
John
Re: SecurityException trying to use JavaMail
Posted by Rick McGuire <ri...@gmail.com>.
Kevan Miller wrote:
>
> On Oct 13, 2008, at 7:14 AM, Rick McGuire wrote:
>
>> Kevan Miller wrote:
>>>
>>> On Oct 11, 2008, at 8:07 PM, John wrote:
>>>
>>>> Hi,
>>>>
>>>> I have a webapp setup to send an email notification using javamail.
>>>> The code works in both Tomcat and JBoss, but in Geronimo I am
>>>> getting a SecurityException. Here is a subset of the stacktrace:
>>>>
>>>> java.lang.SecurityException
>>>> at javax.mail.Session.getDefaultInstance(Session.java:137)
>>>> at
>>>> com.esa.gaf.server.mail.MailServiceImpl.createSession(MailServiceImpl.java:121)
>>>> at
>>>> com.esa.gaf.server.mail.MailServiceImpl.sendMail(MailServiceImpl.java:61)
>>>> at
>>>> com.esa.web.recruiting.app.server.service.RecruitingServiceImpl.notify
>>>> <http://web.recruiting.app.server.service.RecruitingServiceImpl.notify>
>>>> <http://web.recruiting.app.server.service.RecruitingServiceImpl.notify>(RecruitingServiceImpl.java:267)
>>>> at
>>>> com.esa.web.recruiting.app.server.service.RecruitingServiceImpl.addRecruit
>>>> <http://web.recruiting.app.server.service.RecruitingServiceImpl.addRecruit>
>>>> <http://web.recruiting.app.server.service.RecruitingServiceImpl.addRecruit>(RecruitingServiceImpl.java:246)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>> at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>> at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>
>>>> FWIW, I initially had the war built to include the necessary
>>>> javamail dependencies. I suspect, since Geronimo includes a
>>>> Javamail car, that I don't need to include these, but am finding
>>>> little guidance in the documentation or through googling to point
>>>> me in the right direction.
>>>>
>>>> The mail server is configured correctly and I am using a valid user
>>>> to send the email from. Is there something special I need to do in
>>>> order to get this to work correctly?
>>>
>>> Hi John,
>>> There are multiple conditions which could result in that exception.
>>> Possible that we have a bug in our Javamail implementation... I'm
>>> not an expert on our Javamail implementation. I may see a potential
>>> problem, though...
>>>
>>> Has your app already called Session.getDefaultInstance(Properties,
>>> Authenticator)? Or would this be the first call by your app? Are you
>>> passing a non-null Authenticator?
>> A security exception thrown from that location generally means that a
>> default session has already been created and there's a mismatch on
>> the authenticator. The javamail module creates the default session
>> instance as part of the javamail configuration, so if you're
>> specifying an authenticator and the default has already been created
>> without an authenticator, that triggers the security exception. The
>> sun javamail version works the same way. There are two options. One
>> would be to ensure that the javamail configuration is specifying an
>> authenticator to be used. That might be a bit more work, since
>> you'll likely need to create an authenticator GBean to get the
>> instance injected into the javamail session configuration.
>
> Thus my questions about the Authenticator being passed in. I'm a bit
> confused by the checking that occurs. Since, in fact, a different
> Authenticator object can be passed on the getDefaultInstance()
> invocation, as long as the authenticator object was loaded by the same
> ClassLoader as the DEFAULT_SESSION authenticator. Is that really correct?
That's what's in the API specification:
http://java.sun.com/j2ee/1.4/docs/api/javax/mail/Session.html#getDefaultInstance(java.util.Properties,%20javax.mail.Authenticator)
I wrote a quick test to compare the Geronimo and Sun behaviours, and
they seem consistent. I didn't write that particular piece of code, but
whoever did appears to have done the correct thing.
Rick
>
> --kevan
>
>>
>>
>> The simpler solution, if you are not dependent upon the properties
>> that the javamail session has been configured with, would be to use
>> getInstance() rather than getDefaultInstance().
>>
>> Rick
>>
>>>
>>> Do you see this error, if you restart your server?
>>>
>>> --kevan
>>
>
Re: SecurityException trying to use JavaMail
Posted by Kevan Miller <ke...@gmail.com>.
On Oct 13, 2008, at 7:14 AM, Rick McGuire wrote:
> Kevan Miller wrote:
>>
>> On Oct 11, 2008, at 8:07 PM, John wrote:
>>
>>> Hi,
>>>
>>> I have a webapp setup to send an email notification using
>>> javamail. The code works in both Tomcat and JBoss, but in
>>> Geronimo I am getting a SecurityException. Here is a subset of
>>> the stacktrace:
>>>
>>> java.lang.SecurityException
>>> at javax.mail.Session.getDefaultInstance(Session.java:137)
>>> at
>>> com
>>> .esa
>>> .gaf
>>> .server.mail.MailServiceImpl.createSession(MailServiceImpl.java:121)
>>> at
>>> com
>>> .esa.gaf.server.mail.MailServiceImpl.sendMail(MailServiceImpl.java:
>>> 61)
>>> at com.esa.web.recruiting.app.server.service.RecruitingServiceImpl.notify
>>> <http://web.recruiting.app.server.service.RecruitingServiceImpl.notify
>>> >(RecruitingServiceImpl.java:267)
>>> at com.esa.web.recruiting.app.server.service.RecruitingServiceImpl.addRecruit
>>> <http://web.recruiting.app.server.service.RecruitingServiceImpl.addRecruit
>>> >(RecruitingServiceImpl.java:246)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun
>>> .reflect
>>> .NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>> at
>>> sun
>>> .reflect
>>> .DelegatingMethodAccessorImpl
>>> .invoke(DelegatingMethodAccessorImpl.java:25)
>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>
>>> FWIW, I initially had the war built to include the necessary
>>> javamail dependencies. I suspect, since Geronimo includes a
>>> Javamail car, that I don't need to include these, but am finding
>>> little guidance in the documentation or through googling to point
>>> me in the right direction.
>>>
>>> The mail server is configured correctly and I am using a valid
>>> user to send the email from. Is there something special I need to
>>> do in order to get this to work correctly?
>>
>> Hi John,
>> There are multiple conditions which could result in that exception.
>> Possible that we have a bug in our Javamail implementation... I'm
>> not an expert on our Javamail implementation. I may see a potential
>> problem, though...
>>
>> Has your app already called Session.getDefaultInstance(Properties,
>> Authenticator)? Or would this be the first call by your app? Are
>> you passing a non-null Authenticator?
> A security exception thrown from that location generally means that
> a default session has already been created and there's a mismatch on
> the authenticator. The javamail module creates the default session
> instance as part of the javamail configuration, so if you're
> specifying an authenticator and the default has already been created
> without an authenticator, that triggers the security exception. The
> sun javamail version works the same way. There are two options.
> One would be to ensure that the javamail configuration is specifying
> an authenticator to be used. That might be a bit more work, since
> you'll likely need to create an authenticator GBean to get the
> instance injected into the javamail session configuration.
Thus my questions about the Authenticator being passed in. I'm a bit
confused by the checking that occurs. Since, in fact, a different
Authenticator object can be passed on the getDefaultInstance()
invocation, as long as the authenticator object was loaded by the same
ClassLoader as the DEFAULT_SESSION authenticator. Is that really
correct?
--kevan
>
>
> The simpler solution, if you are not dependent upon the properties
> that the javamail session has been configured with, would be to use
> getInstance() rather than getDefaultInstance().
>
> Rick
>
>>
>> Do you see this error, if you restart your server?
>>
>> --kevan
>
Re: SecurityException trying to use JavaMail
Posted by Rick McGuire <ri...@gmail.com>.
Kevan Miller wrote:
>
> On Oct 11, 2008, at 8:07 PM, John wrote:
>
>> Hi,
>>
>> I have a webapp setup to send an email notification using javamail.
>> The code works in both Tomcat and JBoss, but in Geronimo I am
>> getting a SecurityException. Here is a subset of the stacktrace:
>>
>> java.lang.SecurityException
>> at javax.mail.Session.getDefaultInstance(Session.java:137)
>> at
>> com.esa.gaf.server.mail.MailServiceImpl.createSession(MailServiceImpl.java:121)
>> at
>> com.esa.gaf.server.mail.MailServiceImpl.sendMail(MailServiceImpl.java:61)
>> at
>> com.esa.web.recruiting.app.server.service.RecruitingServiceImpl.notify
>> <http://web.recruiting.app.server.service.RecruitingServiceImpl.notify>(RecruitingServiceImpl.java:267)
>> at
>> com.esa.web.recruiting.app.server.service.RecruitingServiceImpl.addRecruit
>> <http://web.recruiting.app.server.service.RecruitingServiceImpl.addRecruit>(RecruitingServiceImpl.java:246)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>>
>> FWIW, I initially had the war built to include the necessary javamail
>> dependencies. I suspect, since Geronimo includes a Javamail car,
>> that I don't need to include these, but am finding little guidance in
>> the documentation or through googling to point me in the right direction.
>>
>> The mail server is configured correctly and I am using a valid user
>> to send the email from. Is there something special I need to do in
>> order to get this to work correctly?
>
> Hi John,
> There are multiple conditions which could result in that exception.
> Possible that we have a bug in our Javamail implementation... I'm not
> an expert on our Javamail implementation. I may see a potential
> problem, though...
>
> Has your app already called Session.getDefaultInstance(Properties,
> Authenticator)? Or would this be the first call by your app? Are you
> passing a non-null Authenticator?
A security exception thrown from that location generally means that a
default session has already been created and there's a mismatch on the
authenticator. The javamail module creates the default session instance
as part of the javamail configuration, so if you're specifying an
authenticator and the default has already been created without an
authenticator, that triggers the security exception. The sun javamail
version works the same way. There are two options. One would be to
ensure that the javamail configuration is specifying an authenticator to
be used. That might be a bit more work, since you'll likely need to
create an authenticator GBean to get the instance injected into the
javamail session configuration.
The simpler solution, if you are not dependent upon the properties that
the javamail session has been configured with, would be to use
getInstance() rather than getDefaultInstance().
Rick
>
> Do you see this error, if you restart your server?
>
> --kevan
Re: SecurityException trying to use JavaMail
Posted by Kevan Miller <ke...@gmail.com>.
On Oct 11, 2008, at 8:07 PM, John wrote:
> Hi,
>
> I have a webapp setup to send an email notification using javamail.
> The code works in both Tomcat and JBoss, but in Geronimo I am
> getting a SecurityException. Here is a subset of the stacktrace:
>
> java.lang.SecurityException
> at javax.mail.Session.getDefaultInstance(Session.java:137)
> at
> com
> .esa
> .gaf.server.mail.MailServiceImpl.createSession(MailServiceImpl.java:
> 121)
> at
> com
> .esa.gaf.server.mail.MailServiceImpl.sendMail(MailServiceImpl.java:61)
> at com.esa.web.recruiting.app.server.service.RecruitingServiceImpl.notify
> (RecruitingServiceImpl.java:267)
> at com.esa.web.recruiting.app.server.service.RecruitingServiceImpl.addRecruit
> (RecruitingServiceImpl.java:246)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun
> .reflect
> .NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun
> .reflect
> .DelegatingMethodAccessorImpl
> .invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
>
> FWIW, I initially had the war built to include the necessary
> javamail dependencies. I suspect, since Geronimo includes a
> Javamail car, that I don't need to include these, but am finding
> little guidance in the documentation or through googling to point me
> in the right direction.
>
> The mail server is configured correctly and I am using a valid user
> to send the email from. Is there something special I need to do in
> order to get this to work correctly?
Hi John,
There are multiple conditions which could result in that exception.
Possible that we have a bug in our Javamail implementation... I'm not
an expert on our Javamail implementation. I may see a potential
problem, though...
Has your app already called Session.getDefaultInstance(Properties,
Authenticator)? Or would this be the first call by your app? Are you
passing a non-null Authenticator?
Do you see this error, if you restart your server?
--kevan