File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Other JSE/JEE APIs and the fly likes Java Mail API / getDefaultInstance and Authenticator Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Other JSE/JEE APIs
Bookmark "Java Mail API / getDefaultInstance and Authenticator" Watch "Java Mail API / getDefaultInstance and Authenticator" New topic

Java Mail API / getDefaultInstance and Authenticator

Florian Voth

Joined: Dec 20, 2003
Posts: 2
I have a serious problem that I can't solve.
System: w2k3 and tomcat 4.1.29
On my webserver there is a smtp server installed, where I have to authenticate to send mail with. Everyone can send mail through the smtp server, but they have to authenticate first with a special username and pw. There is no problem using the smtp server with a mail client.
In my webapp I have a service where every user can send a mail with their own email address. I'm using the Java Mail API to send mail. But as soon as I try to authenticate with the special username and pw for the smtp server, I get a java security exception, access to session denied:
sessionobj = Session.getDefaultInstance(props, new MailAuthenticator(user, password));
The API Documentation tells me:
Since the default session is potentially available to all code executing in the same Java virtual machine, and the session can contain security sensitive information such as user names and passwords, access to the default session is restricted. The Authenticator object, which must be created by the caller, is used indirectly to check access permission. The Authenticator object passed in when the session is created is compared with the Authenticator object passed in to subsequent requests to get the default session. If both objects are the same, or are from the same ClassLoader, the request is allowed. Otherwise, it is denied.
in catalina.policy I have added:
permission "", "connect,resolve" ;
and in server.xml
<Resource name="mail/Session"
<ResourceParams name="mail/Session">
mailmaster is the special username I use to login into the smtp server. After reading the API Docs I think that the problem is, that the mailmaster is not the user that has created the session object and that is why he has no access to the session object and I get a security exception. Maybe I'm wrong, because I don't understand the context between session.getDefaultInstance and the Autheniticator. Maybe I just have to add a security policy to catalina.policy, that my webapp has accesss to the session object, but I don't know how to do it.
Without authentification, I'm able to send mail.
Can someone tell me what I have to do that I can send mail with any username and authentification so I don't get the security exception.
Thank you.
Florian Voth

Joined: Dec 20, 2003
Posts: 2
I have added
permission java.util.RuntimePermission "javax.mail.Session.*";
to the catalina.policy. Now I don't get the security exception anymore. When I try to send email with authentification, I just get the stupid exception message "smtp".
Without authentification I get the following message:
nested exception is:
javax.mail.MessagingException: 530 5.7.3 Client was not authenticated
I still can use my email client to send mail through the smtp server with authentication, but not with the JAVA Mail API.
Any help is appreciated. Thank you.
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63870

Moving to "Other Java APIs" where the JavaMail-savvy hang out.

[Asking smart questions] [About Bear] [Books by Bear]
I agree. Here's the link:
subject: Java Mail API / getDefaultInstance and Authenticator
It's not a secret anymore!