Tomcat and Security

In addition to this when the email crashes I use RMIregistry as well. I hope it does not conflicting with something else

I tested the application without the RMI and left only the security manager (-security)
and it generated the same error message :-(

So now we are confident that the problem is the security manager.

You have to change/grant permission in your "Catalina.policy" file.  Refer to the documentation of tomcat 4.0.3....

Add lines similar to the below at the end of your catalina.policy file...

//--------------------
grant codeBase "file:<PATH TO YOUR WEB APPLICATION>/WEB-INF/classes/-" {
   permission java.net.SocketPermission "<YOUR SMTP SERVER NAME/IP ADDRESS>:<YOUR SMTP SERVER PORT>", "connect";
};
//--------------------

It seems that you know what are you talking about but possibly I am doing something wrong.

What I already had to the catalina.policy file was:
grant
{
   permission java.net.SocketPermission "*:*", "listen,connect,accept,resolve";


};

It is quite loose but I am just testing now.

After your comment I added as well:

grant codeBase "file:c:/2k/progra~1/apa/webapps/root/jsp/game/WEB-INF/classes/-"
{
   permission java.net.SocketPermission "smtp.umist.ac.uk:25", "connect";
};

The problem is still there.
One question. I have a jsp file that is located at:
c:/2k/progra~1/apa/webapps/root/jsp/game/SendMessage.jsp

But the bean that is using is located at:
C:\2k\progra~1\apa\webapps\ROOT\WEB-INF\classes\com\game\beans\SendMessage.java

I tried both addresses after the file:
but nothing worked :(
I also placed the smtp server and the port 25 that is the default and the one that is listening at.

I also tried to write file:// that probably this is what you wanted to write. If I am not wrong.

I am sure that you are close to the solution. Can you figure out what is the problem ?

Do not ask me why I place the java files and the jsp at different directories. I have no idea. I do not know what is the right way of doing things. I just placed them there and it worked.

If you can suggest me what is the right way; you are welcome to do so.

Can you give us the code at the pont where you try to send the mail?

The error is raised in that line.
Transport.send(msg);

I do not think that is a Java code problem though. It must be a security problem.

Yes, but what's in the message - are you sending a file?

No, I just send an email with a few ascii characters. Just for testing nothing else.

props.put("mail.smtp.host", "smtp.umist.ac.uk");
Session session = Session.getInstance(props, null);
session.setDebug(true);
// create a message
Message msg = new MimeMessage(session);
msg.setFrom( fromAddress ));
msg.setRecipients(Message.RecipientType.TO, toAddress );
msg.setSubject( title );
msg.setSentDate( new Date() );    
msg.setText( message );
Transport.send(msg);

 From: http://java.sun.com/products/javamail/FAQ.html#servletSecurityManager

  "Usually this is because JavaMail can't access the configuration files in mail.jar, possibly because of a security permission problem; see this item (http://java.sun.com/products/javamail/FAQ.html#securityManager) for more details. Also, make sure that you haven't extracted the mail.jar contents; you should include the unmodified mail.jar file in the server's CLASSPATH."

  Hope it helps.

It would also be useful to see how you're setting fromAddress and toAddress. So you're at UMIST are you?

InternetAddress     toAddress[] = new InternetAddress[1];    
toAddress[0] = new InternetAddress( to );

yes I am at umist

The email addresses are legal

What about the file permission situtation mentioned by girionis?

I added the lines as he said.
But no luck.

Actually right now I have:

grant codeBase "file:${catalina.home}/webapps/root/WEB-INF/classes/-"
{
   permission java.net.SocketPermission "smtp.umist.ac.uk:25", "connect";
};


grant codeBase "file:${catalina.home}/webapps/root/jsp/game/-"
{
   permission java.net.SocketPermission "smtp.umist.ac.uk:25", "connect";
};

This is because I have my jsp files at jsp/game/
and my SendMessage.java class under
root/WEB-INF/classes/
It is inside a package but it doesn't matter. I use the
<@jsp:usebean....

It works fine without the -security but crashes with the security manager.

 Have you looked at this link: http://java.sun.com/products/javamail/FAQ.html#securityManager ?

  It actually has additional information of how to do JavaMail debugging and additional permissions you could set.

>>I added the lines as he said.
But no luck.
>>

That wasn't girionis actually. What do you see when you do:

ls -l mail.jar

javax.mail.NoSuchProviderException: No provider for Address type: rfc822
at javax.mail.Session.getTransport( Session.java:516)

I placed in the mail.jar, smtp.jar etc
in the <catalina_home>/lib directory in case it couldn't find them.

I placed a number of permissions as the web reference advises.

I deleted the codebase as well from the grant.
No luck

Now, I am thinking that it may be the Java code.
I may haven't set all the required properties.

I have set only the:
              Properties props = new Properties();
              props.put("mail.smtp.host", "smtp.umist.ac.uk");

Do you think I may need more ?

I tried also
Properties props = System.getProperties() instead

It seems like all the changes does not affect at all the exception.

How can I give parameters to the Tomcat.
For example java -Djavax.activation.debug=true .....
What is the analogous to this for the Tomcat ?

Great, Ihave just managed to break my server.

I used to have the mail.jar etc to the
<catalina_home>/lib directory

then I thought to write them also to the
<catalina_home>/common/lib directory

Something happened when I resterted the server. When I accessed the URL the browser gave me a white web page.
So I went a step back.

Certainly something is happening with the .jsr files.

The program could not find the jsr that is why it raised the error.

What I understand is that:

1. In the first situation where I didn't used the security manager the tomcat was looking into the <catalina>/lib directory where I used to have the jar files form the beginning.
And everything was going fine.

2. Now when I used the security manager the tomcat was using other lib directory and it couldn't find the .jar files.

Anybody aware why the tomcat has so many lib directories and what are the purposes of these ?

I need to reinstall the tomcat now :(

Well I am working from the hypothesis that this has absolutely nothing to do with security. It is essential in these cases to eliminate the existence of *simple* problems before moving on to more complex ones. Let us know when you've got everything restored.

 If you are certain that it is a class problem then you do not have to re-install Tomcat. Just rearange the class files/jar files so Tomcat can load them with the proper classloader. Take a look here: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/class-loader-howto.html for the classloaders' hierarchy.

  Hope it helps.

Damn!

Nothing. The server is ok. I read the URL you send me and I followed the instructions.

Nothing

The packets are everywhere I cannot understand why.
Do you need any other help form me in order to help me ?
Can you think something else please ?

Try running this code and let us know what happens:
http://www.javacommerce.com/articles/sendingmail.htm

the same thing.

It runs ok without the security manager byt crashes with the security manager.

The same error.


The FAQ URL that girionis send me said about that error that it is a common.

I followed what it said but no good. And it seems to me that it crashes a point before the point where "they say" that the common error is.

So I think we have the same exception but different situation. possibly.

 Can you try installing an earlier version of Tomcat and see what happens?

What do u think it is ?
What version do u suggest ?

I have to suggest something else.

Anybody of you is willing to run the email example that CEHJ gave to his web server but with a security manager ?

/bin/catalina start -security

And see what is happening ?

> Well I am working from the hypothesis that this has absolutely nothing to do with security.

If this is the case then why would it work without the -security option, and not work with the -security option.

pouli,

I'd suggest trying to understand exactly the difference is between running with -security and without.
This may give you a clue to the problem.

See if this helps:

http://jakarta.apache.org/tomcat/tomcat-4.0-doc/security-manager-howto.html

>What do u think it is ?

  I think it is a problem with the security stuff but do not know where exactly. At the end of the day as objects pointed out it is running without the -security option but not with it.

> What version do u suggest ?

  Any pro-Catalina one would do. It does not guaranteed it will work, but you can try and get some clues.

  Hope it helps.

>>If this is the case then why would it work without the -security option, and not work with the -security option

Well objects, you know as well as I do that error messages *can* be very misleading. For instance, if you pursue a lot of Windows networking errors by taking the error message at face value, you can waste *a lot* of time.
Once I'm convinced simple sources of errors have been eliminated I'd be more inclined to take the error message at face value. And since the questioner is saying the below, I'm not sure we've reached that point yet.

>>I followed what it said but no good. And it seems to me that it crashes a point before the point where "they say" that the common error is.

Of course, it could be that there is a 'set intersection' of some sort between security-related errors and a very simple error that's occurring, but let's leave that complexity for now!

pouli, can you post *the full* code you used to test that example I posted?

My guess is that the security manager is not granting required permissions for javamail.

Try turning security debug option on:
set CATALINA_OPTS=-Djava.security.debug=all
     

Here is teh full code that I am using. This code it is used though from a JSP page with the help of the <@jsp:usebean.......

package com.game.beans;

import java.io.*;
import java.util.*;
import javax.mail.*;
import javax.mail.internet.*;
import javax.activation.*;


public class SendMessage
{

     private boolean isError;
     private String errorMessage;
     

     public SendMessage()
     {
          isError = false;
          errorMessage = "";
     }    
     
     public synchronized void sendMessage( String nick,
                                           String to,
                                                    String title,
                                                    String message )
     {
          try
          {  
              InternetAddress     toAddress[] = new InternetAddress[1];    
               toAddress[0] = new InternetAddress( to );
                         
              //Properties props = new Properties();
               Properties props = System.getProperties();
              props.put("mail.smtp.host", "smtp.umist.ac.uk");

              Session session = Session.getDefaultInstance(props, null);
              session.setDebug(true);

               // create a message
              Message msg = new MimeMessage(session);
             
               msg.setFrom(new InternetAddress( "valid@email.com" ));
               
              msg.setRecipients(Message.RecipientType.TO, toAddress );
              // Optional : You can also set your custom headers in the Email if you Want
              msg.addHeader("MyHeaderName", "myHeaderValue");          
               
              msg.setSubject( title );
               msg.setContent(message, "text/plain");              
              msg.setSentDate( new Date() );    
               msg.setText( message );
               
               Transport.send(msg);
               isError = false;    
               
          }
          catch (MessagingException mex)
          {
               isError = true;
               errorMessage = mex.toString();
               mex.printStackTrace();
          }    
          catch( Exception e )
          {
               isError = true;
               errorMessage = e.toString();          
               e.printStackTrace();
          }
     }
     
     public boolean getError()
     {
          return isError;
     }
     
     public String getErrorMessage()
     {
          return errorMessage;
     }
     
}

Here is the the catalina.policy file.

grant
{
   permission java.net.SocketPermission "*:*", "listen,connect,accept,resolve";


};


grant
{
   permission java.io.FilePermission "file:${catalina.home}/lib/mail.jar", "read";
   permission java.io.FilePermission "file:${catalina.home}/lib/activation.jar", "read";
   permission java.net.SocketPermission "smtp.umist.ac.uk:25", "connect, resolve";
   // following to use IMAP
   permission java.net.SocketPermission     "<imap_host>:143", "connect,resolve";
   // following to use POP3
   permission java.net.SocketPermission     "<pop_host>:110", "connect,resolve";  
   permission java.util.PropertyPermission "*", "read,write";
   
};

While you're about it, can you also post the output of these two commands:

ls -l ${catalina.home}/lib/mail.jar
ls -l ${catalina.home}/lib/activation.jar

because I am under windows I have run the following commands

First in order to know where catalina points to
set cataline_home
catalina_home=c:\2k\progra~1\apa

dir %catalina_home%\lib\mail.jar
file found and listed in the directory

dir %catalina_home\lib\activation.jar
file found and listed

Well it's the permissions that are the important thing. I'm not over-familiar with Win file permissions but the point is to determine that the process that's running the routines you want has rights to these jar files.

CEHJ I think the envoromental variables are set ok. And the files exist there.
From the catalina.policy file view point now, I followed the instructions I found on the URl Girionis send:
http://java.sun.com/products/javamail/FAQ.html#securityManager


Objects I tried to run the server with the debig option set to true, but the generation of the System.out messages crashed my systems 3 out of 3 times I tried to run it.

The 1st the process crashed and the other 2 the whole system crashed and I had to reboot.

I will try to run the same jsp to a friend's computer with a clean install of the Tomcat so we will find out if it is a general problem or there is something wrong with my installation.

 Just a thought... do you have any spaces in any of the folder names that deal with Catalina at all? If yes do you think this could be causing problems?

Looks like he does but has taken steps to avoid problems as a result. Of course if you ensure that everything's in space-free-named directories pouli, you'll be eliminating another possible source of problems. Another reinstall? :-)

 Yes... this is exactly what I thought. Besides in another question pouli posted about RMI it seemed that a space in the folder name was causing a problem (if I remember correctly) and I thought maybe this is the case here as well.

Yes I used to have problems with spaces,

I haven't really solved, but I found a work around solution.

The problem remained though. It seems that I need to reinstall it under a different space free folder.
Currently it is under Program Files but I have set it in Dos mode.

To be honest I do not believe that this is the problem.
But I will certainly try.

Well it won't do any harm if you can face it! Keep away from the awful Program Files :-)

Hello,

I am trying to install the Tomcat 4.1.8 beta
It is not older girionis I know. In a space free directory this time.

I tried to find an unistallation file for the previous server but I could not. So I thought there is no need.

I installed the new and when it finished the installation it tried to run the server automatically.
It crashed.

Then I tried again and run. When I restarted didn't

My point is that the previous server is bind at port 8080 through a file that is executed when the windows start.

and the new cannot bind. This is what it tells when it crashes.

How I should do a proper uninstallation of the tomcat?

Sorry, for all these questions.
I am also giving only 50 but currently I have 19 points.

Yes, you must get rid of any old stuff. I'm not familiar with Tomcat on Windows but you don't want it starting automatically really - even when you have only got one!
Try and remove any old stuff first.

If you're on NT/2000 you've may have installed a Tomcat as a service. Make sure that this is removed from services if so.

That's ok now,

But it seems that I take the same errors :(

a) Are you still starting automatically?
b) What are the error messages?

With this new server the results are:

Without the security manager
I does not work.
The error message is that it cannot find the smtp provider now.

I copied the smtp.jar file to the /common/lib directory but it seems that I have probably to change something maybe in an xml file in order to take this change. I restarted the server of course.

The error is:
javax.mail.NoSuchProviderException: smtp

With the security manager the error remains the same.
javax.mail.NoSuchProviderException: No provider for Address type: rfc822

Both errors are raised when I try the Transport.send(mdg);

 First of all I have to tell you I do not care at all about the points. I am here to help (and be helped by) fellow experts.

  Did you try uninstalling Tomcat from Start... Settings... Control Panel... Add/Remove Programs.

  If not what you can do is to actually have two Tomcats installed but only run one. This will not affect anything (at least not on Unix) as long as you are not running both of them.

  Even if your "old" Tomcat is bound to port 8080 this would not matter since it would not be running any more, so there will be no Tomcat conflicts.

  It would also help us if you could tell us what error mesages you are getting.

Can you ping the smtp server?

Sorry, if I managed to offend you :(

There was no record for in the Add/Remove programs

What I found in the services that CEHJ suggested was the new tomcat automatically running. So this had the service bound. I disable this and now everything are fine.

The error:
javax.mail.NoSuchProviderException: smtp

is copied that from the
catch( Exception e )
{
   String printTopJSP = e.toString();
}
The whole stackTrace cannot really copy it from the dos window.

I will try to find another way to see the whole stack trace.

Now I am reading some JavaMail Faqs and I follow the instructions about how to set the
:
http://java.sun.com/products/javamail/classpath-NT.html

I haven't used to set them like that.
I simply pointed to the /jre/lib/ext of my java folder

Yes I can ping it

No change after the set of the classpath according to the FAQ

AFAIK these are the jars you should have:

172623 Thu Jun 13 14:34:30 GMT+01:00 2002 javamail-1.3/lib/mailapi.jar
108590 Thu Jun 13 14:34:24 GMT+01:00 2002 javamail-1.3/lib/imap.jar
 14377 Thu Jun 13 14:34:36 GMT+01:00 2002 javamail-1.3/lib/smtp.jar
 17937 Thu Jun 13 14:34:34 GMT+01:00 2002 javamail-1.3/lib/pop3.jar
305136 Thu Jun 13 14:34:20 GMT+01:00 2002 javamail-1.3/mail.jar

They should be in the ext directory and you shouldn't have to have that in the classpath. Make sure you only have *one* ext directory, and if you have more than one, make sure they don't go in the wrong one.

 Pouli you have not offendd me at all, I did not say it in a bad way, I just wanted to let you know that even if you were giving zero points I would still have helped you, since my goal here is not to gain points but the exchange of knowledge :-)

  Now back to our problem... Well I have tried your example code you posted a few posts above with Tomcat 3.3.1 and jdk1.2.1 (sorry could not find any later verson since i had to use my flatmates computer... I do not have Windows installed at the moment and my flatmate had only an older version of jdk and Tomcat, so I had to use his) and with the -security option and it works fine for me. No, problem I got the e-mail properly.

  My sample jsp file lookes like:

<jsp:useBean id="mail" scope="session" class="com.game.beans.SendMessage" />

<html>
     <body>
          <h3><%="sending message"%></h3>
          <%mail.sendMessage("panos", "<my email address>", "hello" ,"testing");%>
     </body>
</htm>

  where my <my email address> is my actual e-mail address that for the obvious reasons I do not post it here :-)

  and my tomcat.policy file looks is the following:

// Permissions for tomcat.

// javac
grant codeBase "file:${java.home}/../lib/-" {
       permission java.security.AllPermission;
};

// Tomcat gets all permissions
grant codeBase "file:${tomcat.home}/lib/-" {
       permission java.security.AllPermission;
};

grant codeBase "file:${tomcat.home}/classes/-" {
     permission java.security.AllPermission;
};

// Example webapp policy
// By default Tomcat grants read access on webapp dir and read of the
// line.separator, path.separator, and file.separator PropertyPermissions.
// Any permissions you grant here are in addition to the default.
grant codeBase "file:${tomcat.home}/webapps/examples" {
      // Allow the example web application to read all java properties
      permission java.util.PropertyPermission "*", "read";
};

grant codeBase "file:${tomcat.home}/webapps/admin/-" {
      permission java.security.AllPermission;
};

grant codeBase "file:${tomcat.home}/work/DEFAULT/admin/-" {
      permission java.security.AllPermission;
};

grant
{
  permission java.net.SocketPermission "*:*", "listen,connect,accept,resolve";
};

grant
{
  permission java.io.FilePermission "file:c:/jakarta-tomcat-3.3.1/lib/common/mail.jar", "read";
  permission java.io.FilePermission "file:c:/jakarta-tomcat-3.3.1/lib/common/activation.jar", "read";
  permission java.net.SocketPermission "<my mail host here>:25", "connect, resolve";
  // following to use IMAP
  permission java.net.SocketPermission     "<imap_host>:143", "connect,resolve";
  // following to use POP3
  permission java.net.SocketPermission     "<pop_host>:110", "connect,resolve";  
  permission java.util.PropertyPermission "*", "read,write";
 
};

  I just added your permisson to the default tomact.policy file. Where I have <my mail host here> it is the dns name of the smpt server I used. I have both mail.jar and activation.jar files in my classpath and have given permission to Tomcat to read them as you can see from the policy file as well...

  I really do not know what could be going wrong. What I am receiving back is a test e-mail with the title "hello" and the body of "testing".

  I really cannot think what is going wrong... Since it is running on my flatmate's machine I guess there might something wrong with yor computer... or your settings. If you can tell us the exact steps you are using inorder to do the whole things it might be helpful.

  Hope it helps.

I have the in the <java_home>/jre/lib/ext directory

This is my classpath value
.;c:\j2sdk1.4.0_01\lib;c:\j2sdk1.4.0_01\jre\lib\ext;%JAVAMAIL_JAR%;%JAF_JAR%

The javamail_jar and jaf_jar are set accoridng to the FAQ
they point to the mail.jar and the activation.jar

Someting a bit irrlevant Is your nationality have something to do with Hellas ?

I can infer this from the "panos" <:-)

 Try to put them in the <catalina home>/lib/common folder and see what happens.

The new Tomcat 4.1.8 has only a common\lib and inside there the mail.jar and activation.jar exists.

It is supposed to be in the classpath automatically.

I placed though the
smtp.jar
and the rest to the <catalina_home>\common\lib

I cannot understand why the new installation of the server cannot send the email even without the security manager.

I'm signing off for today, but I think the next thing for you to do is to size your dos window so ou are able to see and copy the full stack trace.

Here is some printscreen of the output.

http://personalpages.umist.ac.uk/postgrad/k.klearchou/index.html

I do not know what else I can say.
I think I described the whole process.
Whatever I do I said it to you.

I really appreciate and admire your interest people.

> Someting a bit irrlevant Is your nationality have something to do with Hellas ?

  Yes I am from Hellas ]:-). Lovely place.

  With regards to your problem. I would suggest to try installing Tomcat 3.3.1 and see what happens. You have my policy file, you have my directory structure (where I put the activation.jar and mail.jar file), the jsp file I used for testing and I did not change your sample code at all (apart for my e-mail address and the smtp server).

  You might be surprised. I had problems with the latest Xerces distribution (2.0.2 - and yes it had to do with spaces in the file name. Unfortunatelly I could not rename the file) and when I installed an earlier version all my problems disappear, as if by magic.

  So it is worth a try. And try to install it in a space-free path.

> This is my classpath value
.;c:\j2sdk1.4.0_01\lib;c:\j2sdk1.4.0_01\jre\lib\ext;%JAVAMAIL_JAR%;%JAF_JAR%

I'd be removing all references to javamail from your classpath so there is no confusion over which jar file is being loaded by the tomcat classloader.

girionis --> I have my server to a space free address now.
objects  --> I used to have my classpath as you say but according to a JavaMail Faq I tried this way. No luck though.

I will try the older web server. No other solution exists.

I'd suggest determining exactly where tomcat is loading the javamail classes from (startup with -verbose option should show this), and then check your policy file that the correct permissions are set for this location.

Objects, your idea is good but there is no -verbose command for the catalina batch file.

I tried the set the debug equals to true from the enviromental variables but the computer crashed 3/3 times because of the load that the System.out messages.

How exactly you mean to run the server with the -verbose ?

Please type the command that you mean.

Try specifying it using CATALINA_OPTS:

set CATALINA_OPTS=-verbose

BTW, have you tried running with JavaMail debug turned on.

I will try the
set CATALINA_OPTS=-verbose

>BTW, have you tried running with JavaMail debug turned on.
if you mean the setDebug( true )

Yes sure I do. and the screenshots that I already posted on the net are with the debug option turned on.

The reason why I think that is quite different situation form the one posted on the FAQ's is because the system does not print any debug related text before raising the exception.

Something that is not happening on the FAQ sitution where the exception is raised after a few lines of text that the Debug option generates.

I hope that I have been clear. (At least I tried to be :)

http://personalpages.umist.ac.uk/postgrad/k.klearchou/index.html

Here are the new screenshots.
Objects what can you infer from these ?
The rt.jar is certainly read form the <java_home>/jre/lib directory. I haven't noticed anything though for the mail.jar package.

Maybe if I put the 4.0.3 again. At least that server worked fine without security manager.

Doesn't tell me much :(

Try removing all copies of the javamail jar (so you get No Class Def error). Then add the javamail jar to <tomcat>/common/lib and try then. This'll guarantee that that's the one you're loading.

I wonder if the following is a possible clue, just before the top of the stack where the security manager is not being used?:

sun.reflect.NativeConstructorAccessorImpl.newInstance0

Unfortunately I don't know much about Java Mail but it looks like it's trying to create a system-related resource and failing. If that's the case

a) what could that resource be?
b) why is it failing?

If you all think that this hypothesis might be worth pursuing, one way to answer the above might be to see what a *working* system is doing in relation to it.

Aha he we are Objects we have made some progress.
I am about to find out which are the classes that are being used from the JSP pages.

It worked !! without the security manager with the 4.1.8 version. :-)


Let me think what I have done.

1. I removed all the mail classes and activation.jar from the common/lib directory.

2. Run the server without security. Same effect nothing changed.

3. Removed the activation. jar and mail.jar from the JAVAMAIL_JAR and JAF_JAR directories.

At the same time I removed all the mail related jar's and activation.jar from the <java_home>/jre/lib/ext directory.

4. Run the server again without security.

5. IT WORKED!

???

Sorry wrong :(


Let me think what I have done.

1. I removed all the mail classes and activation.jar from the common/lib directory.

2. Run the server without security. Same effect nothing changed.

3. Removed the activation. jar and mail.jar from the JAVAMAIL_JAR and JAF_JAR directories.
At the same time I removed all the mail related jar's and activation.jar from the <java_home>/jre/lib/ext directory.

4. Run the server again without security.

5. The server encountered an internal

6. Copied back the files at the <java_home>/jre/lib/ext

7. Run

Sorry wrong :(


Let me think what I have done.

1. I removed all the mail classes and activation.jar from the common/lib directory.

2. Run the server without security. Same effect nothing changed.

3. Removed the activation. jar and mail.jar from the JAVAMAIL_JAR and JAF_JAR directories.
   At the same time I removed all the mail related jar's and activation.jar from the <java_home>/jre/lib/ext directory.

4. Run the server again without security.

5. The server encountered an internal

6. Copied back the files at the <java_home>/jre/lib/ext

7. Run the server again without the security manager

8. Worked !

Now with the security manager an exception has been raised.
The stack trace can be found at:
http://personalpages.umist.ac.uk/postgrad/k.klearchou/index.html

I already had changed the catalina.policy file to these permissions:
grant
{
   permission java.net.SocketPermission "*:*", "listen,connect,accept,resolve";
};


grant
{
   permission java.io.FilePermission "file:${java.home}/jre/lib/ext/mail.jar", "read";
   permission java.io.FilePermission "file:${java.home}/jre/lib/ext/smtp.jar", "read";
   permission java.io.FilePermission "file:${java.home}/jre/lib/ext/activation.jar", "read";
   
   permission java.net.SocketPermission "smtp.umist.ac.uk:25", "connect, resolve";
   // following to use IMAP
   permission java.net.SocketPermission     "<Imap>:<port>", "connect,resolve";
   // following to use POP3
   permission java.net.SocketPermission     "<pop>:<port>", "connect,resolve";  
   permission java.util.PropertyPermission "*", "read,write";
   
};

I am thinking about using this small code to test inside the bean if it has access to the mail.jar package. The same for the rest. If not I will print something.

     try {
               Class.forName("javax.mail.Session");
          } catch (ClassNotFoundException cnfe) {
               JOptionPane.showMessageDialog(f,
                    "Sorry, the javax.mail package was not found\n(" + cnfe + ")",
                    "Error", JOptionPane.ERROR_MESSAGE);
               return;
          }


What do you think ??

Can you post a small example jsp that produces the problem and I'll try and reproduce it here.

I haven't changed anything to the code that I have posted before.

I just removed the classes mail.jar and smtp.jar etc
from the jre/lib/ext directory

This is what it made it to produce an internal error.
I think the reason for this is that the JSP uses teh bean that is actually a normal java program. So that bean must use the libraries of the java_home

in contrast with the code inside the JSP that must use the libraries of the common/lib
The problem now is that it crashes with the security manager.

What I cannot understand is that when I removed the files and copy them again to the same location it worked without the security manager, something that it didn't before!

It used to crash either way with the new server version.

I set to the catalina.policy file the java_home/jre/ext/lib but nothing.

What will happen if I give all the permissions to all the files ?
Shouldn't this work ?

It worked with the security manager as well.
At last.

Of course there is a small security holl :-)

I gave all the permissions :)
I kind simplified my catalina.policy file to this

grant
{
   permission java.security.AllPermission;
};
Anyway it is enough to let me continue developing.

I still though do not know what was it was trying to do and the security manager didn't let it happen.

It would be a nice if the web server could print all the operations that it was trying to do before executing them though, so the programmer would be able to check if what was the last operation that crashed the machine.

Nice to write and ask but difficult to implement I think

:-)

Sounds like the mail jar that was being loaded did not have the required permissions.

But what are the permissions that we miss to locate ?

The statement in the FAQ seems to suggest it fails to load config file from jar file.

I followed the steps abou the catalina policy file though.

The previous catalina policy file that I used is what is posted there.

Yes but you had multiple versions of mail.jar installed. You did not know which jar was being loaded, and thus which had correct permissions granted.

You are partly right.

The first time I used to have the common/lib mail.jar
to the policy.

Then I tried the jre/lib/ext but again nothing.

To be honest I haven't tried to do it now that things work.
I will try and keep you informed.


Now I am thinking to catch up myself with all this time I lost trying to find out what is wrong.

It really consumes evergy without producing anything.
tha's sad :( but inside life I think.

Especially in the IT life.

As tomcat comes with it's own version of mail.jar installed I would guess this is the one that should be being used.

> As tomcat comes with it's own version of mail.jar installed I would guess this is the one that should be being used.

  Maybe this is not quite true, since in the test I did (using Tomcat 3.3.1) I downloaded Sun's mail.jar and activation.jar and used them instead of Tomcat's default. It still worked fine.

 Yes you are right. I guess Tomcat's mail.jar have by defualt more rights.

pouli:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.

No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

- Points to objects

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

girionis
EE Cleanup Volunteer

:-)

http://www.objects.com.au