orbknives
asked on
Javamail and tomcat (access denied (java.net.SocketPermission somehost resolve)!!!!!!
Hi,
As stated in the title, im encountering a problem when running my java app in jakarta tomcat. My App has a function the sends an email to a recipient, but when im performing this function this error occurs:
java.security.AccessContro lException : access denied (java.net.SocketPermission somehost resolve)
      at java.security.AccessContro lContext.c heckPermis sion(Unkno wn Source)
      at java.security.AccessContro ller.check Permission (Unknown Source)
      at java.lang.SecurityManager. checkPermi ssion(Unkn own Source)
      at java.lang.SecurityManager. checkConne ct(Unknown Source)
      at java.net.InetAddress.getAl lByName0(U nknown Source)
      at java.net.InetAddress.getAl lByName0(U nknown Source)
      at java.net.InetAddress.getAl lByName(Un known Source)
      at java.net.InetAddress.getBy Name(Unkno wn Source)
      at javax.mail.URLName.getHost Address(UR LName.java :473)
      at javax.mail.URLName.hashCod e(URLName. java:449)
      at java.util.Hashtable.get(Un known Source)
      at javax.mail.Session.getPass wordAuthen tication(S ession.jav a:811)
      at javax.mail.Service.connect (Service.j ava:258)
      at javax.mail.Service.connect (Service.j ava:156)
      at javax.mail.Service.connect (Service.j ava:105)
      at javax.mail.Transport.send0 (Transport .java:168)
      at javax.mail.Transport.send( Transport. java:98)
      at stmpi.mail.EMail.send(EMai l.java:176 )
      at trackingprojectpackage.Tra ckingProje ctFrame1.b tnenterusr _actionPer formed(Tra ckingProje ctFrame1.j ava:1529)
      at trackingprojectpackage.Tra ckingProje ctFrame1_b tnenterusr _actionAda pter.actio nPerformed (TrackingP rojectFram e1.java:21 71)
      at javax.swing.AbstractButton .fireActio nPerformed (Unknown Source)
      at javax.swing.AbstractButton $Handler.a ctionPerfo rmed(Unkno wn Source)
      at javax.swing.DefaultButtonM odel.fireA ctionPerfo rmed(Unkno wn Source)
      at javax.swing.DefaultButtonM odel.setPr essed(Unkn own Source)
      at javax.swing.plaf.basic.Bas icButtonLi stener.mou seReleased (Unknown Source)
      at java.awt.Component.process MouseEvent (Unknown Source)
      at javax.swing.JComponent.pro cessMouseE vent(Unkno wn Source)
      at java.awt.Component.process Event(Unkn own Source)
      at java.awt.Container.process Event(Unkn own Source)
      at java.awt.Component.dispatc hEventImpl (Unknown Source)
      at java.awt.Container.dispatc hEventImpl (Unknown Source)
      at java.awt.Component.dispatc hEvent(Unk nown Source)
      at java.awt.LightweightDispat cher.retar getMouseEv ent(Unknow n Source)
      at java.awt.LightweightDispat cher.proce ssMouseEve nt(Unknown Source)
      at java.awt.LightweightDispat cher.dispa tchEvent(U nknown Source)
      at java.awt.Container.dispatc hEventImpl (Unknown Source)
      at java.awt.Window.dispatchEv entImpl(Un known Source)
      at java.awt.Component.dispatc hEvent(Unk nown Source)
      at java.awt.EventQueue.dispat chEvent(Un known Source)
      at java.awt.EventDispatchThre ad.pumpOne EventForHi erarchy(Un known Source)
      at java.awt.EventDispatchThre ad.pumpEve ntsForHier archy(Unkn own Source)
      at java.awt.EventDispatchThre ad.pumpEve nts(Unknow n Source)
      at java.awt.EventDispatchThre ad.pumpEve nts(Unknow n Source)
      at java.awt.EventDispatchThre ad.run(Unk nown Source)
i already did some research on this, e.g. catalina.policy and already add some entry for this:
 // JavaMail:
 // following two permissions allow access to default config files
 permission java.io.FilePermission "/usr/local/jakarta-tomcat -4.1.31/we bapps/test project/li b/mail.jar ", "read,write";
 permission java.io.FilePermission "/usr/local/jakarta-tomcat -4.1.31/we bapps/test project/li b/activati on.jar", "read,write";
 permission java.io.FilePermission "/usr/local/jakarta-tomcat -4.1.31/co mmon/lib/m ail.jar", "read,write";
 permission java.io.FilePermission "/usr/local/jakarta-tomcat -4.1.31/co mmon/lib/a ctivation. jar", "read,write";
 permission java.net.SocketPermission "somehost:25", "accept,connect,resolve";
 permission java.util.PropertyPermissi on "*", "read,write";
i even add this:
// ALL Â Â Â Â Â
permission java.security.AllPermissio n;
but sadly, it didn't work...
I have a notion that this error is from the catalina policy BECAUSE when i do "java -jar" to my app (meaning running the app locally) it doesn's encounter ANY problem and the mail was sent successfully... So please help me experts, im begging, ill give all the points i have...
desperately yours,
orbknives
As stated in the title, im encountering a problem when running my java app in jakarta tomcat. My App has a function the sends an email to a recipient, but when im performing this function this error occurs:
java.security.AccessContro
      at java.security.AccessContro
      at java.security.AccessContro
      at java.lang.SecurityManager.
      at java.lang.SecurityManager.
      at java.net.InetAddress.getAl
      at java.net.InetAddress.getAl
      at java.net.InetAddress.getAl
      at java.net.InetAddress.getBy
      at javax.mail.URLName.getHost
      at javax.mail.URLName.hashCod
      at java.util.Hashtable.get(Un
      at javax.mail.Session.getPass
      at javax.mail.Service.connect
      at javax.mail.Service.connect
      at javax.mail.Service.connect
      at javax.mail.Transport.send0
      at javax.mail.Transport.send(
      at stmpi.mail.EMail.send(EMai
      at trackingprojectpackage.Tra
      at trackingprojectpackage.Tra
      at javax.swing.AbstractButton
      at javax.swing.AbstractButton
      at javax.swing.DefaultButtonM
      at javax.swing.DefaultButtonM
      at javax.swing.plaf.basic.Bas
      at java.awt.Component.process
      at javax.swing.JComponent.pro
      at java.awt.Component.process
      at java.awt.Container.process
      at java.awt.Component.dispatc
      at java.awt.Container.dispatc
      at java.awt.Component.dispatc
      at java.awt.LightweightDispat
      at java.awt.LightweightDispat
      at java.awt.LightweightDispat
      at java.awt.Container.dispatc
      at java.awt.Window.dispatchEv
      at java.awt.Component.dispatc
      at java.awt.EventQueue.dispat
      at java.awt.EventDispatchThre
      at java.awt.EventDispatchThre
      at java.awt.EventDispatchThre
      at java.awt.EventDispatchThre
      at java.awt.EventDispatchThre
i already did some research on this, e.g. catalina.policy and already add some entry for this:
 // JavaMail:
 // following two permissions allow access to default config files
 permission java.io.FilePermission "/usr/local/jakarta-tomcat
 permission java.io.FilePermission "/usr/local/jakarta-tomcat
 permission java.io.FilePermission "/usr/local/jakarta-tomcat
 permission java.io.FilePermission "/usr/local/jakarta-tomcat
 permission java.net.SocketPermission "somehost:25", "accept,connect,resolve";
 permission java.util.PropertyPermissi
i even add this:
// ALL Â Â Â Â Â
permission java.security.AllPermissio
but sadly, it didn't work...
I have a notion that this error is from the catalina policy BECAUSE when i do "java -jar" to my app (meaning running the app locally) it doesn's encounter ANY problem and the mail was sent successfully... So please help me experts, im begging, ill give all the points i have...
desperately yours,
orbknives
> BECAUSE when i do "java -jar" to my app (meaning running the app locally) it doesn's encounter ANY problem and the mail was sent successfully..
applets operate with restricted permissions (unlkike applications) .
To grant more permissions you need to either sign the jar or change the policy file used on each client that runs it
applets operate with restricted permissions (unlkike applications) .
To grant more permissions you need to either sign the jar or change the policy file used on each client that runs it
ASKER
Thanks for the reply object! indeed it seems that the catalina.policy is not being implemented, how can i know that the policy is working?
>Â In which case you need to set the security policy on any client that runs that code.
>change the policy file used on each client that runs it.
What do you mean on that mate?
Actually all of my jar are already signed (except for the activation.jar and mail.jar, cause if im not mistaking its already signed by SUN). And also for additional facts, once a client run the app from tomcat and MANUALLY add the activation.jar/mail.jar to their JAVA_HOME/jre/lib/ext/ it will work, how come? i know its not the proper way coz those library should be download automatically from the servlet. Please help me more...
Regards,
orbknives
>Â In which case you need to set the security policy on any client that runs that code.
>change the policy file used on each client that runs it.
What do you mean on that mate?
Actually all of my jar are already signed (except for the activation.jar and mail.jar, cause if im not mistaking its already signed by SUN). And also for additional facts, once a client run the app from tomcat and MANUALLY add the activation.jar/mail.jar to their JAVA_HOME/jre/lib/ext/ it will work, how come? i know its not the proper way coz those library should be download automatically from the servlet. Please help me more...
Regards,
orbknives
its an applet, right?
if so it is running on the client, and not on your server.
if so it is running on the client, and not on your server.
> Actually all of my jar are already signed (except for the activation.jar and mail.jar, cause if im not mistaking its already signed by SUN).
no, you need to sign *all* of them
no, you need to sign *all* of them
ASKER
Yes it is running on the client, but i think the permission should be set on the server, if not where in the client should i configure the permission?Ok i already try signing ALL including the jar and activation but it didn't work, same error. I put the signed jar to my webapps and even to tomcats /common/lib.
Im using Tomcat 4.1.31...
Im using Tomcat 4.1.31...
> but i think the permission should be set on the server
no, otherwise it would be a huge security whole
>Â if not where in the client should i configure the permission?
if its signed you won't need to
>Â I put the signed jar to my webapps and even to tomcats /common/lib.
they ney need to be the ones downloaded by the browser
you should then get prompted to grant perms
no, otherwise it would be a huge security whole
>Â if not where in the client should i configure the permission?
if its signed you won't need to
>Â I put the signed jar to my webapps and even to tomcats /common/lib.
they ney need to be the ones downloaded by the browser
you should then get prompted to grant perms
ASKER
Ok,
Actually my app is already running, but once i click the send-email button that error occurs.
Ok this is what i did so far, i signed all of my JAR then run my app from the client, it did ask me if to trust the app, i answered always/yes. The app is running smoothly but the send-mail button prompts me that error.. What should i do more? PAgain, please help me more...
Kind regards,
orbknives
Actually my app is already running, but once i click the send-email button that error occurs.
Ok this is what i did so far, i signed all of my JAR then run my app from the client, it did ask me if to trust the app, i answered always/yes. The app is running smoothly but the send-mail button prompts me that error.. What should i do more? PAgain, please help me more...
Kind regards,
orbknives
try quitting your browser, and reloading the applet.
ASKER
Ok i even restart my computer and the tomcat server but same problem when i click the send-email button of my app. Still the error is:
Unhandled exception: 'access denied (java.net.SocketPermission somehost resolve)'
What should i do next???This problem is stressing....
regards,
orbknives
Unhandled exception: 'access denied (java.net.SocketPermission
What should i do next???This problem is stressing....
regards,
orbknives
what version of jre are you using?
ASKER
i already tried running the app on JAVAWS of 1.5 and 1.4, but same problem. Which leads me to the conclusion that the app has no problem but the security running the app. Its running fine using java -jar, What else should i do mate?
regards,
orbknives
regards,
orbknives
if you're using jws then you'll need to specify all-permissions in your jnlp, have u done that.
ASKER
Hi,
My jnlp is already set for all-permissions, this is my jnlp, in any case i hope you can also check if there some other prob with my jnlp:
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://somehost:8080/testproject" href="testproject.jnlp">
<information>
<title>XXX Test Project</title>
<vendor>XXX</vendor>
<homepage href="index.html" />
<icon href="logo.gif" />
<description>XXX Test Project</description>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.3+" />
<jar href="testProject.jar" download="eager"/>
<jar href="lib/dx.jar"/>
<jar href="lib/dbswing.jar"/>
<jar href="lib/stmpiutil.jar"/>
<jar href="lib/jbcl.jar"/>
<jar href="lib/pg73jdbc3.jar"/>
<jar href="lib/NetComponents.ja r"/>
<extension name="activation" href="activation.jnlp"/>
<extension name="mail" href="mail.jnlp"/>
<property name="homepath" value="http://somehost:8080/testproject" />
</resources>
<application-desc main-class="testprojectpac kage.testp rojectclas s" />
</jnlp>
regards,
orbknives
My jnlp is already set for all-permissions, this is my jnlp, in any case i hope you can also check if there some other prob with my jnlp:
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://somehost:8080/testproject" href="testproject.jnlp">
<information>
<title>XXX Test Project</title>
<vendor>XXX</vendor>
<homepage href="index.html" />
<icon href="logo.gif" />
<description>XXX Test Project</description>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.3+" />
<jar href="testProject.jar" download="eager"/>
<jar href="lib/dx.jar"/>
<jar href="lib/dbswing.jar"/>
<jar href="lib/stmpiutil.jar"/>
<jar href="lib/jbcl.jar"/>
<jar href="lib/pg73jdbc3.jar"/>
<jar href="lib/NetComponents.ja
<extension name="activation" href="activation.jnlp"/>
<extension name="mail" href="mail.jnlp"/>
<property name="homepath" value="http://somehost:8080/testproject" />
</resources>
<application-desc main-class="testprojectpac
</jnlp>
regards,
orbknives
just as a test, can you try sending a mail from main when your app starts up.
just want to see what happens on a different thread.
just want to see what happens on a different thread.
ASKER
Hi,
First of all, im using jbuilderX in developing this app, i tried putting the codes of sending email when the app starts (e.g. before or after the jbinit) but still the same error when executing the app at jws (tomcat) but when i run the app locally (java -jar) it works. Maybe the issue is on the tomcat or security manage itself???
regards,
orbknives
First of all, im using jbuilderX in developing this app, i tried putting the codes of sending email when the app starts (e.g. before or after the jbinit) but still the same error when executing the app at jws (tomcat) but when i run the app locally (java -jar) it works. Maybe the issue is on the tomcat or security manage itself???
regards,
orbknives
its nothing to do with tomcat.
its to do with jws, when run via jws a security manager is used.
your app must still have a main, have u tried it in there?
its to do with jws, when run via jws a security manager is used.
your app must still have a main, have u tried it in there?
> Â at stmpi.mail.EMail.send(EMai l.java:176 )
>Â Â Â at trackingprojectpackage.Tra ckingProje ctFrame1.b tnenterusr _actionPer formed(Tra ckingProje ctFrame1.j ava:1529)
Do you have set in the place correctly?
The policy for Tomcat are in conf/catalina.policy file.
Bye, Giant.
>Â Â Â at trackingprojectpackage.Tra
Do you have set in the place correctly?
The policy for Tomcat are in conf/catalina.policy file.
Bye, Giant.
ooops!
Ignore my previous comment.
I see now:
>its an applet, right?
There could be a problem in you applet.
If the applet is executed behind a firewall, the SMTP port could not be opened. So your applet cannot send nothing.
Ignore my previous comment.
I see now:
>its an applet, right?
There could be a problem in you applet.
If the applet is executed behind a firewall, the SMTP port could not be opened. So your applet cannot send nothing.
ASKER
I see, so its all about JWS and security manager.
Oh, well its time for me to close my pc here, so can we continue this tomorrow mate, but il try to put the code at the main(), i hope you can still help me tomorrow? Geez this is stressing...
kind regards,
orbknives
Oh, well its time for me to close my pc here, so can we continue this tomorrow mate, but il try to put the code at the main(), i hope you can still help me tomorrow? Geez this is stressing...
kind regards,
orbknives
ASKER
Hi,
>Â Objects, same error executing the function of email in Main(), i gez its all about permission now. What else should we do?
>Â Giant2, im running my app through jnlp from JWS and i also checked the firewall of the server and client, but no effect.
regards,
orbknives
>Â Objects, same error executing the function of email in Main(), i gez its all about permission now. What else should we do?
>Â Giant2, im running my app through jnlp from JWS and i also checked the firewall of the server and client, but no effect.
regards,
orbknives
<extension name="activation" href="activation.jnlp"/>
<extension name="mail" href="mail.jnlp"/>
shouldn't they be .jar, not .jnlp?
<extension name="mail" href="mail.jnlp"/>
shouldn't they be .jar, not .jnlp?
ASKER
Hi,
i intensionly change those jar to a extension coz im encountering a problem about signing, specifically this error when im executing my app:
"JAR resources in JNLP file are not signed by same certificate"
So after googling i found this site and the error is gone:
http://weblogs.java.net/blog/kirillcool/archive/2005/05/signing_jars_fo.html
which fix the error above. The activation and mail jnlp has this entry:
************************** ********** ********** ********** ********** **
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="activation.jnlp">
  <information>
   <title>Activation</title>
   <vendor>Sun Microsystems, Inc.</vendor>
  </information>
  <resources>
   <jar href="lib/activation.jar"/ >
  </resources>
  <component-desc/>
</jnlp>
************************** ********** ********** ********** ********** **
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="mail.jnlp">
  <information>
   <title>Activation</title>
   <vendor>Sun Microsystems, Inc.</vendor>
  </information>
  <resources>
   <jar href="lib/mail.jar"/>
  </resources>
  <component-desc/>
</jnlp>
************************** ********** ********** ********** ********** **
So what do you think mate? Can this be the source of my main problem??What should i do next?
regards,
orbknives
i intensionly change those jar to a extension coz im encountering a problem about signing, specifically this error when im executing my app:
"JAR resources in JNLP file are not signed by same certificate"
So after googling i found this site and the error is gone:
http://weblogs.java.net/blog/kirillcool/archive/2005/05/signing_jars_fo.html
which fix the error above. The activation and mail jnlp has this entry:
**************************
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="activation.jnlp">
  <information>
   <title>Activation</title>
   <vendor>Sun Microsystems, Inc.</vendor>
  </information>
  <resources>
   <jar href="lib/activation.jar"/
  </resources>
  <component-desc/>
</jnlp>
**************************
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="mail.jnlp">
  <information>
   <title>Activation</title>
   <vendor>Sun Microsystems, Inc.</vendor>
  </information>
  <resources>
   <jar href="lib/mail.jar"/>
  </resources>
  <component-desc/>
</jnlp>
**************************
So what do you think mate? Can this be the source of my main problem??What should i do next?
regards,
orbknives
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Hi mate!
Atlast we did it!!! From your last post "*does* need permissions", it gives me an idea that the SIGNED mail and activation should pass the security manager. So without changing my main jnlp file and putting the line below to activation and mail jnlp EXTENSION i can now send email to the specified recipient:
<security>
<all-permissions/>
</security>
My mail and activation jnlp now looks like this:
************************** ********** ********** ********** ********** **
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="activation.jnlp">
  <information>
   <title>Activation</title>
   <vendor>Sun Microsystems, Inc.</vendor>
  </information>
<security>
<all-permissions/>
</security>
  <resources>
   <jar href="lib/activation.jar"/ >
  </resources>
  <component-desc/>
</jnlp>
************************** ********** ********** ********** ********** **
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="mail.jnlp">
  <information>
   <title>Activation</title>
   <vendor>Sun Microsystems, Inc.</vendor>
  </information>
<security>
<all-permissions/>
</security>
  <resources>
   <jar href="lib/mail.jar"/>
  </resources>
  <component-desc/>
</jnlp>
************************** ********** ********** ********** ********** **
BUT this leads me to another problem when running my app in JAVA-1.4, (in JAVA 1.5 - no error at all). The error states that the activation and mail are already signed by multiple signer or something... So what i did is REMOVED the SIGNED activation and mail to my tomcat's common/lib and to the webapps/testproject/lib and REPLACED it with UNSIGNED one, so now my app is running smoothly to BOTH JAVA-1.5 and 1.4. This is great, thanks objects!
regards,
orbknives (Michael)
Atlast we did it!!! From your last post "*does* need permissions", it gives me an idea that the SIGNED mail and activation should pass the security manager. So without changing my main jnlp file and putting the line below to activation and mail jnlp EXTENSION i can now send email to the specified recipient:
<security>
<all-permissions/>
</security>
My mail and activation jnlp now looks like this:
**************************
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="activation.jnlp">
  <information>
   <title>Activation</title>
   <vendor>Sun Microsystems, Inc.</vendor>
  </information>
<security>
<all-permissions/>
</security>
  <resources>
   <jar href="lib/activation.jar"/
  </resources>
  <component-desc/>
</jnlp>
**************************
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="mail.jnlp">
  <information>
   <title>Activation</title>
   <vendor>Sun Microsystems, Inc.</vendor>
  </information>
<security>
<all-permissions/>
</security>
  <resources>
   <jar href="lib/mail.jar"/>
  </resources>
  <component-desc/>
</jnlp>
**************************
BUT this leads me to another problem when running my app in JAVA-1.4, (in JAVA 1.5 - no error at all). The error states that the activation and mail are already signed by multiple signer or something... So what i did is REMOVED the SIGNED activation and mail to my tomcat's common/lib and to the webapps/testproject/lib and REPLACED it with UNSIGNED one, so now my app is running smoothly to BOTH JAVA-1.5 and 1.4. This is great, thanks objects!
regards,
orbknives (Michael)
also looks like it has nothing to do with tomcat, and is instead not enough permissions on the client side. In which case you need to set the security policy on any client that runs that code.