Link to home
Create AccountLog in
Avatar of orbknives
orbknives

asked on

Javamail and tomcat (access denied (java.net.SocketPermission somehost resolve)!!!!!!

Hi,

As stated in the title, im encountering a problem when running my java app in jakarta tomcat. My App has a function the sends an email to a recipient, but when im performing this function this error occurs:

java.security.AccessControlException: access denied (java.net.SocketPermission somehost resolve)
      at java.security.AccessControlContext.checkPermission(Unknown Source)
      at java.security.AccessController.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkConnect(Unknown Source)
      at java.net.InetAddress.getAllByName0(Unknown Source)
      at java.net.InetAddress.getAllByName0(Unknown Source)
      at java.net.InetAddress.getAllByName(Unknown Source)
      at java.net.InetAddress.getByName(Unknown Source)
      at javax.mail.URLName.getHostAddress(URLName.java:473)
      at javax.mail.URLName.hashCode(URLName.java:449)
      at java.util.Hashtable.get(Unknown Source)
      at javax.mail.Session.getPasswordAuthentication(Session.java:811)
      at javax.mail.Service.connect(Service.java:258)
      at javax.mail.Service.connect(Service.java:156)
      at javax.mail.Service.connect(Service.java:105)
      at javax.mail.Transport.send0(Transport.java:168)
      at javax.mail.Transport.send(Transport.java:98)
      at stmpi.mail.EMail.send(EMail.java:176)
      at trackingprojectpackage.TrackingProjectFrame1.btnenterusr_actionPerformed(TrackingProjectFrame1.java:1529)
      at trackingprojectpackage.TrackingProjectFrame1_btnenterusr_actionAdapter.actionPerformed(TrackingProjectFrame1.java:2171)
      at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
      at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
      at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
      at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
      at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
      at java.awt.Component.processMouseEvent(Unknown Source)
      at javax.swing.JComponent.processMouseEvent(Unknown Source)
      at java.awt.Component.processEvent(Unknown Source)
      at java.awt.Container.processEvent(Unknown Source)
      at java.awt.Component.dispatchEventImpl(Unknown Source)
      at java.awt.Container.dispatchEventImpl(Unknown Source)
      at java.awt.Component.dispatchEvent(Unknown Source)
      at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
      at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
      at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
      at java.awt.Container.dispatchEventImpl(Unknown Source)
      at java.awt.Window.dispatchEventImpl(Unknown Source)
      at java.awt.Component.dispatchEvent(Unknown Source)
      at java.awt.EventQueue.dispatchEvent(Unknown Source)
      at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
      at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
      at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
      at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
      at java.awt.EventDispatchThread.run(Unknown Source)

i already did some research on this, e.g. catalina.policy and already add some entry for this:

  // JavaMail:
  // following two permissions allow access to default config files
  permission java.io.FilePermission "/usr/local/jakarta-tomcat-4.1.31/webapps/testproject/lib/mail.jar", "read,write";
  permission java.io.FilePermission "/usr/local/jakarta-tomcat-4.1.31/webapps/testproject/lib/activation.jar", "read,write";
  permission java.io.FilePermission "/usr/local/jakarta-tomcat-4.1.31/common/lib/mail.jar", "read,write";
  permission java.io.FilePermission "/usr/local/jakarta-tomcat-4.1.31/common/lib/activation.jar", "read,write";
  permission java.net.SocketPermission "somehost:25", "accept,connect,resolve";
  permission java.util.PropertyPermission "*", "read,write";

i even add this:

// ALL      
permission java.security.AllPermission;

but sadly, it didn't work...

I have a notion that this error is from the catalina policy BECAUSE when i do "java -jar" to my app (meaning running the app locally) it doesn's encounter ANY problem and the mail was sent successfully... So please help me experts, im begging, ill give all the points i have...

desperately yours,
orbknives
Avatar of Mick Barry
Mick Barry
Flag of Australia image

sounds like your not using that policy file
also looks like it has nothing to do with tomcat, and is instead not enough permissions on the client side. In which case you need to set the security policy on any client that runs that code.
> BECAUSE when i do "java -jar" to my app (meaning running the app locally) it doesn's encounter ANY problem and the mail was sent successfully..

applets operate with restricted permissions (unlkike applications) .
To grant more permissions you need to either sign the jar or change the policy file used on each client that runs it


Avatar of orbknives
orbknives

ASKER

Thanks for the reply object! indeed it seems that the catalina.policy is not being implemented, how can i know that the policy is working?

> In which case you need to set the security policy on any client that runs that code.
>change the policy file used on each client that runs it.

What do you mean on that mate?

Actually all of my jar are already signed (except for the activation.jar and mail.jar, cause if im not mistaking its already signed by SUN). And also for additional facts, once a client run the app from tomcat and MANUALLY add the activation.jar/mail.jar to their JAVA_HOME/jre/lib/ext/ it will work, how come? i know its not the proper way coz those library should be download automatically from the servlet. Please help me more...

Regards,
orbknives
its an applet, right?

if so it is running on the client, and not on your server.
> Actually all of my jar are already signed (except for the activation.jar and mail.jar, cause if im not mistaking its already signed by SUN).

no, you need to sign *all* of them
Yes it is running on the client, but i think the permission should be set on the server, if not where in the client should i configure the permission?Ok i already try signing ALL including the jar and activation but it didn't work, same error. I put the signed jar to my webapps and even to tomcats /common/lib.

Im using Tomcat 4.1.31...
> but i think the permission should be set on the server

no, otherwise it would be a huge security whole

> if not where in the client should i configure the permission?

if its signed you won't need to

>  I put the signed jar to my webapps and even to tomcats /common/lib.

they ney need to be the ones downloaded by the browser
you should then get prompted to grant perms
Ok,

Actually my app is already running, but once i click the send-email button that error occurs.

Ok this is what i did so far, i signed all of my JAR then run my app from the client, it did ask me if to trust the app, i answered always/yes. The app is running smoothly but the send-mail button prompts me that error.. What should i do more? PAgain, please help me more...

Kind regards,
orbknives
try quitting your browser, and reloading the applet.
Ok i even restart my computer and the tomcat server but same problem when i click the send-email button of my app. Still the error is:

Unhandled exception: 'access denied (java.net.SocketPermission somehost resolve)'

What should i do next???This problem is stressing....

regards,
orbknives
what version of jre are you using?
i already tried running the app on JAVAWS of 1.5 and 1.4, but same problem. Which leads me to the conclusion that the app has no problem but the security running the app. Its running fine using java -jar, What else should i do mate?

regards,
orbknives
if you're using jws then you'll need to specify all-permissions in your jnlp, have u done that.
Hi,

My jnlp is already set for all-permissions, this is my jnlp, in any case i hope you can also check if there some other prob with my jnlp:


<?xml version="1.0" encoding="UTF-8"?>

<jnlp spec="1.0+" codebase="http://somehost:8080/testproject" href="testproject.jnlp">

<information>
<title>XXX Test Project</title>
<vendor>XXX</vendor>
<homepage href="index.html" />
<icon href="logo.gif" />
<description>XXX Test Project</description>
</information>

<security>
<all-permissions/>
</security>

<resources>
<j2se version="1.3+" />
<jar href="testProject.jar" download="eager"/>
<jar href="lib/dx.jar"/>
<jar href="lib/dbswing.jar"/>
<jar href="lib/stmpiutil.jar"/>
<jar href="lib/jbcl.jar"/>
<jar href="lib/pg73jdbc3.jar"/>
<jar href="lib/NetComponents.jar"/>
<extension name="activation" href="activation.jnlp"/>
<extension name="mail" href="mail.jnlp"/>
<property name="homepath" value="http://somehost:8080/testproject" />
</resources>

<application-desc main-class="testprojectpackage.testprojectclass" />

</jnlp>

regards,
orbknives
just as a test, can you try sending a mail from main when your app starts up.
just want to see what happens on a different thread.
Hi,

First of all, im using jbuilderX in developing this app, i tried putting the codes of sending email when the app starts (e.g. before or after the jbinit) but still the same error when executing the app at jws (tomcat) but when i run the app locally (java -jar) it works. Maybe the issue is on the tomcat or security manage itself???

regards,
orbknives
its nothing to do with tomcat.
its to do with jws, when run via jws a security manager is used.

your app must still have a main, have u tried it in there?
>   at stmpi.mail.EMail.send(EMail.java:176)
>     at trackingprojectpackage.TrackingProjectFrame1.btnenterusr_actionPerformed(TrackingProjectFrame1.java:1529)

Do you have set in the place correctly?
The policy for Tomcat are in conf/catalina.policy file.
Bye, Giant.
ooops!
Ignore my previous comment.
I see now:
>its an applet, right?

There could be a problem in you applet.
If the applet is executed behind a firewall, the SMTP port could not be opened. So your applet cannot send nothing.
I see, so its all about JWS and security manager.

Oh, well its time for me to close my pc here, so can we continue this tomorrow mate, but il try to put the code at the main(), i hope you can still help me tomorrow? Geez this is stressing...

kind regards,
orbknives
Hi,

> Objects, same error executing the function of email in Main(), i gez its all about permission now. What else should we do?

> Giant2, im running my app through jnlp from JWS and i also checked the firewall of the server and client, but no effect.

regards,
orbknives
<extension name="activation" href="activation.jnlp"/>
<extension name="mail" href="mail.jnlp"/>

shouldn't they be .jar, not .jnlp?
Hi,

i intensionly change those jar to a extension coz im encountering a problem about signing, specifically this error when im executing my app:
"JAR resources in JNLP file are not signed by same certificate"

So after googling i found this site and the error is gone:
http://weblogs.java.net/blog/kirillcool/archive/2005/05/signing_jars_fo.html

which fix the error above. The activation and mail jnlp has this entry:

********************************************************************
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="activation.jnlp">
   <information>
      <title>Activation</title>
      <vendor>Sun Microsystems, Inc.</vendor>
   </information>
   <resources>
      <jar href="lib/activation.jar"/>
   </resources>
   <component-desc/>
</jnlp>
********************************************************************
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="mail.jnlp">
   <information>
      <title>Activation</title>
      <vendor>Sun Microsystems, Inc.</vendor>
   </information>
   <resources>
      <jar href="lib/mail.jar"/>
   </resources>
   <component-desc/>
</jnlp>
********************************************************************

So what do you think mate? Can this be the source of my main problem??What should i do next?

regards,
orbknives
ASKER CERTIFIED SOLUTION
Avatar of Mick Barry
Mick Barry
Flag of Australia image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Hi mate!

Atlast we did it!!! From your last post "*does* need permissions", it gives me an idea that the SIGNED mail and activation should pass the security manager. So without changing my main jnlp file and putting the line below to activation and mail jnlp EXTENSION i can now send email to the specified recipient:

<security>
<all-permissions/>
</security>

My mail and activation jnlp now looks like this:

********************************************************************
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="activation.jnlp">
   <information>
      <title>Activation</title>
      <vendor>Sun Microsystems, Inc.</vendor>
   </information>

<security>
<all-permissions/>
</security>

   <resources>
      <jar href="lib/activation.jar"/>
   </resources>
   <component-desc/>
</jnlp>
********************************************************************
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="mail.jnlp">
   <information>
      <title>Activation</title>
      <vendor>Sun Microsystems, Inc.</vendor>
   </information>

<security>
<all-permissions/>
</security>

   <resources>
      <jar href="lib/mail.jar"/>
   </resources>
   <component-desc/>
</jnlp>
********************************************************************

BUT this leads me to another problem when running my app in JAVA-1.4, (in JAVA 1.5 - no error at all). The error states that the activation and mail are already signed by multiple signer or something... So what i did is REMOVED the SIGNED activation and mail to my tomcat's common/lib and to the webapps/testproject/lib and REPLACED it with UNSIGNED one, so now my app is running smoothly to BOTH JAVA-1.5 and 1.4. This is great, thanks objects!

regards,
orbknives (Michael)