?
Solved

Javamail and tomcat  (access denied (java.net.SocketPermission somehost resolve)!!!!!!

Posted on 2006-03-29
25
Medium Priority
?
1,014 Views
Last Modified: 2013-11-24
Hi,

As stated in the title, im encountering a problem when running my java app in jakarta tomcat. My App has a function the sends an email to a recipient, but when im performing this function this error occurs:

java.security.AccessControlException: access denied (java.net.SocketPermission somehost resolve)
      at java.security.AccessControlContext.checkPermission(Unknown Source)
      at java.security.AccessController.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkPermission(Unknown Source)
      at java.lang.SecurityManager.checkConnect(Unknown Source)
      at java.net.InetAddress.getAllByName0(Unknown Source)
      at java.net.InetAddress.getAllByName0(Unknown Source)
      at java.net.InetAddress.getAllByName(Unknown Source)
      at java.net.InetAddress.getByName(Unknown Source)
      at javax.mail.URLName.getHostAddress(URLName.java:473)
      at javax.mail.URLName.hashCode(URLName.java:449)
      at java.util.Hashtable.get(Unknown Source)
      at javax.mail.Session.getPasswordAuthentication(Session.java:811)
      at javax.mail.Service.connect(Service.java:258)
      at javax.mail.Service.connect(Service.java:156)
      at javax.mail.Service.connect(Service.java:105)
      at javax.mail.Transport.send0(Transport.java:168)
      at javax.mail.Transport.send(Transport.java:98)
      at stmpi.mail.EMail.send(EMail.java:176)
      at trackingprojectpackage.TrackingProjectFrame1.btnenterusr_actionPerformed(TrackingProjectFrame1.java:1529)
      at trackingprojectpackage.TrackingProjectFrame1_btnenterusr_actionAdapter.actionPerformed(TrackingProjectFrame1.java:2171)
      at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
      at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
      at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
      at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
      at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
      at java.awt.Component.processMouseEvent(Unknown Source)
      at javax.swing.JComponent.processMouseEvent(Unknown Source)
      at java.awt.Component.processEvent(Unknown Source)
      at java.awt.Container.processEvent(Unknown Source)
      at java.awt.Component.dispatchEventImpl(Unknown Source)
      at java.awt.Container.dispatchEventImpl(Unknown Source)
      at java.awt.Component.dispatchEvent(Unknown Source)
      at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
      at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
      at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
      at java.awt.Container.dispatchEventImpl(Unknown Source)
      at java.awt.Window.dispatchEventImpl(Unknown Source)
      at java.awt.Component.dispatchEvent(Unknown Source)
      at java.awt.EventQueue.dispatchEvent(Unknown Source)
      at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
      at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
      at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
      at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
      at java.awt.EventDispatchThread.run(Unknown Source)

i already did some research on this, e.g. catalina.policy and already add some entry for this:

  // JavaMail:
  // following two permissions allow access to default config files
  permission java.io.FilePermission "/usr/local/jakarta-tomcat-4.1.31/webapps/testproject/lib/mail.jar", "read,write";
  permission java.io.FilePermission "/usr/local/jakarta-tomcat-4.1.31/webapps/testproject/lib/activation.jar", "read,write";
  permission java.io.FilePermission "/usr/local/jakarta-tomcat-4.1.31/common/lib/mail.jar", "read,write";
  permission java.io.FilePermission "/usr/local/jakarta-tomcat-4.1.31/common/lib/activation.jar", "read,write";
  permission java.net.SocketPermission "somehost:25", "accept,connect,resolve";
  permission java.util.PropertyPermission "*", "read,write";

i even add this:

// ALL      
permission java.security.AllPermission;

but sadly, it didn't work...

I have a notion that this error is from the catalina policy BECAUSE when i do "java -jar" to my app (meaning running the app locally) it doesn's encounter ANY problem and the mail was sent successfully... So please help me experts, im begging, ill give all the points i have...

desperately yours,
orbknives
0
Comment
Question by:orbknives
  • 12
  • 11
  • 2
25 Comments
 
LVL 92

Expert Comment

by:objects
ID: 16328895
sounds like your not using that policy file
also looks like it has nothing to do with tomcat, and is instead not enough permissions on the client side. In which case you need to set the security policy on any client that runs that code.
0
 
LVL 92

Expert Comment

by:objects
ID: 16328902
> BECAUSE when i do "java -jar" to my app (meaning running the app locally) it doesn's encounter ANY problem and the mail was sent successfully..

applets operate with restricted permissions (unlkike applications) .
To grant more permissions you need to either sign the jar or change the policy file used on each client that runs it


0
 

Author Comment

by:orbknives
ID: 16329038
Thanks for the reply object! indeed it seems that the catalina.policy is not being implemented, how can i know that the policy is working?

> In which case you need to set the security policy on any client that runs that code.
>change the policy file used on each client that runs it.

What do you mean on that mate?

Actually all of my jar are already signed (except for the activation.jar and mail.jar, cause if im not mistaking its already signed by SUN). And also for additional facts, once a client run the app from tomcat and MANUALLY add the activation.jar/mail.jar to their JAVA_HOME/jre/lib/ext/ it will work, how come? i know its not the proper way coz those library should be download automatically from the servlet. Please help me more...

Regards,
orbknives
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 92

Expert Comment

by:objects
ID: 16329047
its an applet, right?

if so it is running on the client, and not on your server.
0
 
LVL 92

Expert Comment

by:objects
ID: 16329049
> Actually all of my jar are already signed (except for the activation.jar and mail.jar, cause if im not mistaking its already signed by SUN).

no, you need to sign *all* of them
0
 

Author Comment

by:orbknives
ID: 16329080
Yes it is running on the client, but i think the permission should be set on the server, if not where in the client should i configure the permission?Ok i already try signing ALL including the jar and activation but it didn't work, same error. I put the signed jar to my webapps and even to tomcats /common/lib.

Im using Tomcat 4.1.31...
0
 
LVL 92

Expert Comment

by:objects
ID: 16329124
> but i think the permission should be set on the server

no, otherwise it would be a huge security whole

> if not where in the client should i configure the permission?

if its signed you won't need to

>  I put the signed jar to my webapps and even to tomcats /common/lib.

they ney need to be the ones downloaded by the browser
you should then get prompted to grant perms
0
 

Author Comment

by:orbknives
ID: 16329327
Ok,

Actually my app is already running, but once i click the send-email button that error occurs.

Ok this is what i did so far, i signed all of my JAR then run my app from the client, it did ask me if to trust the app, i answered always/yes. The app is running smoothly but the send-mail button prompts me that error.. What should i do more? PAgain, please help me more...

Kind regards,
orbknives
0
 
LVL 92

Expert Comment

by:objects
ID: 16329354
try quitting your browser, and reloading the applet.
0
 

Author Comment

by:orbknives
ID: 16329494
Ok i even restart my computer and the tomcat server but same problem when i click the send-email button of my app. Still the error is:

Unhandled exception: 'access denied (java.net.SocketPermission somehost resolve)'

What should i do next???This problem is stressing....

regards,
orbknives
0
 
LVL 92

Expert Comment

by:objects
ID: 16329572
what version of jre are you using?
0
 

Author Comment

by:orbknives
ID: 16329880
i already tried running the app on JAVAWS of 1.5 and 1.4, but same problem. Which leads me to the conclusion that the app has no problem but the security running the app. Its running fine using java -jar, What else should i do mate?

regards,
orbknives
0
 
LVL 92

Expert Comment

by:objects
ID: 16330106
if you're using jws then you'll need to specify all-permissions in your jnlp, have u done that.
0
 

Author Comment

by:orbknives
ID: 16330266
Hi,

My jnlp is already set for all-permissions, this is my jnlp, in any case i hope you can also check if there some other prob with my jnlp:


<?xml version="1.0" encoding="UTF-8"?>

<jnlp spec="1.0+" codebase="http://somehost:8080/testproject" href="testproject.jnlp">

<information>
<title>XXX Test Project</title>
<vendor>XXX</vendor>
<homepage href="index.html" />
<icon href="logo.gif" />
<description>XXX Test Project</description>
</information>

<security>
<all-permissions/>
</security>

<resources>
<j2se version="1.3+" />
<jar href="testProject.jar" download="eager"/>
<jar href="lib/dx.jar"/>
<jar href="lib/dbswing.jar"/>
<jar href="lib/stmpiutil.jar"/>
<jar href="lib/jbcl.jar"/>
<jar href="lib/pg73jdbc3.jar"/>
<jar href="lib/NetComponents.jar"/>
<extension name="activation" href="activation.jnlp"/>
<extension name="mail" href="mail.jnlp"/>
<property name="homepath" value="http://somehost:8080/testproject" />
</resources>

<application-desc main-class="testprojectpackage.testprojectclass" />

</jnlp>

regards,
orbknives
0
 
LVL 92

Expert Comment

by:objects
ID: 16330307
just as a test, can you try sending a mail from main when your app starts up.
just want to see what happens on a different thread.
0
 

Author Comment

by:orbknives
ID: 16330416
Hi,

First of all, im using jbuilderX in developing this app, i tried putting the codes of sending email when the app starts (e.g. before or after the jbinit) but still the same error when executing the app at jws (tomcat) but when i run the app locally (java -jar) it works. Maybe the issue is on the tomcat or security manage itself???

regards,
orbknives
0
 
LVL 92

Expert Comment

by:objects
ID: 16330442
its nothing to do with tomcat.
its to do with jws, when run via jws a security manager is used.

your app must still have a main, have u tried it in there?
0
 
LVL 12

Expert Comment

by:Giant2
ID: 16330481
>   at stmpi.mail.EMail.send(EMail.java:176)
>     at trackingprojectpackage.TrackingProjectFrame1.btnenterusr_actionPerformed(TrackingProjectFrame1.java:1529)

Do you have set in the place correctly?
The policy for Tomcat are in conf/catalina.policy file.
Bye, Giant.
0
 
LVL 12

Expert Comment

by:Giant2
ID: 16330499
ooops!
Ignore my previous comment.
I see now:
>its an applet, right?

There could be a problem in you applet.
If the applet is executed behind a firewall, the SMTP port could not be opened. So your applet cannot send nothing.
0
 

Author Comment

by:orbknives
ID: 16330550
I see, so its all about JWS and security manager.

Oh, well its time for me to close my pc here, so can we continue this tomorrow mate, but il try to put the code at the main(), i hope you can still help me tomorrow? Geez this is stressing...

kind regards,
orbknives
0
 

Author Comment

by:orbknives
ID: 16357032
Hi,

> Objects, same error executing the function of email in Main(), i gez its all about permission now. What else should we do?

> Giant2, im running my app through jnlp from JWS and i also checked the firewall of the server and client, but no effect.

regards,
orbknives
0
 
LVL 92

Expert Comment

by:objects
ID: 16357114
<extension name="activation" href="activation.jnlp"/>
<extension name="mail" href="mail.jnlp"/>

shouldn't they be .jar, not .jnlp?
0
 

Author Comment

by:orbknives
ID: 16366861
Hi,

i intensionly change those jar to a extension coz im encountering a problem about signing, specifically this error when im executing my app:
"JAR resources in JNLP file are not signed by same certificate"

So after googling i found this site and the error is gone:
http://weblogs.java.net/blog/kirillcool/archive/2005/05/signing_jars_fo.html

which fix the error above. The activation and mail jnlp has this entry:

********************************************************************
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="activation.jnlp">
   <information>
      <title>Activation</title>
      <vendor>Sun Microsystems, Inc.</vendor>
   </information>
   <resources>
      <jar href="lib/activation.jar"/>
   </resources>
   <component-desc/>
</jnlp>
********************************************************************
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="mail.jnlp">
   <information>
      <title>Activation</title>
      <vendor>Sun Microsystems, Inc.</vendor>
   </information>
   <resources>
      <jar href="lib/mail.jar"/>
   </resources>
   <component-desc/>
</jnlp>
********************************************************************

So what do you think mate? Can this be the source of my main problem??What should i do next?

regards,
orbknives
0
 
LVL 92

Accepted Solution

by:
objects earned 2000 total points
ID: 16367103
Yes I suspect that is the cause of the probelm.
In your case the mail jar *does* need permissions so it needs to be signed.
0
 

Author Comment

by:orbknives
ID: 16367850
Hi mate!

Atlast we did it!!! From your last post "*does* need permissions", it gives me an idea that the SIGNED mail and activation should pass the security manager. So without changing my main jnlp file and putting the line below to activation and mail jnlp EXTENSION i can now send email to the specified recipient:

<security>
<all-permissions/>
</security>

My mail and activation jnlp now looks like this:

********************************************************************
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="activation.jnlp">
   <information>
      <title>Activation</title>
      <vendor>Sun Microsystems, Inc.</vendor>
   </information>

<security>
<all-permissions/>
</security>

   <resources>
      <jar href="lib/activation.jar"/>
   </resources>
   <component-desc/>
</jnlp>
********************************************************************
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://192.168.0.13:8080/trackingproject" href="mail.jnlp">
   <information>
      <title>Activation</title>
      <vendor>Sun Microsystems, Inc.</vendor>
   </information>

<security>
<all-permissions/>
</security>

   <resources>
      <jar href="lib/mail.jar"/>
   </resources>
   <component-desc/>
</jnlp>
********************************************************************

BUT this leads me to another problem when running my app in JAVA-1.4, (in JAVA 1.5 - no error at all). The error states that the activation and mail are already signed by multiple signer or something... So what i did is REMOVED the SIGNED activation and mail to my tomcat's common/lib and to the webapps/testproject/lib and REPLACED it with UNSIGNED one, so now my app is running smoothly to BOTH JAVA-1.5 and 1.4. This is great, thanks objects!

regards,
orbknives (Michael)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This was posted to the Netbeans forum a Feb, 2010 and I also sent it to Verisign. Who didn't help much in my struggles to get my application signed. ------------------------- Start The idea here is to target your cell phones with the correct…
A solution for Fortify Path Manipulation.
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
Suggested Courses
Course of the Month17 days, 4 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question