java.security.AccessControlException: access denied ("java.net.SocketPermission" "smtp.gmail.com" "resolve")

Chayemor picture Chayemor · Dec 10, 2012 · Viewed 14.2k times · Source

I am using GlassFish Server 3.1 and the Java mail Api 1.4.5.

Scenario: I have an applet, that when clicked it sends an email message.

Send the mail works perfectly on Netbeans AppletViewer, but it turns into hell when added to the browser and trying to send the email from there.

I have read for hours, about policy files, signed/unsigned applets...etc.

I have tried using the signed applet (plenty of tutorials out there for signing it, was quite simple using the keytools from java). When I run it on the browser it asks for permission because it´s a self-signed certificate, I give it permission , but it still spits out the same exception.

I have also tried modifying java.poilcy file adding

permission java.net.SocketPermission "smtp.gmail.com:587", "listen,resolve";

But nothing.

I know it´s that exception because I activaded the Java Console in the Java Control Panel. I really don´t know what else to do.

Here is the code that sends the email:

    String host = "smtp.gmail.com";
    String from = *****;
    String pass = ******;
    Properties props = new Properties();
    props.put("mail.smtp.starttls.enable", "true");
    props.put("mail.smtp.host", host);
    props.put("mail.smtp.user", from);
    props.put("mail.smtp.password", pass);
    props.put("mail.smtp.port", "587");
    props.put("mail.smtp.auth", "true");

    Session session = Session.getDefaultInstance(props, null);
    this.message = new MimeMessage(session);
    message.setFrom(new InternetAddress(from));

    InternetAddress toAddress = new InternetAddress(this.to);
    this.message.addRecipient(Message.RecipientType.TO, toAddress);

    this.message.setSubject(this.subject);

    this.message.setText(this.body);

    Transport transport = session.getTransport("smtp");
    transport.connect(host, from, pass);
    transport.sendMessage(this.message, this.message.getAllRecipients());
    transport.close();

Answer

Chayemor picture Chayemor · Dec 10, 2012

JApplet is in a "sandbox" on it's own, given different permissions than regular applications (applications are only executed when the users chooses directly to do so, hence, the user accepts the consequences). A JApplet executes when a browser downloads it, giving the user no option whatsoever, that´s why if you want to have your applet deployed and executed by others (when the applet accesses servers others than the one from which it is deployed) it must be signed (either a self-signed certificate or a certificate signed by an authorized organization, which usually implies paying some fees) so that the user can "Accept" the consequences of using said Applet, allowing it "out of the sandbox".

For some reason, signing it with a self-cert using keytolls and jarsigner did not work for me whatsoever. Even though when I accessed the webpage and the browser warned me about executing the applet (giving me the option to not execute it) and I accepted said warning, it seemed the JApplet was not getting it´s permissions.

My boyfriend suggested moving the email class out of the "sandbox". He solved it (bless him!), moving the emailClass (the one which uses the java mail api) to the server gave no problems whatsoever. Using the Front Controller Command for Client-Server Arquitecture, all I had to do was implement my Controller class with the code that I posted at the beginning of the question, and send from my applet (when the button was clicked) an http-request with the toEmailAddress, subject, and body to my servlet.

Works perfect.