Using javamail, gmail refusing authentication due to application being less secure

java security jakarta-mail
Kalyan Vedala picture Kalyan Vedala · Sep 26, 2015 · Viewed 13k times · Source

I am running a very basic Javamail program to try sending emails. This is stand-alone program with main(). Once I get it working, I plan to use Javamail in a servlet running under tomcat.

I was getting AUTH LOGIN failed error when running this program. I tried several different property settings, none of which solved the problem.

Then I found a post on SO, which suggested lowering the required security level in my Google account. The authentication was successful when I lowered the security setting.

Of course, I went back to higher security level on the Google account immediately.

The question I have is, how can I make my application more secure so that gmail does not refuse authentication?

Program code shown below. The program is very similar to code in many other Javamail questions on SO.

TryJavamail.java

import java.io.IOException;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import java.util.Properties;
import javax.mail.*;
import javax.mail.internet.*;

public class TryJavamail {

  public static void main(String args[]) throws MessagingException {

    String submitName = "John Doe";
    String submitEmail = "[email protected]";
    String submitMessage = "This is the message";

    Properties props = new Properties();
    props.put("mail.transport.protocol", "smtp");
    props.setProperty("mail.smtp.host", "smtp.gmail.com");
    props.setProperty("mail.smtp.auth", "true");
    props.setProperty("mail.smtp.ssl.enable", "true");
    props.setProperty("mail.smtp.port", "465");
    Session session = Session.getInstance(props, null);

    session.setDebug(true);

    Message message = new MimeMessage(session);
    message.setSubject("Message from myapp website submit");
    message.setText(submitName + "; " + submitMessage);

    Address toAddress = new InternetAddress(submitEmail);
    message.setRecipient(Message.RecipientType.TO, toAddress);

    Transport transport = session.getTransport("smtp");
    transport.connect("smtp.gmail.com", "---userid---", "---password---");
    transport.sendMessage(message, message.getAllRecipients());
    transport.close();
  }
}

Answer

Bill Shannon picture Bill Shannon · Sep 27, 2015

You probably want to use OAuth2 authentication.

Related questions

Java Error: "Your security settings have blocked a local application from running"

I'm trying to run this simple HelloWorld code written in Java from my browser (Chrome): public class HelloWorld extends JApplet { public void init() { try { SwingUtilities.invokeAndWait(new Runnable() { public void run() { JLabel lbl = new JLabel("Hello World"); add(lbl); } }); } catch (…

Read More
Why is char[] preferred over String for passwords?

In Swing, the password field has a getPassword() (returns char[]) method instead of the usual getText() (returns String) method. Similarly, I have come across a suggestion not to use String to handle passwords. Why does String pose a threat to …

Read More
How to retrieve a file from a server via SFTP?

I'm trying to retrieve a file from a server using SFTP (as opposed to FTPS) using Java. How can I do this?

Read More