Java.security.cert.CertificateException

Similar Messages

• Java.security.cert.CertificateException: Untrusted Cert Chain

  Hi all,
  While sending transaction to our supplier I am facing below error, Actually Our trading partner has given .p7b cert, I converted it into base 64 and i m using in b2b server. I am doing the same with all the suppliers but I am facing issue with only this trading partner. I asked him to send a new trusted certificate but he said that he is having 100's of customers, all are using the same certficate.
  Error
  http.sender.timeout=0
  2010.05.20 at 10:52:20:711: Thread-19: B2B - (DEBUG) scheme null userName null realm null
  2010.05.20 at 10:52:22:159: Thread-19: B2B - (WARNING)
  Message Transmission Transport Exception
  Transport Error Code is OTA-HTTP-SEND-1006
  StackTrace oracle.tip.transport.TransportException: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
       at oracle.tip.transport.TransportException.create(TransportException.java:91)
       at oracle.tip.transport.basic.HTTPSender.send(HTTPSender.java:627)
       at oracle.tip.transport.b2b.B2BTransport.send(B2BTransport.java:311)
       at oracle.tip.adapter.b2b.transport.TransportInterface.send(TransportInterface.java:1034)
       at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequestPostColab(Request.java:1758)
       at oracle.tip.adapter.b2b.msgproc.Request.outgoingRequest(Request.java:976)
       at oracle.tip.adapter.b2b.engine.Engine.processOutgoingMessage(Engine.java:1167)
       at oracle.tip.adapter.b2b.transport.AppInterfaceListener.onMessage(AppInterfaceListener.java:141)
       at oracle.tip.transport.basic.FileSourceMonitor.processMessages(FileSourceMonitor.java:903)
       at oracle.tip.transport.basic.FileSourceMonitor.run(FileSourceMonitor.java:317)
  Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Cert Chain
       at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
       at java.io.ByteArrayOutputStream.writeTo(ByteArrayOutputStream.java:112)
       at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3018)
       at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2843)
       at HTTPClient.HTTPConnection.setupRequest(HTTPConnection.java:2635)
       at HTTPClient.HTTPConnection.Post(HTTPConnection.java:1107)
       at oracle.tip.transport.basic.HTTPSender.send(HTTPSender.java:590)
       ... 8 more
  Caused by: java.security.cert.CertificateException: Untrusted Cert Chain
       at oracle.security.pki.ssl.C21.checkClientTrusted(C21)
       at oracle.security.pki.ssl.C21.checkServerTrusted(C21)
       at oracle.security.pki.ssl.C08.checkServerTrusted(C08)
       at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
       ... 21 more
  2010.05.20 at 10:52:22:164: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.transport.TransportInterface:send Error in sending message
  2010.05.20 at 10:52:22:168: Thread-19: B2B - (INFORMATION) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequestPostColab Request Message Transmission failed
  2010.05.20 at 10:52:22:170: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Enter
  2010.05.20 at 10:52:22:173: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Transaction.begin()
  2010.05.20 at 10:52:22:176: Thread-19: B2B - (DEBUG) DBContext beginTransaction: Leave
  2010.05.20 at 10:52:22:179: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequestPostColab [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
  Untrusted Cert Chain
  2010.05.20 at 10:52:22:226: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.engine.Engine:notifyApp retry value <= 0, so sending exception to IP_IN_QUEUE
  2010.05.20 at 10:52:22:232: Thread-19: B2B - (DEBUG) Engine:notifyApp Enter
  2010.05.20 at 10:52:22:248: Thread-19: B2B - (DEBUG) notifyApp:notifyApp Enqueue the ip exception message:
  <Exception xmlns="http://integration.oracle.com/B2B/Exception" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <correlationId>543222</correlationId>
  <b2bMessageId>543222</b2bMessageId>
  <errorCode>AIP-50079</errorCode>
  <errorText>Transport error: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
  Untrusted Cert Chain</errorText>
  <errorDescription>
  <![CDATA[Machine Info: (usmtnz-sinfwi02)Transport error: [IPT_HttpSendHttpResponseError] HTTP response error :java.security.cert.CertificateException: Untrusted Cert Chain.
  Untrusted Cert Chain ]]>
  </errorDescription>
  <errorSeverity>2</errorSeverity>
  </Exception>
  2010.05.20 at 10:52:22:298: Thread-19: B2B - (DEBUG) Engine:notifyApp Exit
  2010.05.20 at 10:52:22:301: Thread-19: B2B - (DEBUG) DBContext commit: Enter
  2010.05.20 at 10:52:22:307: Thread-19: B2B - (DEBUG) DBContext commit: Transaction.commit()
  2010.05.20 at 10:52:22:310: Thread-19: B2B - (DEBUG) DBContext commit: Leave
  2010.05.20 at 10:52:22:313: Thread-19: B2B - (DEBUG) oracle.tip.adapter.b2b.msgproc.Request:outgoingRequest Exit
  2010.05.20 at 10:52:22:317: Thread-19: B2B - (INFORMATION) oracle.tip.adapter.b2b.engine.Engine:processOutgoingMessage:
  ***** REQUEST MESSAGE *****
  Exchange Protocol: AS2 Version 1.1
  Transport Protocol: HTTPS
  Unique Message ID: <543222@EMRSNS>
  Trading Partner: ZZEASY_PROD
  Message Signed: RSA
  Payload encrypted: 3DES
  Attachment: None

  Hi CNU,
  1st they has given me in .p7b certificateIs it a self-signed certificate? If no then do you have the CA certs as well?
  Open the certificate by double clicking on it. If "Issued To" and "Issued By" fields are same then it is a self signed cert and you need to import only this cert (in base64 format) into wallet.
  If it is not a self-signed cert then open the certificate and click on "Certification Path" tab. You should be able to see the issue's certificate here. Make sure that you have imported all issuers certificate along with your TP's cert in the wallet. Moreover, check that all the certs (TP cert and it's issuer cert's) are valid in terms of dates. You can see the "Certificate status" in "Certification Path" tab of certificate.
  Please provide the certificate chain details here along with list of certs in wallet (you may mail it to my id as well - [email protected])
  Regards,
  Anuj

• SecureSocketListener: Could not setup context and create a secure socket on 142.182.112.123:5555 : java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11. java.security.cert.Certifica

  HI Team,
  while starting the node manager in wls 8.1 and java1.4
  we are facing this issue plz help on this immediately.
  + CLASSPATH=/srvrs/bdv/patches/CR210310_81sp4.jar:/usr/java14/lib/tools.jar:/srvrs/bdv/bea/weblogic81/server/lib/weblogic_sp.jar:/srvrs/bdv/bea/weblogic81/server/lib/weblogic.jar::/srvrs/bdv/bea
  + export CLASSPATH
  + export PATH
  + set -x
  + [ 5555 !=  ]
  + [ 142.182.112.123 !=  ]
  + /usr/java14/bin/java -Xms32m -Xmx32m -Dweblogic.security.SSL.enforceConstraints=off -Djava.security.policy=/srvrs/bdv/bea/weblogic81/server/lib/weblogic.policy -Dweblogic.nodemanager.javaHome=/usr/java14 -DListenAddress=142.182.112.123 -DListenPort=5555 weblogic.NodeManager
  <Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <NodeManager: for information on command line options,  try "java weblogic.NodeManager -h">
  <Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Starting NodeManager >
  <Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Setting listenAddress to 142.182.112.123..>
  <Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Setting listenPort to 5,555..>
  <Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Setting java home to '/usr/java14'>
  <Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Effective values of properties :
          ListenAddress=142.182.112.123
          ListenPort=5555
          ListenerType=secureSocket
          SavedLogsDirectory=NodeManagerLogs
          NativeVersionEnabled=true
          TrustedHosts=nodemanager.hosts
          StartTemplate=../../server/lib/unix/nodemanager.sh
          ReverseDnsEnabled=false
          ScavangerDelaySeconds=180
          PIDFileReadRetryCount=0
          WeblogicHome=null
          bea.home=null
          JavaHome=/usr/java14
          PropertiesVersion=8.1
  >
  <Sep 15, 2013 7:35:26 AM EDT> <Info> <NodeManager> <Saving logs in'NodeManagerLogs'>
  <Sep 15, 2013 7:35:31 AM EDT> <Info> <[email protected]:5555> <Reading private key and certificate chain from the keystore /srvrs/bdv/bea/weblogic81/server/lib/DemoIdentity.jks. KeyStore type = jks, Using keystore passphrase = true, Alias = DemoIdentity>
  <Sep 15, 2013 7:35:31 AM EDT> <Info> <[email protected]:5555> <Reading trusted CAs from the keystore /srvrs/bdv/bea/weblogic81/server/lib/DemoTrust.jks. KeyStore type = jks, Using keystore passphrase = true>
  <Sep 15, 2013 7:35:31 AM EDT> <Info> <[email protected]:5555> <Reading trusted CAs from the keystore /usr/java14/jre/lib/security/cacerts. KeyStore type = jks, Using keystore passphrase = false>
  SecureSocketListener: Could not setup context and create a secure socket on 142.182.112.123:5555 : java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.
  java.security.cert.CertificateParsingException: PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11
          at com.certicom.security.cert.internal.x509.X509V3CertImpl.<init>(Unknown Source)
          at com.certicom.tls.interfaceimpl.CertificateSupport.addTrustedCertificate(Unknown Source)
          at com.certicom.net.ssl.SSLContext.addTrustedCertificate(Unknown Source)
          at com.bea.sslplus.CerticomSSLContext.addTrustedCA(Unknown Source)
          at weblogic.security.utils.SSLContextWrapper.addTrustedCA(SSLContextWrapper.java:52)
          at weblogic.nodemanager.internal.SecureSocketListener.run(SecureSocketListener.java:57)
          at weblogic.nodemanager.internal.GenericListener.startListener(GenericListener.java:16)
          at weblogic.nodemanager.NodeManager.startSecureSocketListener(NodeManager.java:461)
          at weblogic.nodemanager.NodeManager.init(NodeManager.java:305)
          at weblogic.nodemanager.NodeManager.run(NodeManager.java:511)
          at weblogic.NodeManager.main(NodeManager.java:31)
  Thanks,
  Eswar

  Hi,
  Did you find a solution to this? We are running into the same issue since upgrading to Weblogic 9.2.3 for WebCT Vista 8.0.4.
  Thanks,
  Ron

• Java Security Model: Java Protection Domains

  1.     Policy Configuration
  Until now, security policy was hard-coded in the security manager used by Java applications. This gives us the effective but rigid Java sandbox for applets.A major enhancement to the Java sandbox is the separation of policy from mechanism. Policy is now expressed in a separate, persistent format. The policy is represented in simple ascii, and can be modified and displayed by any tools that support the policy syntax specification. This allows:
  o     Configurable policies -- no longer is the security policy hard-coded into the application.
  o     Flexible policies -- Since the policy is configurable, system administrators can enforce global polices for the enterprise. If permitted by the enterprise's global policy, end-users can refine the policy for their desktop.
  o     Fine-grain policies -- The policy configuration file uses a simple, extensible syntax that allows you to specify access on specific files or to particular network hosts. Access to resources can be granted only to code signed by trusted principals.
  o     Application policies -- The sandbox is generalized so that applications of any stripe can use the policy mechanism. Previously, to establish a security policy for an application, an developer needed to implement a subclass of the SecurityManager, and hard-code the application's policies in that subclass. Now, the application can make use of the policy file and the extensible Permission object to build an application whose policy is separate from the implementation of the application.
  o     Extensible policies -- Application developers can choose to define new resource types that require fine-grain access control. They need only define a new Permission object and a method that the system invokes to make access decisions. The policy configuration file and policy tools automatically support application-defined permissions. For example, an application could define a CheckBook object and a CheckBookPermission.
  2.     X.509v3 Certificate APIs
  Public-key cryptography is an effective tool for associating an identity with a piece of code. JavaSoft is introducing API support in the core APIs for X.509v3 certificates. This allows system administrators to use certificates from enterprise Certificate Authorities (CAs), as well as trusted third-party CAs, to cryptographically establish identities.
  3.     Protection Domains
  The central architectural feature of the Java security model is its concept of a Protection Domain. The Java sandbox is an example of a Protection Domain that places tight controls around the execution of downloaded code. This concept is generalized so that each Java class executes within one and only one Protection Domain, with associated permissions.
  When code is loaded, its Protection Domain comes into existence. The Protection Domain has two attributes - a signer and a location. The signer could be null if the code is not signed by anyone. The location is the URL where the Java classes reside. The system consults the global policy on behalf of the new Protection Domain. It derives the set of permissions for the Protection Domain based on its signer/location attributes. Those permissions are put into the Protection Domain's bag of permissions.
  4.     Access Decisions
  Access decisions are straightforward. When code tries to access a protected resource, it creates an access request. If the request matches a permission contained in the bag of permissions, then access is granted. Otherwise, access is denied. This simple way of making access decisions extends easily to application-defined resources and access control. For example, the banking application allows access to the CheckBook only when the executing code holds the appropriate CheckBookPermission.
  Sandbox model for Security
  Java is supported in applications and applets, small programs that spurred Java's early growth and are executable in a browser environment. The applet code is downloaded at runtime and executes in the context of a JVM hosted by the browser. An applet's code can be downloaded from anywhere in the network, so Java's early designers thought such code should not be given unlimited access to the target system. That led to the sandbox model -- the security model introduced with JDK 1.0.
  The sandbox model deems all code downloaded from the network untrustworthy, and confines the code to a limited area of the browser -- the sandbox. For instance, code downloaded from the network could not update the local file system. It's probably more accurate to call this a "fenced-in" model, since a sandbox does not connote strict confinement.
  While this may seem a very secure approach, there are inherent problems. First, it dictates a rigid policy that is closely tied to the implementation. Second, it's seldom a good idea to put all one's eggs in one basket -- that is, it's unwise to rely entirely on one approach to provide overall system security.
  Security needs to be layered for depth of defense and flexible enough to accommodate different policies -- the sandbox model is neither.
  java.security.ProtectionDomain
  This class represents a unit of protection within the Java application environment, and is typically associated with a concept of "principal," where a principal is an entity in the computer system to which permissions (and as a result, accountability) are granted.
  A domain conceptually encloses a set of classes whose instances are granted the same set of permissions. Currently, a domain is uniquely identified by a CodeSource, which encapsulates two characteristics of the code running inside the domain: the codebase (java.net.URL), and a set of certificates (of type java.security.cert.Certificate) for public keys that correspond to the private keys that signed all code in this domain. Thus, classes signed by the same keys and from the same URL are placed in the same domain.
  A domain also encompasses the permissions granted to code in the domain, as determined by the security policy currently in effect.
  Classes that have the same permissions but are from different code sources belong to different domains.
  A class belongs to one and only one ProtectionDomain.
  Note that currently in Java 2 SDK, v 1.2, protection domains are created "on demand" as a result of class loading. The getProtectionDomain method in java.lang.Class can be used to look up the protection domain that is associated with a given class. Note that one must have the appropriate permission (the RuntimePermission "getProtectionDomain") to successfully invoke this method.
  Today all code shipped as part of the Java 2 SDK is considered system code and run inside the unique system domain. Each applet or application runs in its appropriate domain, determined by its code source.
  It is possible to ensure that objects in any non-system domain cannot automatically discover objects in another non-system domain. This partition can be achieved by careful class resolution and loading, for example, using different classloaders for different domains. However, SecureClassLoader (or its subclasses) can, at its choice, load classes from different domains, thus allowing these classes to co-exist within the same name space (as partitioned by a classloader).
  jarsigner and keytool
  example : cd D:\EicherProject\EicherWEB\Web Content jarsigner -keystore eicher.store source.jar eichercert
  The javakey tool from JDK 1.1 has been replaced by two tools in Java 2.
  One tool manages keys and certificates in a database. The other is responsible for signing and verifying JAR files. Both tools require access to a keystore that contains certificate and key information to operate. The keystore replaces the identitydb.obj from JDK 1.1. New to Java 2 is the notion of policy, which controls what resources applets are granted access to outside of the sandbox (see Chapter 3).
  The javakey replacement tools are both command-line driven, and neither requires the use of the awkward directive files required in JDK 1.1.x. Management of keystores, and the generation of keys and certificates, is carried out by keytool. jarsigner uses certificates to sign JAR files and to verify the signatures found on signed JAR files.
  Here we list simple steps of doing the signing. We assume that JDK 1.3 is installed and the tools jarsigner and keytool that are part of JDK are in the execution PATH. Following are Unix commands, however with proper changes, these could be used in Windows as well.
  1. First generate a key pair for our Certificate:
  keytool -genkey -keyalg rsa -alias AppletCert
  2. Generate a certification-signing request.
  keytool -certreq -alias AppletCert > CertReq.pem
  3. Send this CertReq.pem to VeriSign/Thawte webform. Let the signed reply from them be SignedCert.pem.
  4. Import the chain into keystore:
  keytool -import -alias AppletCert -file SignedCert.pem
  5. Sign the CyberVote archive �TeleVote.jar�:
  jarsigner TeleVote.jar AppletCert
  This signed applet TeleVote.jar can now be made available to the web server. For testing purpose we can have our own test root CA. Following are the steps to generate a root CA by using openssl.
  1. Generate a key pair for root CA:
  openssl genrsa -des3 -out CyberVoteCA.key 1024
  2. Generate an x509 certificate using the above keypair:
  openssl req -new -x509 -days key CyberVoteCA.key -out CyberVoteCA.crt
  3. Import the Certificate to keystore.
  keytool -import -alias CyberVoteRoot -file CyberVoteCA.crt
  Now, in the step 3 of jar signing above, instead of sending the request certificate to VeriSign/Thawte webform for signing, we 365 - can sign using our newly created root CA using this command:
  openssl x509 -req -CA CyberVoteCA.crt -CAkey CyberVoteCA.key -days 365 -in CertReq.pem -out SignedCert.pem �Cacreateserial
  However, our test root CA has to be imported to the keystore of voter�s web browser in some way. [This was not investigated. We used some manual importing procedure which is not recommended way]
  The Important Classes
  The MessageDigest class, which is used in current CyberVote mockup system (see section 2), is an engine class designed to provide the functionality of cryptographically secure message digests such as SHA-1 or MD5. A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest or hash. A digest has the following properties:
  � It should be computationally infeasible to find two messages that hashed to the same value.
  � The digest does not reveal anything about the input that was used to generate it.
  Message digests are used to produce unique and reliable identifiers of data. They are sometimes called the "digital fingerprints" of data.
  The (Digital)Signature class is an engine class designed to provide the functionality of a cryptographic digital signature algorithm such as DSA or RSA with MD5. A cryptographically secure signature algorithm takes arbitrary-sized input and a private key and generates a relatively short (often fixed-size) string of bytes, called the signature, with the following properties:
  � Given the public key corresponding to the private key used to generate the signature, it should be possible to verify the authenticity and integrity of the input.
  � The signature and the public key do not reveal anything about the private key.
  A Signature object can be used to sign data. It can also be used to verify whether or not an alleged signature is in fact the authentic signature of the data associated with it.
  ----Cheers
  ---- Dinesh Vishwakarma

  Hi,
  these concepts are used and implemented in jGuard(www.jguard.net) which enable easy JAAS integration into j2ee webapps across application servers.
  cheers,
  Charles(jGuard team).

• Java Security Error

  Hi Guys
  I am getting following error, when i am loading third party vendor JAR files into oracle db.
  ****************** error *****************
  badly formed class: User has attempted to load a class (java.security.cert.X509CRLEntry) into a restricted package. Permission can be granted using dbms_java.grant_permission(<user>, LoadClassInPackage...
  can anybody help me in this. like what could be the reason and what to do.
  i will apprecieate for for ASAP response.
  Regards
  Praveen
  null

  Java security. This is a privileged area. Please read the following docs: http://technet.oracle.com/docs/products/oracle8i/doc_library/817_doc/java.817/a83728/securit2.htm
  null

• How to get Java source in applet stack trace to debug Java security manager

  How can I get line numbers for Java source in stack traces for my applet? I'm having a problem with my code-signing certificate. On one of my applets, I consistently get a NullPointerException inside the security dialog code in the JDK. As a result, either the "trust this applet" dialog never appears, or even though it appears, it defaults to untrusted because of the exception, so I can't access any local files (and that's a bit of a problem for an applet whose sole purpose is to upload files to our server). I unzipped src.zip in my JDK directory and set the debug flag for my Ant <javac> task as well as set debuglevel to "lines." Anything else? Here's the trace that I'm getting so far. See that after the NullPointerException it assumes that the user has denied permission. If I could read this Java source maybe I could figure out why it hates my code-signing certificate (jarsigner, BTW, never complains when I verify my jar).
  security: Blacklist file not found or revocation check is disabled
  security: Accessing keys and certificate in Mozilla user profile: null
  security: Loading Root CA certificates from D:\Program Files (x86)\Java\jre6\lib\security\cacerts
  security: Loaded Root CA certificates from D:\Program Files (x86)\Java\jre6\lib\security\cacerts
  security: Loading Deployment certificates from C:\Users\Rich\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
  security: Loaded Deployment certificates from C:\Users\Rich\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
  security: Loading certificates from Deployment session certificate store
  security: Loaded certificates from Deployment session certificate store
  security: Validate the certificate chain using CertPath API
  security: Obtain certificate collection in Root CA certificate store
  security: Obtain certificate collection in Root CA certificate store
  security: Start to check whether root CA is replaced
  security: The root CA has been replaced
  security: No timestamping info available
  security: Found jurisdiction list file
  security: Start checking trusted extension for this certificate
  security: Start comparing to jurisdiction list with this certificate
  security: The CRL support is disabled
  security: The OCSP support is disabled
  security: This OCSP End Entity validation is disabled
  security: Checking if certificate is in Deployment denied certificate store
  security: Checking if certificate is in Deployment permanent certificate store
  security: Checking if certificate is in Deployment session certificate store
  java.lang.NullPointerException
       at com.sun.deploy.ui.UIFactory.showSecurityDialog(Unknown Source)
       at com.sun.deploy.security.TrustDeciderDialog.showDialog(Unknown Source)
       at com.sun.deploy.security.X509Util.showSecurityDialog(Unknown Source)
       at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.isTrustedByTrustDecider(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.getTrustedCodeSources(Unknown Source)
       at com.sun.deploy.security.CPCallbackHandler$ParentCallback.strategy(Unknown Source)
       at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$700(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
       at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  security: User has denied the priviledges to the code
  security: Adding certificate in Deployment denied certificate store
  security: Added certificate in Deployment denied certificate store
  security: Loading certificates from Deployment session certificate store
  security: Loaded certificates from Deployment session certificate store
  security: Validate the certificate chain using CertPath API
  security: Obtain certificate collection in Root CA certificate store
  security: Obtain certificate collection in Root CA certificate store
  security: Start to check whether root CA is replaced
  security: The root CA has been replaced
  security: No timestamping info available
  security: Found jurisdiction list file
  security: Start checking trusted extension for this certificate
  security: Start comparing to jurisdiction list with this certificate
  security: The CRL support is disabled
  security: The OCSP support is disabled
  security: This OCSP End Entity validation is disabled
  security: Checking if certificate is in Deployment denied certificate store
  security: Checking if certificate is in Deployment denied certificate store

  Rats, now that I look at the stack trace and compare to what's in the JDK srce.zip, it appears that most of this code is not part of the JDK source. I don't see any com/sun/deploy, etc.

• Help : java.security.UnrecoverableKeyException: excess private key

  Hi,
  I require help for the exception "java.security.UnrecoverableKeyException: excess private key"
  When i am trying to generate digital signature using PKCS7 format using bouncyCastle API, it gives the "java.security.UnrecoverableKeyException: excess private key" exception.
  The full stack trace is as follows
  ------------------------------------------------------------------------java.security.UnrecoverableKeyException: excess private key
       at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
       at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120)
       at java.security.KeyStore.getKey(KeyStore.java:289)
       at com.security.Security.generatePKCS7Signature(Security.java:122)
       at com.ibm._jsp._SendSecureDetail._jspService(_SendSecureDetail.java:2282)
       at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:93)
  I had tested the program under following scenarios...
  The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) I have tested this independently on Sun's JDK 1.4, 1.6
  For IBM JDK 1.4 on Windows machine for WAS(Webshere Application Server) 6.0, The Program for generating the digital signature using PKCS7 works fine, but it required IBM Policy files(local_policy.jar, US_export_policy.jar) and updation in java.security file
  But the problem occurs in Solaris 5.10, WAS 6.0 where Sun JDK 1.4.2_6 is used.
  I copied the unlimited strength policy files for JDK 1.4.2 from Sun's site(because the WAS 6.0 is running on Sun's JDK intead of IBM JDK)...
  I changed the java.security file as follows(only changed content)
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.ibm.security.jgss.IBMJGSSProvider
  security.provider.3=com.ibm.crypto.fips.provider.IBMJCEFIPS
  security.provider.4=com.ibm.crypto.provider.IBMJCE
  security.provider.5=com.ibm.jsse2.IBMJSSEProvider2
  security.provider.6=com.ibm.jsse.IBMJSSEProvider
  security.provider.7=com.ibm.security.cert.IBMCertPath
  security.provider.8=com.ibm.security.cmskeystore.CMSProvider
  I have used PKCS12(PFX) file for digital signature
  which is same for all environment(i have described as above)
  I copied the PFX file from windows to solaris using WinSCP in binary format so the content of certificate won't get currupted.
  I can not change the certificate because it's given by the company and which is working in other enviroments absolutely fine(just i have described above)
  I have gone though the "http://forums.sun.com/thread.jspa?threadID=408066" and other URLs too. but none of them helped...
  So what could be the problem for such exception?????
  I am on this issue since last one month...
  I know very little about security.
  Thanks in advance
  PLEASE HELP ME(URGENT)
  Edited by: user10935179 on Sep 27, 2010 2:47 AM
  Edited by: user10935179 on Sep 27, 2010 2:54 AM

  user10935179 wrote:
  The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) If the program was working fine without changing the java.security policy file, why have you changed it to put the IBM Providers ahead of the SunRsaSign provider?
  While I cannot be sure (because I don't have an IBM provider to test this), the error is more than likely related to the fact that the IBM Provider implementations for handling RSA keys internally are different from the SunRsaSign provider. Since you've now forced the IBM provider ahead of the original Sun provider, you're probably running into interpretation issues of the encoded objects inside the keystore.
  Change your java.security policy back to the default order, and put your IBM Providers at the end of the original list and run your application to see what happens.
  Arshad Noor
  StrongAuth, Inc.

• Java.security.KeyStoreException: Cannot store non-PrivateKeys

  I have been getting this exception:
  Exception in thread "main" java.security.KeyStoreException: Cannot store non-PrivateKeys
       at sun.security.provider.JavaKeyStore.engineSetKeyEntry(Unknown Source)
       at java.security.KeyStore.setKeyEntry(Unknown Source)
       at KeyStoreExample.encrypt(KeyStoreExample.java:89)
       at KeyStoreExample.main(KeyStoreExample.java:39)
  while running this code:
  private static void encrypt(char[] password, String plaintext)
    throws Exception
      System.out.println("Generating a TripleDES key...");
      // Create a Blowfish key
      KeyGenerator keyGenerator = KeyGenerator.getInstance("TripleDES");
      keyGenerator.init(168);
      Key key = keyGenerator.generateKey();
      System.out.println("Done generating the key.");
      // Create a cipher using that key to initialize it
      Cipher cipher = Cipher.getInstance("TripleDES/ECB/PKCS5Padding");
      cipher.init(Cipher.ENCRYPT_MODE, key);
      byte[] plaintextBytes = plaintext.getBytes();
      // Perform the actual encryption
      byte[] cipherText = cipher.doFinal(plaintextBytes);
      // Now we need to Base64-encode it for ascii display
      BASE64Encoder encoder = new BASE64Encoder();
      String output = encoder.encode(cipherText);
      System.out.println("Ciphertext: "+output);
      /* Create a keystore and place the key in it
       * We're using a jceks keystore, which is provided by Sun's JCE.
       * If you don't have the JCE installed, you can use "JKS",
       * which is the default keystore. It doesn't provide
       * the same level of protection however.
      KeyStore keyStore = KeyStore.getInstance("JKS", "SUN");
      // This initializes a blank keystore
      keyStore.load(null, null);
      // Now we add the key to the keystore, protected
      // by the password.
      keyStore.setKeyEntry("LuisTest", key, password, null);
      // Store the password to the filesystem, protected
      // by the same password.
      FileOutputStream fos = new FileOutputStream(FILENAME);
      keyStore.store(fos, password);
      fos.close();The error fires when it gets to this line
      keyStore.setKeyEntry("LuisTest", key, password, null);

  Maybe you should try defining the type of entry that
  you want stored into the KeyStore, i.e. privateKey,
  SecretKey, TrustedCertificateEntry. The setKeyEntry
  method that you're using expects a certificate chain
  to accompany the Key if it is used as a private key.
  If you don't want to use the key as one of the
  available types, perhaps you need to use the
  CertStore object as opposed to the KeyStore object.Hi,
  I've got the same exception althought I specified the type of entry. Here is my test code :
  public void createKeyStore() {
       try {
            KeyGenerator keyGen = KeyGenerator.getInstance("DES");
            SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
            keyGen.init(56, random);
            SecretKey secretKey = keyGen.generateKey();
            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
            char password[] = {'j', 's', 'd', '4', '9', '4' };
            // Create an empty keystore
            ks.load(null, password);
            KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(secretKey);
            ks.setEntry("symKey", skEntry, new KeyStore.PasswordProtection(password));
            // store away the keystore
            java.io.FileOutputStream fos =
                 new java.io.FileOutputStream("mystore");
            ks.store(fos, password);
            fos.close();
       } catch (NoSuchAlgorithmException nsaex) {
            nsaex.printStackTrace(System.err);
       } catch (NoSuchProviderException nspex) {
            nspex.printStackTrace(System.err);
       } catch (KeyStoreException ksex) {
            ksex.printStackTrace(System.err);
       } catch (CertificateException cex) {
            cex.printStackTrace(System.err);
       } catch (IOException ioex) {
            ioex.printStackTrace(System.err);
  } ... and what I don't understand is that the main idea of this code is taken from the Java API documentation itself. See this url for reference
  http://java.sun.com/j2se/1.5.0/docs/api/java/security/KeyStore.html

• Java.security.InvalidKeyException: Illegal key size

  Hi,
  I have developed an adf application using jdeveloper 11g which hosts weblogic 10.3.3.0.
  My adf application has to connect to an external application for credit card validation.
  To achieve this i am using a HTTPURLConnection and passing the external address and attributes that has to be written to it.
  The external application which i am trying to connect is secured starts with https://..
  I get an error as soon i am trying to open the "connection.getOutputStream()".
  Following is the error i am getting
  <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  java.security.InvalidKeyException: Illegal key size
       at javax.crypto.Cipher.a(DashoA13*..)
       at javax.crypto.Cipher.init(DashoA13*..)
       at javax.crypto.Cipher.init(DashoA13*..)
       at com.certicom.tls.provider.Cipher.init(Unknown Source)
       at com.certicom.tls.ciphersuite.SecurityParameters.createWriteCipher(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.changeCipherSpec(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)The code i am using to connect to the external website is as follows.
      URL url;  
      HttpURLConnection connection = null; 
      try {    
        //Create connection  
        url = new URL(targetURL); 
        connection = (HttpURLConnection)url.openConnection();   
        connection.setRequestMethod("POST");
        connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
       connection.setRequestProperty("Content-Length", "" + Integer.toString(urlParameters.getBytes().length));
        connection.setRequestProperty("Content-Language", "en-US");  
        connection.setUseCaches (false); 
         connection.setDoOutput(true); 
         DataOutputStream wr = new DataOutputStream (      
             connection.getOutputStream ());
              wr.writeBytes (urlParameters);  
              wr.flush ();  
        wr.close ();   
              //Get Response   
        InputStream is = connection.getInputStream();  
        System.out.println("after getting input stream");
      BufferedReader rd = new BufferedReader(new InputStreamReader(is));  
        System.out.println("after BUffered reader");
      String line;  
      StringBuffer response = new StringBuffer();  
        System.out.println("after String buffer");
      while((line = rd.readLine()) != null) {     
        response.append(line);   
        response.append('\r');  
        }      rd.close();  
      return response.toString();
      } catch (Exception e) { 
        e.printStackTrace();   
        return null; 
        } finally { 
        if(connection != null) {      
          connection.disconnect();  
      }I am currently totally clueless , i dont understand what steps should i take. Is this error due to some keystore stuff??
  I even tried to replace the policy files in jre as per some blogs but it still does not work.
  I have very limited knowledge of the security issues with weblogic , i will really appreciate if i can get any links or any help in this matter.
  Thanks in advance
  ash

  The messages prior to the exception are very significant:
  <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Oct 8, 2010 10:32:54 AM CDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  java.security.InvalidKeyException: Illegal key size
  So there are at least 4 certificates in your server's truststore that are causing issues.
  Is your weblogic server using CustomIdentityAndStandardTrust? If so, the the keystore is the $JAVA_HOME/jre/lib/security/cacerts
  You should familiarize yourself with keytool ( in $JAVA_HOME/bin ) and consider removing entries from your trust store unless you absolutely need them and are willing to trust any cert signed by them. There's been a thread about some newer Certificate Authorities ( CAs ) that were included as part of a recent java upgrade which have caused similar "unknown OID" issues.
  For your specific endpoint, you can use your browser to invoke the services' wsdl; this will cause your browser to fetch the certificate from that server
  You can then see what CA is used to sign it. Then see whether that CA is in your truststore.
  There is also a thread with a very simple class to test the SSL handshake:
  Re: Use Server Cert in Managed server not working

• Fire fox shows a window which indicates that the yahoo tool bar does not have a security cert. Then runs using 99% processor

  a window pops up when i open Firefox which indicates that the Yahoo tool bar does not have a security cert. Seems to lock up when going to Comcast.net. Uses 99% processor and won't close.
  == URL of affected sites ==
  http://comcast.net

  Ok. I disabled hardware acceleration. The only extension is the McAfee Scriptscan for Firefox 15.1.0, which was already disabled. I then disabled all plugins (Acrobat, Google Update, Intel Identity Protection (2x), Java Deployment Toolkit, Java Platform, MS Office 2013, Quicktime, Shockwave, Silverlight), which were all up to date.
  Normal or safe mode still has same result. No startup, no option button and no customize.
  Thanks for your help. Got any other suggestions?

• Java security policy trouble

  import javax.crypto.Cipher;
  class TestCifer {
      public static void main(String [] args){
          try {
              Cipher rsaCipher = Cipher.getInstance("RSA/ECB/nopadding");
              if (null != rsaCipher)
                  System.out.println("Cifer ok");
              else
                  System.out.println("Cifer failed");
          } catch (Exception e){
              e.printStackTrace();
  }compiling:
  javac TestCifer.java
  running:
  java TestCifer
  And it's generates Exception:
  Exception in thread "main" java.lang.ExceptionInInitializerError
  at javax.crypto.Cipher.getInstance(DashoA12275)
  at TestCifer.main(TestCifer.java:7)
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
  at javax.crypto.SunJCE_b.<clinit>(DashoA12275)
  ... 2 more
  Caused by: java.lang.SecurityException: Cannot locate policy or framework files!
  at javax.crypto.SunJCE_b.g(DashoA12275)
  at javax.crypto.SunJCE_b.e(DashoA12275)
  at javax.crypto.SunJCE_q.run(DashoA12275)
  at java.security.AccessController.doPrivileged(Native Method)
  ... 3 more
  What do I need to install to run this code properly ?

  Why do you think this is a security problem when the exception is explicitly complaining about being unable to find the class MyServer_Stub?
  Have you included the class files for MyServer_Stub in the classpath, or at the codebase?
  Dave.

• Applet Error:java.security.AccessControlException: access denied

  Hi,
  I just successful deploy an business component project to oralce 8.1.6 as an EJB Session bean, and
  the test of application module is successful. In the same workspace, I create an new project with
  an applet(which contains only an grid control)as a client of the business component. Everything works
  fine within the Applet viewer, however, when I trying to load the applet in IE5.5 I got the following
  error message in java console:
  Java(TM) Plug-in
  Using JRE version 1.2.1
  User home directory = D:\Documents and Settings\ERic
  Proxy Configuration: no proxy
  JAR cache enabled.
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.debugoutput read)'
  Diagnostics: Silencing all diagnostic output (use -Djbo.debugoutput=console to see it)
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.timing read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.function read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.level read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.linecount read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.trace.threshold read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.jdbc.driver.verbose read)'
  java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.util.PropertyPermission org.omg.CORBA.ORBClass read)
  at java.security.AccessControlContext.checkPermission(Compiled Code)
  at oracle.aurora.jndi.orb_dep.Orb.<clinit>(Orb.java:24)
  at oracle.aurora.jndi.sess_iiop.sess_iiopURLContext.<clinit>(sess_iiopURLContext.java:9)
  at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:588)
  at javax.naming.spi.NamingManager.getURLContext(NamingManager.java:537)
  at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:274)
  at javax.naming.InitialContext.lookup(InitialContext.java:349)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.connectToService(AuroraEJBAmHomeImpl.java:179)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.createSession(AuroraEJBAmHomeImpl.java:152)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.initRemoteHome(AuroraEJBAmHomeImpl.java:123)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.<init>(AuroraEJBAmHomeImpl.java:59)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBInitialContext.createJboHome(AuroraEJBInitialContext.java:47)
  at oracle.jbo.common.JboInitialContext.lookup(JboInitialContext.java:72)
  at javax.naming.InitialContext.lookup(InitialContext.java:349)
  at oracle.dacf.dataset.SessionInfo._createAppModule(SessionInfo.java:2330)
  at oracle.dacf.dataset.SessionInfo.connect(SessionInfo.java:1799)
  at oracle.dacf.dataset.SessionInfo.openProducerObject(SessionInfo.java:1848)
  at oracle.dacf.dataset.ProducerObject.open(ProducerObject.java:94)
  at oracle.dacf.dataset.SessionInfo.publishSession(SessionInfo.java:1305)
  at oracle.dacf.dataset.SessionInfo.publishSession(SessionInfo.java:1287)
  at broadcastapplet.myBroadCastApplet.init(myBroadCastApplet.java:70)
  at sun.applet.AppletPanel.run(Compiled Code)
  at java.lang.Thread.run(Thread.java:479)
  The Oracle 8.1.6 runs on Win2000, I put the JAR & related zip files in the same machine's IIS webserver.
  Is anyone can help?
  ERic

  Hi Shaji,
  Are you calling a webservice from within an Xacute Query for your applet?  On first glance, it looks like a web service call is being rejected due to security permissions.  If you have a webservice call (or HTTP post/get), can you test it separately with the same credentials as the webpage is using?
  Regards,
  Mike

• Error in weblogic7.0 :java.security.NoSuchAlgorithmException:

  Hi All
  thanks in advance.
  i am facing a peculiar problem while using SunJce provider
  i have some classes to encrypt& decrypt some information using
  DeffieHellman protocol.
  Problem 1
  while i am running those classes in command prompts
  some time it gives me correct results where as other time during decryption i am unable to get the plaintext (i am getting some junk character),where as some time it gives me Badpadding exception
  I am using JDK1.3 which comes with weblogic and jce1.2.2
  for classpath and path setting
  set path=D:\bea\jdk131_03\bin
  set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\ jce1_2_2.jar
  set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\sunjce_provider.jar
  set classpath=%classpath%; D:\bea\jdk131_03\jre\lib\ext\local_policy.jar
  set classpath=%classpath%; D:\bea\jdk131_03\jre\ext\US_export_policy.jar
  my BEA_HOME=d\bea and JAVA_HOME=D:\bea\jdk131_03\jre
  Problem 2
  While i am using those classes in servlet and jsp which are deployed in weblogic 7
  Some time i am getting correct results
  but as i stop and start the weblogic server ,i am getting .NoSuchAlgorithmException.
  So mainly i am having two classes DiffieHellmanKeyGeneRation and DHEncryptDecrypt given below
  import java.io.*;
  import java.math.BigInteger;
  import java.security.*;
  import java.security.spec.*;
  import java.security.interfaces.*;
  import javax.crypto.*;
  import javax.crypto.spec.*;
  import javax.crypto.interfaces.*;
  import com.sun.crypto.provider.SunJCE;
  public class DiffieHellmanKeyGeneRation {
  PublicKey alicePubKey=null;
       PublicKey bobPubKey=null;
       KeyAgreement aliceKeyAgree =null;
       KeyAgreement bobKeyAgree =null;
  * DiffieHellmanKeyGeneRation() constructor -Set the mode and call run method to generate Keypairs
  * and assigns it to the instance variables .
  * @param nil
  * @returns nil
  public DiffieHellmanKeyGeneRation(){
       try {
  String mode = "GENERATE_DH_PARAMS";
                 run(mode);
  } catch (Exception e) {
  System.err.println("Error: " + e);
  System.exit(1);
  * getAlicePubKey() -Return the Instance Variable alicePubKey
  * @param nil
  * @returns PublicKey
  public PublicKey getAlicePubKey()
  return alicePubKey;
  * getBobPubKey() -Return the Instance Variable bobPubKey
  * @param nil
  * @returns PublicKey
  public PublicKey getBobPubKey()
  return bobPubKey;
  * getAliceKeyAgree() -Return the Instance Variable aliceKeyAgree
  * @param nil
  * @returns KeyAgreement
       public KeyAgreement getAliceKeyAgree()
  return aliceKeyAgree;
  * getBobKeyAgree() -Return the Instance Variable bobKeyAgree
  * @param nil
  * @returns KeyAgreement
  public KeyAgreement getBobKeyAgree()
  return bobKeyAgree;
  *run() method -Generate Algorithm instance,KeySpec,and keypair
  * and assigns it to the instance variables .
  * @param String
  * @returns nil
  private void run(String mode) throws Exception {
  DHParameterSpec dhSkipParamSpec=null;
  // System.out.println("Creating Diffie-Hellman parameters (takes VERY long) ...");
  AlgorithmParameterGenerator paramGen=AlgorithmParameterGenerator.getInstance("DH");
  paramGen.init(512);
  AlgorithmParameters params = paramGen.generateParameters();
  dhSkipParamSpec = (DHParameterSpec)params.getParameterSpec(DHParameterSpec.class);
  * Alice creates her own DH key pair, using the DH parameters from
  * above
  // System.out.println("ALICE: Generate DH keypair ...");
  KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
  aliceKpairGen.initialize(dhSkipParamSpec);
  KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
  // Alice creates and initializes her DH KeyAgreement object
  // System.out.println("ALICE: Initialization ...");
  aliceKeyAgree = KeyAgreement.getInstance("DH");
  aliceKeyAgree.init(aliceKpair.getPrivate());
  // Alice encodes her public key, and sends it over to Bob.
  byte[] alicePubKeyEnc = aliceKpair.getPublic().getEncoded();
  * Let's turn over to Bob. Bob has received Alice's public key
  * in encoded format.
  * He instantiates a DH public key from the encoded key material.
  KeyFactory bobKeyFac = KeyFactory.getInstance("DH");
  X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(alicePubKeyEnc);
  alicePubKey = bobKeyFac.generatePublic(x509KeySpec);
  * Bob gets the DH parameters associated with Alice's public key.
  * He must use the same parameters when he generates his own key
  * pair.
  DHParameterSpec dhParamSpec = ((DHPublicKey)alicePubKey).getParams();
  // Bob creates his own DH key pair
  // System.out.println("BOB: Generate DH keypair ...");
  KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
  bobKpairGen.initialize(dhParamSpec);
  KeyPair bobKpair = bobKpairGen.generateKeyPair();
  // Bob creates and initializes his DH KeyAgreement object
  // System.out.println("BOB: Initialization ...");
  bobKeyAgree = KeyAgreement.getInstance("DH");
  bobKeyAgree.init(bobKpair.getPrivate());
  // Bob encodes his public key, and sends it over to Alice.
  byte[] bobPubKeyEnc = bobKpair.getPublic().getEncoded();
  * Alice uses Bob's public key for the first (and only) phase
  * of her version of the DH
  * protocol.
  * Before she can do so, she has to instanticate a DH public key
  * from Bob's encoded key material.
  KeyFactory aliceKeyFac = KeyFactory.getInstance("DH");
  x509KeySpec = new X509EncodedKeySpec(bobPubKeyEnc);
  bobPubKey = aliceKeyFac.generatePublic(x509KeySpec);
  2)
  import java.io.*;
  import java.math.BigInteger;
  import java.security.*;
  import java.security.spec.*;
  import java.security.interfaces.*;
  import javax.crypto.*;
  import javax.crypto.spec.*;
  import javax.crypto.interfaces.*;
  import sun.misc.*;
  import com.sun.crypto.provider.SunJCE;
  public class DHEncryptDecrypt {
  PublicKey alicePubKey=null;
       PublicKey bobPubKey=null;
       KeyAgreement aliceKeyAgree =null;
       KeyAgreement bobKeyAgree =null;
       SecretKey bobDesKey = null;
       SecretKey aliceDesKey =null;
  * DHEncryptDecrypt constructor -it intancetiate DiffieHellmanKeyGeneRation object to get Public key of both party and Shared Secrete
  * and assigns it to the instance variables .
  * @param nil
  * @returns nil
       public DHEncryptDecrypt()
            try{
            init();
       }catch(Exception e){e.printStackTrace();}
  * init() -it DiffieHellmanKeyGeneRation object to get Public key of both party and Shared Secrete
  * and assigns it to the instance variable ds.
  * @param nil
  * @returns nil
  private void init() throws Exception
       System.out.println("Initialising...");
                 DiffieHellmanKeyGeneRation dhPubKey=new DiffieHellmanKeyGeneRation();
                 alicePubKey=dhPubKey.getAlicePubKey();
                 bobPubKey=dhPubKey.getBobPubKey();
  aliceKeyAgree=dhPubKey.getAliceKeyAgree();
                 bobKeyAgree=dhPubKey.getBobKeyAgree();
  //System.out.println("ALICE: Execute PHASE1 ...");
  aliceKeyAgree.doPhase(bobPubKey, true);
       * Bob uses Alice's public key for the first (and only) phase
       * of his version of the DH
       * protocol.
  // System.out.println("BOB: Execute PHASE1 ...");
  bobKeyAgree.doPhase(alicePubKey, true);
  * At this stage, both Alice and Bob have completed the DH key
  * agreement protocol.
  * Both generate the (same) shared secret.
  byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
  int aliceLen = aliceSharedSecret.length;
  byte[] bobSharedSecret = new byte[aliceLen];
  int bobLen;
  /* try {
  // show example of what happens if you
  // provide an output buffer that is too short
  bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 1);
  } catch (ShortBufferException e) {
  System.out.println(e.getMessage());
  // provide output buffer of required size
  bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 0);
            if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
  throw new Exception("Shared secrets differ");
  //System.out.println("Shared secrets are the same");
  // System.out.println("Return shared secret as SecretKey object ...");
  // Bob
  // Note: The call to bobKeyAgree.generateSecret above reset the key
  // agreement object, so we call doPhase again prior to another
  // generateSecret call
  bobKeyAgree.doPhase(alicePubKey, true);
  bobDesKey = bobKeyAgree.generateSecret("DES");
  // Alice
  // Note: The call to aliceKeyAgree.generateSecret above reset the key
  // agreement object, so we call doPhase again prior to another
  // generateSecret call
  aliceKeyAgree.doPhase(bobPubKey, true);
  aliceDesKey = aliceKeyAgree.generateSecret("DES");
  * encrypt() - Alice encrypts, using DES in ECB mode
  * and assigns it to the instance variable ds.
  * @param String
  * @returns String
            public String encrypt(String ClearText) throws Exception
       String CipherText=null;
                 try{
                 // byte[] iv = {(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF,(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF};
            Cipher aliceCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
       aliceCipher.init(Cipher.ENCRYPT_MODE, aliceDesKey);
                 byte[] cleartext = ClearText.getBytes();
                 //System.out.println("cleartext Array:"+ cleartext.size);
                 byte[] ciphertext = aliceCipher.doFinal(cleartext);
  // BASE64Encoder b64e = new BASE64Encoder();
                 //CipherText = b64e.encode(ciphertext);
                 CipherText = new String(ciphertext);
                 }catch(Exception e){e.printStackTrace();}
       return CipherText;
  * encrypt() - Bob Decrypts, using DES in ECB mode
  * and assigns it to the instance variable ds.
  * @param String
  * @returns String
  public String decrypt(String CipherText) throws Exception
  String Recovered=null;
       try{
            // byte[] iv = {(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF,(byte)0xFF, (byte)0xFF, (byte)0xFF, (byte)0xFF};
  // System.out.println("Length of String is:"+CipherText.length());
                 Cipher bobCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
            bobCipher.init(Cipher.DECRYPT_MODE, bobDesKey);
                 byte[] CipherTextBytes=CipherText.getBytes();
  byte[] recovered = bobCipher.doFinal(CipherTextBytes);
                 Recovered=new String(recovered);
            // System.out.println("Decryption:"+Recovered+"length:="+Recovered.length());
  }catch(Exception e){e.printStackTrace();}
       return Recovered;
  and i am using following logic to encrypt and decrypt
  String MyPlainText ="sm_user=residential&csol_account=383784";
  //String MyPlainText ="This is my message";
       System.out.println("\nPlain Text:="+MyPlainText+"\n\n");
  try{
       DHEncryptDecrypt ed=new DHEncryptDecrypt();
  String CipherText=(ed.encrypt(MyPlainText));
                 BASE64Encoder b64e = new BASE64Encoder();
                 String CipherText1 = b64e.encode(CipherText.getBytes());
  System.out.println("\n\nUserInfo="+CipherText1);
       String DecryptedMessage=ed.decrypt(CipherText);
  System.out.println("\n\nDecrypedMessage=:"+DecryptedMessage);
       }catch(Exception e){e.printStackTrace();}
  and my java.security file in D:\ bea\jdk131_03\jre\lib\security
  is changed to add the provider as
  # List of providers and their preference orders (see above):
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.sun.crypto.provider.SunJCE
  security.provider.3=com.sun.rsajca.Provider
  # Class to instantiate as the system Policy. This is the name of the class
  # that will be used as the Policy object.
  policy.provider=sun.security.provider.PolicyFile
  Pls help me to resolve the magic shown by these classes.....some time right and some time worng
  mainly i need help in
  Badpadding Exception and NosuchAlogorithm exception in weblogic
  Thanks
  And regards
  Arati

  replace all calls of getBytes() and new String(text) with the versions where you can state a charset: getBytes(charset), new String(text, charset). i use "iso-8859-1" as the charset.
  this should at least fix your "Badpadding exception" problem (it did fix it for me).

• Dynamically adding JRE for IE, Java Security Warnings, & Next Gen Plugin.

  I wrote an portal application to control the environment for a third party application, the portal uses a JRE version that I supply with it, this was to ensure that users are using the same JRE so any issues can be limited to one version of Java. The only piece of the application that I could not specify the JRE version and path was for Internet Explorer. Please keep in mind that I do not control when the system JRE is updated or not, this is pushed to our systems and the latest JRE would be enabled automatically. I wanted to be able to dynamically add and enable the version of the JRE that Microsoft Internet Explorer uses for applets. So I was digging around recently and if I have the next-generation plugin enabled I could programmatically update the deployment.properties file prior to launching Internet Explorer(assuming I have closed all prior instances of IE that were running) to add and enable a version of the JRE which I choose to use. When I launch IE and run an applet I see that it is using the JRE I had dynamically supplied. However everytime I run the applet a Java security warning comes up saying "The application requires an earlier version of Java", I wanted to suppress this message but after research I tried adding 'deployment.security.mixcode=HIDE_RUN' to the deployment.properties, that did not work. I tried disabling the Next Generation Plugin, that worked to suppress the message however internet explorer was no longer using my dynamically supplied JRE for applets in IE, so that was not going to work for my purposes. My questions are:
  1. Is there a reliable way(not using ssvagent) to programmatically enable and disable Java's Next Generation Plugin option? (I want to make sure it is enabled when launching third party application from the portal)
  2. Is there a programmatic way to suppress the Java Security Warning "The application requires an earlier version of Java", without disabling Java's Next Generation Plugin option?
  deployment.properties entries after addition of my jre entry:
  #deployment.properties
  #Fri Sep 28 14:09:24 PDT 2012
  deployment.javapi.lifecycle.exception=true
  deployment.trace=true
  deployment.javaws.viewer.bounds=323,144,720,360
  deployment.javaws.autodownload=NEVER
  deployment.version=6.0
  deployment.browser.path=C\:\\Program Files (x86)\\Internet Explorer\\iexplore.exe
  deployment.security.mixcode=HIDE_RUN
  deployment.log=true
  deployment.console.startup.mode=SHOW
  deployment.capture.mime.types=true
  #Java Deployment jre's
  #Fri Sep 28 14:09:24 PDT 2012
  deployment.javaws.jre.0.registered=true
  deployment.javaws.jre.0.platform=1.6
  deployment.javaws.jre.0.osname=Windows
  deployment.javaws.jre.0.path=C\:\\Program Files (x86)\\Java\\jre6\\bin\\javaw.exe
  deployment.javaws.jre.0.product=1.6.0_33
  deployment.javaws.jre.0.osarch=x86
  deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
  deployment.javaws.jre.0.enabled=false
  deployment.javaws.jre.0.args=
  deployment.javaws.jre.1.enabled=true
  deployment.javaws.jre.1.registered=true
  deployment.javaws.jre.1.osname=Windows
  deployment.javaws.jre.1.location=http\\\://java.sun.com/products/autodl/j2se
  deployment.javaws.jre.1.osarch=x86
  deployment.javaws.jre.1.path=C\:\\Portal\\dist\\java\\jre6\\bin\\javaw.exe
  deployment.javaws.jre.1.platform=1.6
  deployment.javaws.jre.1.product=1.6.0_29
  Note: The reason not to use most recent version of Java is the necessity to test the third party application prior to deployment of a new Java version and since I do not control when a new version of Java is deployed and enabled to our machines, I am required to find an transparent solution. I understand the security issues by doing so, but the time between testing and acceptance of a new Java version for our application is within an acceptable timeframe. On exiting the application, I would restore the JRE settings and restore previous settings, to minimize the exposure of a potential security risk. Also any manual configurations are trying to be avoided as to maintain transparency to the user.

  I'm having a similar problem and I think it is related with this.
  If, after a Java--->Javascript call, a Javascript--->Java call isn't made soon after the first, it works. But, if the Java--->Javascript call triggers a Javascript--->Java call, any Java--->Javascript call that is made after that doesn't reach Javascript :/
  I have a method that handles the Java--->Javascript calls and goes something like this:
  System.out.println("Calling Javascript...");
  JSObject win = JSObject.getWindow(this);
  win.call(jsEventHandler, new Object[] { json.toString() });
  System.out.println("Done.");I further found out that, after looking at the Java debug console in the scenario where a Java--->Javascript call triggers a Javascript--->Java call, only after this last method returns is the "Done" message printed, even though the respective Javascript call was already invoked.
  Could you explain in more detail the queue based solution you found? Any other ideas?
  Regards,
  Andr&eacute; Tavares.

• How can i deal with java.security.AccessControlException?

  Hi all, I need to implement JavaMail using Servlet and deploy throught J2EE deployment tool. But when i test out the servlet i will always encounter this exception thrown. How can i solve this?
  java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write)
  This is the servlet i am testing. Please advise. Thanks in advance!
  * @(#)JavaMailServlet.java     1.3 99/12/06
  * Copyright 1998, 1999 Sun Microsystems, Inc. All Rights Reserved.
  * This software is the proprietary information of Sun Microsystems, Inc.
  * Use is subject to license terms.
  import java.io.*;
  import java.util.*;
  import java.text.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import javax.mail.*;
  import javax.mail.internet.*;
  import javax.activation.*;
  * This is a servlet that demonstrates the use of JavaMail APIs
  * in a 3-tier application. It allows the user to login to an
  * IMAP store, list all the messages in the INBOX folder, view
  * selected messages, compose and send a message, and logout.
  * <p>
  * Please note: This is NOT an example of how to write servlets!
  * This is simply to show that JavaMail can be used in a servlet.
  * <p>
  * For more information on this servlet, see the
  * JavaMailServlet.README.txt file.
  * <p>
  * For more information on servlets, see
  * * http://java.sun.com/products/java-server/servlets/index.html
  * @author Max Spivak
  public class JavaMailServlet extends HttpServlet implements SingleThreadModel {
  String protocol = "POP3";
  String mbox = "INBOX";
  * This method handles the "POST" submission from two forms: the
  * login form and the message compose form. The login form has the
  * following parameters: <code>hostname</code>, <code>username</code>,
  * and <code>password</code>. The <code>send</code> parameter denotes
  * that the method is processing the compose form submission.
  public void doPost(HttpServletRequest req, HttpServletResponse res)
       throws ServletException, IOException {
  // get the session
       HttpSession ssn = req.getSession(true);
       String send = req.getParameter("send");
  String host = req.getParameter("hostname");
  String user = req.getParameter("username");
  String passwd = req.getParameter("password");
  URLName url = new URLName(protocol, host, -1, mbox, user, passwd);
  ServletOutputStream out = res.getOutputStream();
       res.setContentType("text/html");
       out.println("<html><body bgcolor=\"#CCCCFF\">");
       if (send != null) {
       // process message sending
       send(req, res, out, ssn);
       } else {
       // initial login
       // create
       MailUserData mud = new MailUserData(url);
       ssn.putValue("javamailservlet", mud);
       try {
            Properties props = System.getProperties();
            System.out.println("url");
            props.put("mail.smtp.host", host);
            Session session = Session.getDefaultInstance(props, null);
            session.setDebug(false);
            Store store = session.getStore(url);
            store.connect();
            Folder folder = store.getDefaultFolder();
            if (folder == null)
            throw new MessagingException("No default folder");
            folder = folder.getFolder(mbox);
            if (folder == null)
            throw new MessagingException("Invalid folder");
            folder.open(Folder.READ_WRITE);
            int totalMessages = folder.getMessageCount();
            Message[] msgs = folder.getMessages();
            FetchProfile fp = new FetchProfile();
            fp.add(FetchProfile.Item.ENVELOPE);
            folder.fetch(msgs, fp);
            // track who logged in
            System.out.println("Login from: " + store.getURLName());
            // save stuff into MUD
            mud.setSession(session);
            mud.setStore(store);
            mud.setFolder(folder);
            // splash
            out.print("<center>");
            out.print("<font face=\"Arial,Helvetica\" font size=+3>");
            out.println("<b>Welcome to JavaMail!</b></font></center><p>");
            // folder table
            out.println("<table width=\"50%\" border=0 align=center>");
            // folder name column header
            out.print("<tr><td width=\"75%\" bgcolor=\"#ffffcc\">");
            out.print("<font face=\"Arial,Helvetica\" font size=-1>");
            out.println("<b>FolderName</b></font></td><br>");
            // msg count column header
            out.print("<td width=\"25%\" bgcolor=\"#ffffcc\">");
            out.print("<font face=\"Arial,Helvetica\" font size=-1>");
            out.println("<b>Messages</b></font></td><br>");
            out.println("</tr>");
            // folder name
            out.print("<tr><td width=\"75%\" bgcolor=\"#ffffff\">");
            out.print("<a href=\"" + HttpUtils.getRequestURL(req) + "\">" +
                 "Inbox" + "</a></td><br>");
            // msg count
            out.println("<td width=\"25%\" bgcolor=\"#ffffff\">" +
                 totalMessages + "</td>");
            out.println("</tr>");
            out.println("</table");
       } catch (Exception ex) {
            out.println(ex.toString());
       } finally {
            out.println("</body></html>");
            out.close();
  * This method handles the GET requests for the client.
  public void doGet (HttpServletRequest req, HttpServletResponse res)
       throws ServletException, IOException {
  HttpSession ses = req.getSession(false); // before we write to out
  ServletOutputStream out = res.getOutputStream();
       MailUserData mud = getMUD(ses);
       if (mud == null) {
       res.setContentType("text/html");
       out.println("<html><body>Please Login (no session)</body></html>");
       out.close();
       return;
       if (!mud.getStore().isConnected()) {
       res.setContentType("text/html");
       out.println("<html><body>Not Connected To Store</body></html>");
       out.close();
       return;
       // mux that takes a GET request, based on parameters figures
       // out what it should do, and routes it to the
       // appropriate method
       // get url parameters
       String msgStr = req.getParameter("message");
  String logout = req.getParameter("logout");
       String compose = req.getParameter("compose");
       String part = req.getParameter("part");
       int msgNum = -1;
       int partNum = -1;
       // process url params
       if (msgStr != null) {
       // operate on message "msgStr"
       msgNum = Integer.parseInt(msgStr);
       if (part == null) {
            // display message "msgStr"
  res.setContentType("text/html");
            displayMessage(mud, req, out, msgNum);
       } else if (part != null) {
            // display part "part" in message "msgStr"
            partNum = Integer.parseInt(part);
  displayPart(mud, msgNum, partNum, out, res);
       } else if (compose != null) {
       // display compose form
       compose(mud, res, out);
  } else if (logout != null) {
       // process logout
  try {
  mud.getFolder().close(false);
  mud.getStore().close();
            ses.invalidate();
  out.println("<html><body>Logged out OK</body></html>");
  } catch (MessagingException mex) {
  out.println(mex.toString());
       } else {
       // display headers
       displayHeaders(mud, req, out);
  /* main method to display messages */
  private void displayMessage(MailUserData mud, HttpServletRequest req,
                      ServletOutputStream out, int msgNum)
       throws IOException {
       out.println("<html>");
  out.println("<HEAD><TITLE>JavaMail Servlet</TITLE></HEAD>");
       out.println("<BODY bgcolor=\"#ccccff\">");
       out.print("<center><font face=\"Arial,Helvetica\" ");
       out.println("font size=\"+3\"><b>");
       out.println("Message " + (msgNum+1) + " in folder " +
            mud.getStore().getURLName() +
            "/INBOX</b></font></center><p>");
       try {
       Message msg = mud.getFolder().getMessage(msgNum);
       // first, display this message's headers
       displayMessageHeaders(mud, msg, out);
       // and now, handle the content
       Object o = msg.getContent();
       //if (o instanceof String) {
       if (msg.isMimeType("text/plain")) {
            out.println("<pre>");
            out.println((String)o);
            out.println("</pre>");
       //} else if (o instanceof Multipart){
       } else if (msg.isMimeType("multipart/*")) {
            Multipart mp = (Multipart)o;
            int cnt = mp.getCount();
            for (int i = 0; i < cnt; i++) {
            displayPart(mud, msgNum, mp.getBodyPart(i), i, req, out);
       } else {
            out.println(msg.getContentType());
       } catch (MessagingException mex) {
       out.println(mex.toString());
       out.println("</BODY></html>");
       out.close();
  * This method displays a message part. <code>text/plain</code>
  * content parts are displayed inline. For all other parts,
  * a URL is generated and displayed; clicking on the URL
  * brings up the part in a separate page.
  private void displayPart(MailUserData mud, int msgNum, Part part,
                 int partNum, HttpServletRequest req,
                 ServletOutputStream out)
       throws IOException {
       if (partNum != 0)
       out.println("<p><hr>");
  try {
       String sct = part.getContentType();
       if (sct == null) {
            out.println("invalid part");
            return;
       ContentType ct = new ContentType(sct);
       if (partNum != 0)
            out.println("<b>Attachment Type:</b> " +
                 ct.getBaseType() + "<br>");
       if (ct.match("text/plain")) {
            // display text/plain inline
            out.println("<pre>");
            out.println((String)part.getContent());
            out.println("</pre>");
       } else {
            // generate a url for this part
            String s;
            if ((s = part.getFileName()) != null)
            out.println("<b>Filename:</b> " + s + "<br>");
            s = null;
            if ((s = part.getDescription()) != null)
            out.println("<b>Description:</b> " + s + "<br>");
            out.println("<a href=\"" +
                 HttpUtils.getRequestURL(req) +
                 "?message=" +
                 msgNum + "&part=" +
                 partNum + "\">Display Attachment</a>");
       } catch (MessagingException mex) {
       out.println(mex.toString());
  * This method gets the stream from for a given msg part and
  * pushes it out to the browser with the correct content type.
  * Used to display attachments and relies on the browser's
  * content handling capabilities.
  private void displayPart(MailUserData mud, int msgNum,
                 int partNum, ServletOutputStream out,
                 HttpServletResponse res)
       throws IOException {
       Part part = null;
  try {
       Message msg = mud.getFolder().getMessage(msgNum);
       Multipart mp = (Multipart)msg.getContent();
       part = mp.getBodyPart(partNum);
       String sct = part.getContentType();
       if (sct == null) {
            out.println("invalid part");
            return;
       ContentType ct = new ContentType(sct);
       res.setContentType(ct.getBaseType());
       InputStream is = part.getInputStream();
       int i;
       while ((i = is.read()) != -1)
            out.write(i);
       out.flush();
       out.close();
       } catch (MessagingException mex) {
       out.println(mex.toString());
  * This is a utility message that pretty-prints the message
  * headers for message that is being displayed.
  private void displayMessageHeaders(MailUserData mud, Message msg,
                      ServletOutputStream out)
       throws IOException {
       try {
       out.println("<b>Date:</b> " + msg.getSentDate() + "<br>");
  Address[] fr = msg.getFrom();
  if (fr != null) {
  boolean tf = true;
  out.print("<b>From:</b> ");
  for (int i = 0; i < fr.length; i++) {
  out.print(((tf) ? " " : ", ") + getDisplayAddress(fr));
  tf = false;
  out.println("<br>");
  Address[] to = msg.getRecipients(Message.RecipientType.TO);
  if (to != null) {
  boolean tf = true;
  out.print("<b>To:</b> ");
  for (int i = 0; i < to.length; i++) {
  out.print(((tf) ? " " : ", ") + getDisplayAddress(to[i]));
  tf = false;
  out.println("<br>");
  Address[] cc = msg.getRecipients(Message.RecipientType.CC);
  if (cc != null) {
  boolean cf = true;
  out.print("<b>CC:</b> ");
  for (int i = 0; i < cc.length; i++) {
  out.print(((cf) ? " " : ", ") + getDisplayAddress(cc[i]));
            cf = false;
  out.println("<br>");
       out.print("<b>Subject:</b> " +
            ((msg.getSubject() !=null) ? msg.getSubject() : "") +
            "<br>");
  } catch (MessagingException mex) {
       out.println(msg.toString());
  * This method displays the URL's for the available commands and the
  * INBOX headerlist
  private void displayHeaders(MailUserData mud,
                      HttpServletRequest req,
  ServletOutputStream out)
       throws IOException {
  SimpleDateFormat df = new SimpleDateFormat("EE M/d/yy");
  out.println("<html>");
  out.println("<HEAD><TITLE>JavaMail Servlet</TITLE></HEAD>");
       out.println("<BODY bgcolor=\"#ccccff\"><hr>");
       out.print("<center><font face=\"Arial,Helvetica\" font size=\"+3\">");
       out.println("<b>Folder " + mud.getStore().getURLName() +
            "/INBOX</b></font></center><p>");
       // URL's for the commands that are available
       out.println("<font face=\"Arial,Helvetica\" font size=\"+3\"><b>");
  out.println("<a href=\"" +
            HttpUtils.getRequestURL(req) +
            "?logout=true\">Logout</a>");
  out.println("<a href=\"" +
            HttpUtils.getRequestURL(req) +
            "?compose=true\" target=\"compose\">Compose</a>");
       out.println("</b></font>");
       out.println("<hr>");
       // List headers in a table
  out.print("<table cellpadding=1 cellspacing=1 "); // table
       out.println("width=\"100%\" border=1>"); // settings
       // sender column header
       out.println("<tr><td width=\"25%\" bgcolor=\"ffffcc\">");
       out.println("<font face=\"Arial,Helvetica\" font size=\"+1\">");
       out.println("<b>Sender</b></font></td>");
       // date column header
       out.println("<td width=\"15%\" bgcolor=\"ffffcc\">");
       out.println("<font face=\"Arial,Helvetica\" font size=\"+1\">");
       out.println("<b>Date</b></font></td>");
       // subject column header
       out.println("<td bgcolor=\"ffffcc\">");
       out.println("<font face=\"Arial,Helvetica\" font size=\"+1\">");
       out.println("<b>Subject</b></font></td></tr>");
       try {
       Folder f = mud.getFolder();
       int msgCount = f.getMessageCount();
       Message m = null;
       // for each message, show its headers
       for (int i = 1; i <= msgCount; i++) {
  m = f.getMessage(i);
            // if message has the DELETED flag set, don't display it
            if (m.isSet(Flags.Flag.DELETED))
            continue;
            // from
  out.println("<tr valigh=middle>");
  out.print("<td width=\"25%\" bgcolor=\"ffffff\">");
            out.println("<font face=\"Arial,Helvetica\">" +
                 ((m.getFrom() != null) ?
                 m.getFrom()[0].toString() :
                 "" ) +
                 "</font></td>");
            // date
  out.print("<td nowrap width=\"15%\" bgcolor=\"ffffff\">");
            out.println("<font face=\"Arial,Helvetica\">" +
  df.format((m.getSentDate()!=null) ?
                      m.getSentDate() : m.getReceivedDate()) +
                 "</font></td>");
            // subject & link
  out.print("<td bgcolor=\"ffffff\">");
            out.println("<font face=\"Arial,Helvetica\">" +
            "<a href=\"" +
                 HttpUtils.getRequestURL(req) +
  "?message=" +
  i + "\">" +
  ((m.getSubject() != null) ?
                 m.getSubject() :
                 "<i>No Subject</i>") +
  "</a>" +
  "</font></td>");
  out.println("</tr>");
       } catch (MessagingException mex) {
       out.println("<tr><td>" + mex.toString() + "</td></tr>");
       mex.printStackTrace();
       out.println("</table>");
       out.println("</BODY></html>");
       out.flush();
       out.close();
  * This method handles the request when the user hits the
  * <i>Compose</i> link. It send the compose form to the browser.
  private void compose(MailUserData mud, HttpServletResponse res,
                 ServletOutputStream out)
       throws IOException {
       res.setContentType("text/html");
       out.println(composeForm);
       out.close();
  * This method processes the send request from the compose form
  private void send(HttpServletRequest req, HttpServletResponse res,
            ServletOutputStream out, HttpSession ssn)
       throws IOException {
  String to = req.getParameter("to");
       String cc = req.getParameter("cc");
       String subj = req.getParameter("subject");
       String text = req.getParameter("text");
       try {
       MailUserData mud = getMUD(ssn);
       if (mud == null)
            throw new Exception("trying to send, but not logged in");
       Message msg = new MimeMessage(mud.getSession());
       InternetAddress[] toAddrs = null, ccAddrs = null;
       if (to != null) {
            toAddrs = InternetAddress.parse(to, false);
            msg.setRecipients(Message.RecipientType.TO, toAddrs);
       } else
            throw new MessagingException("No \"To\" address specified");
       if (cc != null) {
            ccAddrs = InternetAddress.parse(cc, false);
            msg.setRecipients(Message.RecipientType.CC, ccAddrs);
       if (subj != null)
            msg.setSubject(subj);
       URLName u = mud.getURLName();
       msg.setFrom(new InternetAddress(u.getUsername() + "@" +
                           u.getHost()));
       if (text != null)
            msg.setText(text);
       Transport.send(msg);
       out.println("<h1>Message sent successfully</h1></body></html>");
       out.close();
       } catch (Exception mex) {
       out.println("<h1>Error sending message.</h1>");
       out.println(mex.toString());
       out.println("<br></body></html>");
  // utility method; returns a string suitable for msg header display
  private String getDisplayAddress(Address a) {
  String pers = null;
  String addr = null;
  if (a instanceof InternetAddress &&
  ((pers = ((InternetAddress)a).getPersonal()) != null)) {
       addr = pers + " "+"<"+((InternetAddress)a).getAddress()+">";
  } else
  addr = a.toString();
  return addr;
  // utility method; retrieve the MailUserData
  // from the HttpSession and return it
  private MailUserData getMUD(HttpSession ses) throws IOException {
       MailUserData mud = null;
       if (ses == null) {
       return null;
       } else {
       if ((mud = (MailUserData)ses.getValue("javamailservlet")) == null){
            return null;
       return mud;
  public String getServletInfo() {
  return "A mail reader servlet";
  * This is the HTML code for the compose form. Another option would
  * have been to use a separate html page.
  private static String composeForm = "<HTML><HEAD><TITLE>JavaMail Compose</TITLE></HEAD><BODY BGCOLOR=\"#CCCCFF\"><FORM ACTION=\"/servlet/JavaMailServlet\" METHOD=\"POST\"><input type=\"hidden\" name=\"send\" value=\"send\"><P ALIGN=\"CENTER\"><B><FONT SIZE=\"4\" FACE=\"Verdana, Arial, Helvetica\">JavaMail Compose Message</FONT></B><P><TABLE BORDER=\"0\" WIDTH=\"100%\"><TR><TD WIDTH=\"16%\" HEIGHT=\"22\">     <P ALIGN=\"RIGHT\"><B><FONT FACE=\"Verdana, Arial, Helvetica\">To:</FONT></B></TD><TD WIDTH=\"84%\" HEIGHT=\"22\"><INPUT TYPE=\"TEXT\" NAME=\"to\" SIZE=\"30\"> <FONT SIZE=\"1\" FACE=\"Verdana, Arial, Helvetica\"> (separate addresses with commas)</FONT></TD></TR><TR><TD WIDTH=\"16%\"><P ALIGN=\"RIGHT\"><B><FONT FACE=\"Verdana, Arial, Helvetica\">CC:</FONT></B></TD><TD WIDTH=\"84%\"><INPUT TYPE=\"TEXT\" NAME=\"cc\" SIZE=\"30\"> <FONT SIZE=\"1\" FACE=\"Verdana, Arial, Helvetica\"> (separate addresses with commas)</FONT></TD></TR><TR><TD WIDTH=\"16%\"><P ALIGN=\"RIGHT\"><B><FONT FACE=\"Verdana, Arial, Helvetica\">Subject:</FONT></B></TD><TD WIDTH=\"84%\"><INPUT TYPE=\"TEXT\" NAME=\"subject\" SIZE=\"55\"></TD></TR><TR><TD WIDTH=\"16%\"> </TD><TD WIDTH=\"84%\"><TEXTAREA NAME=\"text\" ROWS=\"15\" COLS=\"53\"></TEXTAREA></TD></TR><TR><TD WIDTH=\"16%\" HEIGHT=\"32\"> </TD><TD WIDTH=\"84%\" HEIGHT=\"32\"><INPUT TYPE=\"SUBMIT\" NAME=\"Send\" VALUE=\"Send\"><INPUT TYPE=\"RESET\" NAME=\"Reset\" VALUE=\"Reset\"></TD></TR></TABLE></FORM></BODY></HTML>";
  * This class is used to store session data for each user's session. It
  * is stored in the HttpSession.
  class MailUserData {
  URLName url;
  Session session;
  Store store;
  Folder folder;
  public MailUserData(URLName urlname) {
       url = urlname;
  public URLName getURLName() {
       return url;
  public Session getSession() {
       return session;
  public void setSession(Session s) {
       session = s;
  public Store getStore() {
       return store;
  public void setStore(Store s) {
       store = s;
  public Folder getFolder() {
       return folder;
  public void setFolder(Folder f) {
       folder = f;

  You posted a thousand lines of badly-formatted code and didn't have the sense to say which one had the exception.
  My guess is that it was this one:Session session = Session.getDefaultInstance(props, null);because that happened to me. I fixed it by calling getInstance instead of getDefaultInstance.
  However if that isn't the problem, how about spending a few seconds to post a less useless question?