james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Kaegi" <...@brainware.ch>
Subject javax.mail.Session access protection
Date Thu, 07 Mar 2002 17:50:01 GMT
Hi 


How can I protect the JAMES javax.mail.Session? 
  
The problem is that my java application (or an other), which is on the 
same machine like JAMES, can access the JAMES javax.mail.Session. 
  
  
How? 
Session session = Session.getDefaultInstance(props, null); 
  
  
The JavaMail 1.2 Specification says in the chapter 5: The Mail Session: 
  
"The first call to the getDefaultInstance method creates a new Session 
object and associates it with the Authenticator object. Subsequent calls 
to the getDefaultInstance method compare the Authenticator object passed 
in with the Authenticator object saved in the default session. Access to 
the default session is allowed if both objects have been loaded by the 
same class loader. Typically, this is the case when both the default 
session creator and the program requesting default session access are in 
the same "security domain." Also, if both objects are null, access is 
allowed. Using null to gain access is discouraged, because this allows 
access to the 
default session from any security domain." 
  
I think "security domain" can mean JVM. 
  
My application requires JAMES therefore JAMES will be started first. 
=> The first call to the getDefaultInstance method creates a new Session 
object. 
Then my application will be started. 
=> Subsequent calls to the getDefaultInstance method get the default 
session from James if the authenticator is null. 
  
  
Now, how can I protect the JAMES javax.mail.Session? Or have I understood 
something completely wrong? Or is this a bug? 
  
Thanx, for your time? 
  
Bye 
Michi 
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message