Websphere 7 javax.mail.MessagingException: SSLSock

2019-06-12 12:43发布

I am trying to connect to mail server using SSL, running on Websphere 7. I have no problem running the code as a standalone test main method, everything goes fine. I have also no problem running the code on Websphere - connecting to mail server (example imap.seznam.cz), but when I do not use SSL. In case I want to use SSL, exception is thrown like this:

javax.mail.MessagingException: SSLSocketFactory is null. This can occur if javax.net.ssl.SSLSocketFactory.getDefault() is called to create a socket and javax.net.ssl.* properties are not set.; nested exception is:

javax.net.ssl.SSLException: SSLSocketFactory is null. This can occur if javax.net.ssl.SSLSocketFactory.getDefault() is called to create a socket and javax.net.ssl.* properties are not set.

at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:571)

at javax.mail.Service.connect(Service.java:288)

Here is a part of a code:

Properties imapProps = new Properties();
System.out.println(imapProps);
imapProps.setProperty("mail.imap.ssl.enable", ssl ? "true" : "false");
if(ssl) {
    imapProps.setProperty("mail.imap.starttls.enable", "true");
}

imapProps.setProperty("javax.net.ssl.trustStore", "c:/Program Files/IBM/WebSphere/AppServer/profiles/AppSrv01/config/cells/T431sNode03Cell/nodes/T431sNode03/trust.p12");
imapProps.setProperty("javax.net.ssl.trustStorePassword", "WebAS");
imapProps.setProperty("javax.net.ssl.trustStoreType", "PKCS12");
imapProps.setProperty("javax.net.ssl.keyStore", "c:/Program Files/IBM/WebSphere/AppServer/profiles/AppSrv01/config/cells/T431sNode03Cell/nodes/T431sNode03/key.p12");
imapProps.setProperty("javax.net.ssl.keyStorePassword", "WebAS");

imapProps.setProperty("mail.debug", "true");
Session session = Session.getInstance(imapProps, null);
session.setDebug(true);

System.out.println("--------------------------------------------------------------------------------------------");
System.out.println(imapProps.toString());
System.out.println("--------------------------------------------------------------------------------------------");

SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
System.out.println(sslsocketfactory);

// connect
try {
    store = session.getStore(ssl ? "imaps" : "imap");
    store.connect(imapServer, imapPort, login, password);
    return true;
} catch(NoSuchProviderException ex) {
    ex.printStackTrace();
    return false;
} catch (MessagingException e) {
    e.printStackTrace();
    return false;
} 

Parameters are taken from properties file...

ssl true, imapServer imap.seznam.cz, imapPort 993

This is only to check whether SSLSocketFactory is null or not, not needed in code

SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); System.out.println(sslsocketfactory);

I can see that sslsocketfactory is not null ans is of type: com.ibm.websphere.ssl.protocol.SSLSocketFactory

What I tried is:

  • I have certificate from mail server stored in trusted store on Websphere (using admin console, read from server's port, I can see it there)
  • I set up some javax.net.ssl.* properties on a Websphere server's properties and also in a code as you can see - but I do not think it it necessary
  • I assume Websphere is reading certificates from trust store location as seen in admin console: ${CONFIG_ROOT}/cells/T431sNode03Cell/nodes/T431sNode03/trust.p12

Can any Websphere expert help me with this problem? I am trying to fix it a couple of days with no success :-(

As I mentioned, it is working on Websphere when not using SSL, but not running when using SSL for the same mail server (for example imap.seznam.cz, also imap.gmail.com) and it is working fine with SSL when running outside Websphere as a standalone java apllication.

Thank you all, guys!

UPDATE:

Thanks Gas to pointing me to the right way how to configure mail in Websphere. So I did it, I am using Built-in Mail Provider and only created 2 mail sessions

  • one with SSL support using "imaps" provider
  • the other one without SSL support using "imap" provider

Both sessions have the same server defined and debug enabled.

In java code I am doing this:

Context context = new InitialContext();
Session session = null;
if(ssl) {
    session = (Session) context.lookup("mail/exchangeSSL");
} else {
    session = (Session) context.lookup("mail/exchange");
}

store = session.getStore();
store.connect(login, password);

And interesting think, the result is exactly the same. When I am using non SSL session, everything goes fine, but when I use SSL session, got this exception:

[25.6.14 16:35:19:615 SELČ] 00000023 SystemOut     O *** In SessionFactory.getObjectInstance, session properties:
[25.6.14 16:35:19:615 SELČ] 00000023 SystemOut     O    mail.store.protocol=imaps
[25.6.14 16:35:19:615 SELČ] 00000023 SystemOut     O    mail.imaps.class=com.sun.mail.imap.IMAPSSLStore
[25.6.14 16:35:19:615 SELČ] 00000023 SystemOut     O    mail.debug=true
[25.6.14 16:35:19:615 SELČ] 00000023 SystemOut     O    mail.pop3s.class=com.sun.mail.pop3.POP3SSLStore
[25.6.14 16:35:19:615 SELČ] 00000023 SystemOut     O    mail.smtp.class=com.sun.mail.smtp.SMTPTransport
[25.6.14 16:35:19:615 SELČ] 00000023 SystemOut     O    mail.imaps.host=imap.seznam.cz
[25.6.14 16:35:19:616 SELČ] 00000023 SystemOut     O    mail.smtps.class=com.sun.mail.smtp.SMTPSSLTransport
[25.6.14 16:35:19:616 SELČ] 00000023 SystemOut     O    mail.imap.class=com.sun.mail.imap.IMAPStore
[25.6.14 16:35:19:616 SELČ] 00000023 SystemOut     O    mail.mime.address.strict=false
[25.6.14 16:35:19:616 SELČ] 00000023 SystemOut     O    mail.pop3.class=com.sun.mail.pop3.POP3Store
[25.6.14 16:35:19:616 SELČ] 00000023 SystemOut     O DEBUG: mail.imaps.class property exists and points to com.sun.mail.imap.IMAPSSLStore
[25.6.14 16:35:19:617 SELČ] 00000023 SystemOut     O DEBUG: mail.imap.fetchsize: 16384
[25.6.14 16:35:19:618 SELČ] 00000023 SystemErr     R javax.mail.MessagingException: SSLSocketFactory is null. This can occur if javax.net.ssl.SSLSocketFactory.getDefault() is called to create a socket and javax.net.ssl.* properties are not set.;
nested exception is: 
javax.net.ssl.SSLException: SSLSocketFactory is null. This can occur if javax.net.ssl.SSLSocketFactory.getDefault() is called to create a socket and javax.net.ssl.* properties are not set.
[25.6.14 16:35:19:618 SELČ] 00000023 SystemErr     R    at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:479)
[25.6.14 16:35:19:618 SELČ] 00000023 SystemErr     R    at javax.mail.Service.connect(Service.java:275)

UPDATE2:

I created a new fresh project from this example:

http://www.mkyong.com/maven/how-to-create-a-web-application-project-with-maven/

I only added mail session related code to the controller:

try {
    Context context = new InitialContext();
    Session session = (Session) context.lookup("mail/exchangeSSL");

    Store store = session.getStore();
    store.connect("<user>", "<password>");
} catch (NamingException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (NoSuchProviderException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (MessagingException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
}

And when I deploy this new web app and invoke it, the same error. In WEB-INF/lib there are only jars related to spring and commons logging:

aopalliance-1.0.jar
commons-logging-1.1.1.jar
spring-aop-3.0.5.RELEASE.jar
spring-asm-3.0.5.RELEASE.jar
spring-beans-3.0.5.RELEASE.jar
spring-context-3.0.5.RELEASE.jar
spring-context-support-3.0.5.RELEASE.jar
spring-core-3.0.5.RELEASE.jar
spring-expression-3.0.5.RELEASE.jar
spring-web-3.0.5.RELEASE.jar
spring-webmvc-3.0.5.RELEASE.jar

So I think this has something to do with server settings? I use Websphere 7.0.0.31. I added mail server certificate to NodeDefaultTrustStore in admin console (read from port) and I can see it there.

And here is the listing of jars we are using in our project:

ant-1.7.1.jar
ant-launcher-1.7.1.jar
antlr-2.7.7.jar
aopalliance-1.0.jar
asm-3.3.1.jar
aspectjrt-1.7.4.jar
aspectjweaver-1.7.4.jar
avalon-framework-api-4.3.1.jar
avalon-framework-impl-4.2.0.jar
avalon-framework-impl-4.3.1.jar
barcode4j-2.1.jar
batik-anim-1.7.jar
batik-awt-util-1.7.jar
batik-bridge-1.7.jar
batik-css-1.7.jar
batik-dom-1.7.jar
batik-ext-1.7.jar
batik-extension-1.7.jar
batik-gvt-1.7.jar
batik-js-1.7.jar
batik-parser-1.7.jar
batik-script-1.7.jar
batik-svg-dom-1.7.jar
batik-svggen-1.7.jar
batik-transcoder-1.7.jar
batik-util-1.7.jar
batik-xml-1.7.jar
bcmail-jdk16-1.45.jar
bcprov-jdk16-1.45.jar
bctsp-jdk16-1.45.jar
bsh-2.0b4.jar
c3p0-0.9.1.1.jar
cglib-2.2.2.jar
commons-beanutils-1.9.1.jar
commons-cli-1.0.jar
commons-codec-1.9.jar
commons-collections-3.2.1.jar
commons-io-1.4.jar
commons-lang-2.6.jar
commons-logging-1.1.3.jar
core-1.0-SNAPSHOT.jar
core-interface-1.0-SNAPSHOT.jar
cxf-api-2.7.5.jar
cxf-rt-bindings-soap-2.7.5.jar
cxf-rt-core-2.7.5.jar
cxf-rt-databinding-jaxb-2.7.5.jar
cxf-rt-frontend-jaxws-2.7.5.jar
cxf-rt-frontend-simple-2.7.5.jar
cxf-rt-transports-http-2.7.5.jar
cxf-rt-ws-security-2.7.5.jar
cz.dalvi.commons.common-0.1.jar
cz.dalvi.commons.crypto-0.1.jar
cz.dalvi.commons.xml-0.1.jar
dom4j-1.6.1.jar
ehcache-core-2.5.1.jar
filenet-client-1.0-SNAPSHOT.jar
flexjson-2.0.jar
fontbox-1.8.5.jar
fop-1.1.jar
hibernate-commons-annotations-4.0.4.Final.jar
hibernate-core-4.3.5.Final.jar
hibernate-entitymanager-4.3.5.Final.jar
hibernate-jpa-2.1-api-1.0.0.Final.jar
iba-commons-core-1.5.jar
iba-commons-util-1.5.jar
ibm.filenet-stax-api-1.0.jar
ini4j-0.5.1.jar
ISDSClient-1.0-SNAPSHOT.jar
isds-client-1.0-SNAPSHOT.jar
Jace-1.0.jar
jackson-annotations-2.0.5.jar
jackson-core-2.0.5.jar
jackson-databind-2.0.5.jar
jandex-1.1.0.Final.jar
javassist-3.18.1-GA.jar
javax.xml.stream-stax-api-1.0.jar
jaxb-api-2.1.jar
jaxb-impl-2.1.11.jar
jaxws-api-2.1.jar
jaxws-rt-2.1.7.jar
jboss-logging-3.1.3.GA.jar
jboss-logging-annotations-1.2.0.Beta1.jar
jboss-transaction-api_1.2_spec-1.0.0.Final.jar
jcl-over-slf4j-1.7.1.jar
jcommander-1.27.jar
jempbox-1.8.5.jar
joda-time-2.3.jar
jstl-1.2.jar
log4j-1.2.17.jar
mimepull-1.3.jar
mimepull-1.7.jar
opensaml-2.5.1-1.jar
openws-1.4.2-1.jar
pdfbox-1.8.5.jar
quartz-2.2.1.jar
resolver-20050927.jar
saaj-impl-1.3.18.jar
slf4j-api-1.7.1.jar
slf4j-log4j12-1.7.6.jar
spring-aop-4.0.3.RELEASE.jar
spring-beans-4.0.3.RELEASE.jar
spring-context-4.0.3.RELEASE.jar
spring-context-support-4.0.3.RELEASE.jar
spring-core-4.0.3.RELEASE.jar
spring-expression-4.0.3.RELEASE.jar
spring-jdbc-4.0.3.RELEASE.jar
spring-ldap-core-1.3.2.RELEASE.jar
spring-orm-4.0.3.RELEASE.jar
spring-security-config-3.2.4.RELEASE.jar
spring-security-core-3.2.4.RELEASE.jar
spring-security-ldap-3.2.4.RELEASE.jar
spring-security-web-3.2.4.RELEASE.jar
spring-tx-4.0.3.RELEASE.jar
spring-web-4.0.3.RELEASE.jar
spring-webmvc-4.0.3.RELEASE.jar
sta-client-1.0-SNAPSHOT.jar
stax2-api-3.1.1.jar
stax-api-1.0.1.jar
stax-ex-1.2.jar
streambuffer-0.9.jar
testng-6.8.8.jar
usertype.core-3.1.0.GA.jar
usertype.spi-3.1.0.GA.jar
velocity-1.7.jar
woodstox-core-asl-4.2.0.jar
ws-api-1.0-SNAPSHOT.jar
wsdl4j-1.6.3.jar
wss4j-1.6.10.jar
wstx-asl-3.2.3.jar
xalan-2.6.0.jar
xercesImpl-2.11.0.jar
xlxpScanner-1.0.jar
xlxpScannerUtils-1.0.jar
xml-apis-1.4.01.jar
xml-apis-ext-1.3.04.jar
xmlgraphics-commons-1.5.jar
xmlsec-1.5.4.jar
xmlschema-core-2.0.3.jar
xmltooling-1.3.2-1.jar
xpp3_min-1.1.4c.jar
xstream-1.3.1.jar

I think this could also be helpful, from java.security setting on my WAS:

# Default JSSE socket factories
#ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl
#ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl
# WebSphere socket factories (in cryptosf.jar)
ssl.SocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLSocketFactory
ssl.ServerSocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLServerSocketFactory

2条回答
Anthone
2楼-- · 2019-06-12 12:55

The javax.net.ssl.* properties need to be set as System properties, not JavaMail Session properties. Although I would hope that if they weren't set at all some reasonable defaults would be used.

查看更多
虎瘦雄心在
3楼-- · 2019-06-12 12:59

This is not the correct way using mail sessions in the application server environment.

You should define your mail session via Resources > Mail, specify all required properties there and select whether you want to use SSL (imaps). In your application you should get the mail session via JNDI or annotations, not using getInstance().

You will need to add SSL certificate from your mail server to the NodeDeafaultTrustStore.

In general , in WebSphere, you should avoid changing any javax.net.ssl system properties.

Answer Update

Marek here is my test code (fragment). I'm able to successfully connect (I'm using WAS v8.5.5). Look at log below.

Do you have any additional jars in your application? Please remove any third party jars like mail.jar, activation.jar etc...

public class IMapTest extends HttpServlet {
private static final long serialVersionUID = 1L;
@Resource(name="mail", lookup="mail/test")
Session mailSession;

/**
 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
 */
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // TODO Auto-generated method stub
    System.out.println("Accessing session");
    try {
        Store store = mailSession.getStore();
        System.out.println("gotStore");
        store.connect("user", "pass");
        System.out.println("connected!");
    } catch (NoSuchProviderException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (MessagingException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }   

}

}

Log (fragmet):

[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O DEBUG: JavaMail version 1.4.2
[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O DEBUG: successfully loaded resource: /META-INF/javamail.default.providers
[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O DEBUG: Tables of loaded providers
...    
[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O *** In SessionFactory.getObjectInstance, session properties:
[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O    mail.store.protocol=imaps
[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O    mail.imaps.class=com.sun.mail.imap.IMAPSSLStore
[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O    mail.debug=true
[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O    mail.pop3s.class=com.sun.mail.pop3.POP3SSLStore
[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O    mail.smtp.class=com.sun.mail.smtp.SMTPTransport
[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O    mail.imaps.host=imap.gmail.com
[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O    mail.smtps.class=com.sun.mail.smtp.SMTPSSLTransport
[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O    mail.imap.class=com.sun.mail.imap.IMAPStore
[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O    mail.mime.address.strict=true
[6/25/14 22:25:26:615 CEST] 0000007e SystemOut     O    mail.pop3.class=com.sun.mail.pop3.POP3Store
[6/25/14 22:25:26:630 CEST] 0000007e ServletWrappe I com.ibm.ws.webcontainer.servlet.ServletWrapper init SRVE0242I:  [servlet.IMapTest]: Initialization successful.
[6/25/14 22:25:26:630 CEST] 0000007e SystemOut     O Accessing session
[6/25/14 22:25:26:630 CEST] 0000007e SystemOut     O DEBUG: mail.imaps.class property exists and points to com.sun.mail.imap.IMAPSSLStore
[6/25/14 22:25:26:646 CEST] 0000007e SystemOut     O DEBUG: mail.imap.fetchsize: 16384
[6/25/14 22:25:26:646 CEST] 0000007e SystemOut     O DEBUG: mail.imap.statuscachetimeout: 1000
[6/25/14 22:25:26:646 CEST] 0000007e SystemOut     O DEBUG: mail.imap.appendbuffersize: -1
[6/25/14 22:25:26:646 CEST] 0000007e SystemOut     O DEBUG: mail.imap.minidletime: 10
[6/25/14 22:25:26:646 CEST] 0000007e SystemOut     O gotStore
[6/25/14 22:25:26:646 CEST] 0000007e SystemOut     O **DEBUG: trying to connect to host "imap.gmail.com", port 993, isSSL true**
[6/25/14 22:25:27:380 CEST] 0000007e SystemOut     O * OK Gimap ready for requests from 
...
[6/25/14 22:25:27:474 CEST] 0000007e SystemOut     O DEBUG: protocolConnect login, host=imap.gmail.com, user=uuuu, password=pass
[6/25/14 22:25:28:599 CEST] 0000007e SystemOut     O connected!
查看更多
登录 后发表回答