SMTP in Java with javax.mail

JavaMail API (aka javax.mail, available here) is a great library for sending/receiving mails straight from a Java code. Web is crammed with basic examples how to use it. It's however much more difficult to find an example with secure SMTP working with "real" server, like GMail.
In fact, there are two standardized types of secure mail sending:

• ESMTP protocol, working with or without encryption. Requires "pure" (non-SSL) sockets to be used. With "starttls" command, communication can be upgraded to full SSL. RFC-defined port is 587.


• SMTP protocol over the SSL transport. Requires SSL sockets to be used from the beginning. RFC-defined port is 465.

In order to configure JavaMail for ESMTP, following code is needed:

Properties properties = new Properties();
properties.put("mail.smtp.starttls.enable", "true")
final javax.mail.Session session = javax.mail.Session.getInstance(properties);

while for SMTP over SSL, use following:

Properties properties = new Properties();
properties.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
final javax.mail.Session session = javax.mail.Session.getInstance(properties);

That's basically it. I tested following properties with GMail account, using both "SMTP over SSL" and "ESMTP with STARTTLS" options and it worked smoothly.
Following some most commonly experienced errors/exceptions with short descriptions:

1. com.sun.mail.smtp.SMTPSendFailedException: 554 5.7.1 Sender address rejected.
   In case of many providers (like "o2.pl") means that only account owner (like "user@o2.pl") is allowed as the message sender.


2. javax.mail.MessagingException: Could not connect to SMTP host: smtp.live.com, port: 465; nested exception is: java.net.ConnectException: Connection timed out
   Basically thrown when requested port isn't open. In the mail world usually means that server doesn't offer configured secure protocol (for example Hotmail doesn't offer pure SSL connection)


3. com.sun.mail.smtp.SMTPSendFailedException: 553 From address not verified
   Means that sender address needs to be verified (enabled) in account's configuration. Can be experienced with for example Yahoo! free accounts.


4. javax.mail.AuthenticationFailedException: 535-5.7.1 Username and Password not accepted.
   Send by server if user or password used for authentication failed. Usually means that server requires full user name (user@server.com) to be used.

If above solution fails (or experienced exception is different than listed), you can always enable JavaMail debug with following property:

properties.put("mail.smtp.debug", "true");

There is also nice shell tool, very useful for checking secure SMTP account's features, called "smtp-cli". You can grab it here.

Java 7 Coin - examples

One year ago I wrote a post about Java 7 extensions proposed by the Project Coin. Those 6 new language features were then described in long text documents. Now, with recent JDK 7 builds we're given an opportunity to test them "in fight".
I found following two interesting posts on Arul's blog filled with quick-start examples:

• try-with-resources, formerly Automatic Resource Management


• remaining 5 Coin(s)

Xalan Java exensions

Lately, I've been given a task involving some XSLT processing with Java extensions. Transformation was meant to be run from a JSR-168 portlet running in the IBM WebSpere Portal.
First prototype used following declarations:

• function (namespace) declaration:
  xmlns:custom="java:foo.bar.CustomFunction"
  
• class instance injection:
  xsl:param name="instance"
  
• sample instance method call:
  custom:setTitle($instance, text())
  

It run smoothly in Tomcat without any problems, even given that I had to use instance method calls on object passed by param.
Then I moved to IBM WebSphere and things got complicated. At first I was blessed by the TransformerConfgiurationException. I took me plenty of googling to figure out what was happening. Eventually it occurred that WebSphere's Xalan was unable to identify the exact type (!) of injected custom class instance. It's well-known limitation, identified in this Apache JIRA issue.
My final XSLT declarations are as follows:

• function (namespace) declaration:
  xmlns:my-namespace="xalan://foo.bar.CustomFunction"
  
• class instance injection:
  xsl:param name="instance"
  
• sample instance method call:
  my-namespace:setTitle(xsltc:cast('foo.bar.CustomFunction', $instance), '', text())
  

The best thing is that such configuration works in both containers (Tomcat and WebSphere) without any problems :)

I can hear you... sorting

How does an algorithm look or sound like? Have you ever asked yourself similar question? I have, especially in the context of some savants extraordinary mathematical skills. Some of them were reported to "imagine" numbers when performing complex tasks like primes computations. Of course this is much harder when speaking about algorithms. For example there is one catchy question - what exactly should be visualized? How does an algorithm work on the specific data set or how does it work in general? Or better - can you decouple algorithm from it's working data and still be able to visualize the way it works?
Questions asked above are quite complex, but some say that one picture is worth of thousand words ;-) So what about one melody ? Or two? Those I found recently on the YT:

• Insert/bubble/selection/merge/gnome sort audibilization


• Heapsort audibilization

In my opinion, Mergesort rocks! ;)

JAAS security @ WebLogic

This may be a valuable tip for anyone struggling with custom JAAS-based security on Oracle WebLogic. Apart from tiresome JPDA debugging of custom authenticators or even server's code there is one nifty feature available: debug logging.

To enable some in-depth information logging, one needs to navigate to:

Servers -> [server name] -> Debug

There are two main categories: default and weblogic. For security debugging, the latter is interesting. Typically I enable following:

• default -> security -> DebugSecurity


• default -> security -> realm -> DebugSecurityRealm


• default -> security -> realm -> DebugSecurityService

With those active, your console output will be filled with lots of debug data. Picking useful information is a somewhat different story.. ;-)

Inception in Java - coming soon ;)

I take that almost everyone has already seen the "Inception". Some people deem it incredibly interesting, others say it's just another action movie without any "real" depth. But I guess that there is only one person in the world, that tried to write down "Inception" script in Java 7 ;-) The name is Joseph Darcy - just take a look at his blog.
While this *may* look a bit funny, in fact it's very pretty demonstration of the new try-with-resources statement. For more details take a look at the example IO code here.