Home

Add a comment

 

Avatar: Chitra

Re: Java in Notes/Domino Explained: On Java Security and how it relates to Notes/Domino

Hi Mikkel,

I am getting the below exception when am trying to access a server from Lotus Notes java agent.

<p style="margin-left: 40px;"> java.security.AccessControlException: Access denied (javax.net.ssl.SSLPermission setHostnameVerifier)
    at java.security.AccessController.checkPermission(AccessController.java:108)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)

What am exactly doing is,creating some JSON header and posting it to another(not domino) server.For each and every method am calling a method to verfiy cert and it should return host name valid true.

This is working fine if am running it as a standalone java program but not in lotus notes.

Here what I did is,I just created a class with the below certificate verification code

<p style="margin-left: 40px;">private void trustCerts () {
        JOptionPane.showMessageDialog(null,"Am in trustCerts--------");
        try{
            // Create a trust manager that does not validate certificate chains
            TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                    public void checkClientTrusted(X509Certificate[] certs, String authType) {
                    }
                    public void checkServerTrusted(X509Certificate[] certs, String authType) {
                    }
                }
            };

            // Install the all-trusting trust manager
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

            JOptionPane.showMessageDialog(null,"before return from trustcert--------");
            // Create all-trusting host name verifier
            HostnameVerifier allHostsValid = new HostnameVerifier() {
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            };

            // Install the all-trusting host verifier
            HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
           
        }catch(Exception e){
            e.printStackTrace();
        }
    }

and exported this as a jar file and placed it in this \IBM\Lotus\Notes\jvm\lib\ext directory.

In my class I just created object for the class which is inside of my jar and called the method.

I dont know whether what I did is correct or not..Am pretty new to Lotus Notes....Please adivce me to get out of this.

 

Thanks

Chitra


Re: Java in Notes/Domino Explained: On Java Security and how it relates to Notes/Domino


Title
Body
HTML : b, strong, i, em, blockquote, br, p, pre, a href="", ul, ol, li, sub, sup
OpenID Login
Name
E-mail address
Website
Remember me Yes  No 

E-mail addresses are not publicly displayed, so please only leave your e-mail address if you would like to be notified when new comments are added to this blog entry (you can opt-out later).