Tuesday, April 27, 2010

Railo: CFPOP + Gmail + SSL Experiment

An interesting question on stackoverflow.com this week prompted me to explore cfmail/cfpop settings in the three engines: Railo, OpenBD and Adobe CF. If you have used gmail from ColdFusion, no doubt you are aware of one of the work-arounds for the lack of SSL support for CFPOP. Being new to Railo, I did not realize the work-around is only for Adobe CF.


Apparently Adobe CF also checks the default java.lang.System properties when creating mail connections. If certain mail settings like mail.pop3.socketFactory.class are present, it applies them to the new connection. However, Railo does not. It only uses the supplied tag attributes, which do not include "useSSL". At least as far as I know. So the work-around has no effect in Railo.

After poking around the API, I did manage to get CFPOP working with gmail under Railo.. with a catch. You can specify which provider to use for the pop3 protocol as the default provider for the pop3 protocol by adding a javamail.providers file to your {java_home}\lib directory.

Display {Java_Home} Path:

<cfset javaHome = createObject("java", "java.lang.System").getProperty("java.home", "")>
<cfoutput>
    javaHome\lib = #javaHome#\lib
</cfoutput>

Simply add the following line, and save the file as javamail.providers. (The ".providers" file extension is important). All CFPOP connections will now use SSL.

javamail.providers
protocol=pop3; type=store; class=com.sun.mail.pop3.POP3SSLStore; vendor=Sun Microsystems, Inc;

Now, I mentioned a catch. Unlike the work-around for Adobe CF, this setting is all-or-nothing. If you enable it, all CFPOP connections will use SSL. If you connect to a server does not support SSL, the connection will fail. With the Adobe CF work-around both connection types are allowed by setting the property mail.pop3.socketFactory.fallback  equal to true. So SSL will be used if supported. Otherwise, CF will fall back to a regular socket connection.  Keep in mind both work-arounds are system wide. So the settings apply to the entire JVM.

Now, the fix may be too broad for some. But if you only need SSL connections for CFPOP, it might do the trick. If not, there are other options like sTunnel and custom CFC's. I am sure Railo will implement official support for SSL with CFPOP one of these days. Hopefully, Adobe CF will too ;)

6 comments:

webRat April 27, 2010 at 5:00 AM  

Here is the Railo ticket associated with this issue: https://jira.jboss.org/jira/browse/RAILO-506

cfSearching April 27, 2010 at 5:11 AM  

Thanks .. and I agree it would be better if it were a "real" attribute (in all of the engines)

Sean Daniels,  April 27, 2010 at 6:05 AM  

I opened this ticket in JIRA and hope for a real fix at some point but in the meantime this is a nice workaround! Thanks for posting.

/Sean

Sean Daniels,  April 27, 2010 at 6:18 AM  

Question: does the JVM require a reboot to pick up the changes in javamail.providers? Because if not it would be pretty easy to write this file using cffile right before calling cfpop and then clean it up afterwards in order to have both SSL and non-SSL support.

When I have time I will give this a try but I thought I'd ask first.

cfSearching April 27, 2010 at 6:34 AM  

@Sean,

No, it did not require a re-boot in my tests. I think the file is read every time you create a new mail connection.

-Leigh

Anonymous,  June 25, 2013 at 7:12 AM  

Thank you for this... I was totally stumped. This worked perfect.

  © Blogger templates The Professional Template by Ourblogtemplates.com 2008

Header image adapted from atomicjeep