Basically I'm trying to execute the following code within an lotus notes java agent in a local database to force ignore the host name mismatch for the SSL certificate.
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
System.out.println("Warning: URL Host: " + urlHostName + " vs. "
+ session.getPeerHost());
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
However, I'm encountering an error that says that the access to the particular method is denied
java.security.AccessControlException: Access denied (javax.net.ssl.SSLPermission setHostnameVerifier) at java.security.AccessController.throwACE(AccessController.java:100) at java.security.AccessController.checkPermission(AccessController.java:174) at java.lang.SecurityManager.checkPermission(SecurityManager.java:544) at COM.ibm.JEmpower.applet.AppletSecurity.superDotCheckPermission(AppletSecurity.java:1449) at COM.ibm.JEmpower.applet.AppletSecurity.checkPermission(AppletSecurity.java:1617) at COM.ibm.JEmpower.applet.AppletSecurity.checkPermission(AppletSecurity.java:1464) at javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(HttpsURLConnection.java:40) at JavaAgent.NotesMain(JavaAgent.java:45) at lotus.domino.AgentBase.runNotes(Unknown Source) at lotus.domino.NotesThread.run(Unknown Source)
I have tried the following code inside the java.policy file but the error remains the same
permission javax.net.ssl.SSLPermission “setHostnameVerifier”;
I tried the same code in eclipse IDE and ran it and worked well.
In some cases, putting the code in an external jar file seems to do the trick. Have you seen this article? It goes into a lot of detail about solving problems like this.