Password Authentication
Hardcoding passwords in source code as Example 19.4 does is, to say the least, a very bad idea. If a password is required, you should ask the user for it at runtime. Furthermore, when the user types the password, it should not be displayed on the screen. Ideally, it should not even be transmitted in clear text across the network, though in fact many current POP clients and servers do exactly that. (IMAP tends to be a little more secure.)
When you open a connection to a message store, the JavaMail API
allows you to provide a javax.mail.Authenticator
object that it can use to get the username and password.
Authenticator
is an abstract class:
public abstract class Authenticator extends Object
When the provider needs to know a username or password, it calls back
to the getPasswordAuthentication( )
method in a user-defined
subclass of Authenticator. This returns a
PasswordAuthentication
object containing this information:
protected PasswordAuthentication getPasswordAuthentication( )
Note
These two classes are almost exactly the same as the
java.net.Authenticator and
java.net.PasswordAuthentication classes discussed
in Chapter 7. However, those classes are available
only in Java 1.2 and later. To make the JavaMail API work in Java
1.1, Sun had to duplicate their functionality in the
javax.mail package. Sun could have included
java.net.Authenticator and
java.net.PasswordAuthentication in
mail.jar, but that would have meant that the JavaMail API could not be certified ...
Get Java Network Programming, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
