[Java>JavaMail] java.lang.SecurityException: "Access to default session denied" occures.

Description
This problem occures in my web application environment using tomcat server. When using the javamail library to send email from my application, sometimes the java.lang.SecurityException: "Access to default session denied" error occures and I can not send email from my application. After rebooting my application server(tomcat), javamail works fine for a while.

Error Details
Error message outputted by the javamail is java.lang.SecurityException: "Access to default session denied". After occuring this error, system always fails to send email, but system works fine after rebooting the tomcat server.

Cause
This error is raised in the getDefaultInstance method in javax.mail.Session.java. According to this source code, this error occures when the default session object is already initialized, but authenticator instance is renewed or changed, or the class loader of the default session object is different from the argument authentificator's. Maybe the java source code using the default session instance of the java mail is recompiled and reloaded, or duplicate javamail class libraries are included into the Classpath of the environment.

javax.mail.Session.java file
   public static synchronized Session getDefaultInstance(Properties props,
                                       Authenticator authenticator) {
       if (defaultSession == null)
           defaultSession = new Session(props, authenticator);
       else {
           // have to check whether caller is allowed to see default session
           if (defaultSession.authenticator == authenticator)
               ;       // either same object or both null, either way OK
           else if (defaultSession.authenticator != null &&
                   authenticator != null &&
                   defaultSession.authenticator.getClass().getClassLoader() ==
                       authenticator.getClass().getClassLoader())
               ;       // both objects came from the same class loader, OK
           else
               // anything else is not allowed
               throw new SecurityException("Access to default session denied");
       }

       return defaultSession;
   }

Resolution

1. Recompile and restart application server to reload the new class file.
   After restarting the application server, does your system work fine?
   Do you use auto-deploy functionality? If yes, restart application server and use it without modifying and recompiling your java files.
   
2. If the duplicate class files are included.
   Please check the class path directories and some jar files including the javamail class file is included. For example, please check common/lib directory and WEB-INF/lib in your application if you are using tomcat application server. If the duplicate class files are found, please remove the jar file.