Announcement Announcement Module
Collapse
No announcement yet.
SocketException and Websphere 6.1 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SocketException and Websphere 6.1

    Hello everybody,

    I got a little Problem with an application running on Websphere 6.1 using Spring 1.2.8 and Spring-LDAP 1.1.2. The application authenticates against an Active Directory Server and provides users with some self service functionality (changing password, Emai alias, ...).
    The applicatio was running on Websphere 5.1 and Websphere 6.0 without any problems. On Websphere 6.1 we can not even log into the application. Every call to LDAP gives this Exception:


    Code:
    org.springframework.dao.DataRetrievalFailureException: Unable to communicate with LDAP server; nested exception is javax.naming.CommunicationException: 10.10.5.200:636 [Root exception is java.net.SocketException]
    javax.naming.CommunicationException: 10.10.5.200:636 [Root exception is java.net.SocketException]
    	at com.sun.jndi.ldap.Connection.<init>(Connection.java:222)
    	at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:133)
    	at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1593)
    	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2611)
    	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:298)
    	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:190)
    	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:208)
    	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151)
    	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:81)
    	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:679)
    	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:259)
    	at javax.naming.InitialContext.init(InitialContext.java:235)
    	at javax.naming.InitialContext.<init>(InitialContext.java:209)
    	at org.springframework.ldap.support.DirContextSource.getDirContextInstance(DirContextSource.java:45)
    	at org.springframework.ldap.support.AbstractContextSource.createContext(AbstractContextSource.java:193)
    	at org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:104)
    	at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:263)
    	at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:231)
    	at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:561)
    	at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:475)
    	at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:423)
    	at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:444)
    	at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:464)
    	at com.netzlink.hosting.db.ldap.ActiveDirectoryUserDaoImpl.authenticate(ActiveDirectoryUserDaoImpl.java:205)
    	at com.netzlink.hosting.web.LoginFormValidator.validate(LoginFormValidator.java:52)
    ...
    [snip]
    Caused by: 
    java.net.SocketException
    	at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:5)
    	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
    	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    	at java.lang.reflect.Method.invoke(Method.java:615)
    	at com.sun.jndi.ldap.Connection.createSocket(Connection.java:339)
    	at com.sun.jndi.ldap.Connection.<init>(Connection.java:209)
    	... 80 more
    The Spring configuration looks like this:

    Code:
    	<bean id="contextSource"
    		class="org.springframework.ldap.support.DirContextSource">
    		<property name="url" value="${ldap.url}"/>
    		<property name="userName" value="${ldap.userName}"/>
    		<property name="password" value="${ldap.Password}"/> 
    		<property name="anonymousReadOnly" value="false"/>
    		<property name="dirObjectFactory" value="org.springframework.ldap.support.DefaultDirObjectFactory"/>
    		<property name="baseEnvironmentProperties">
    			<map>
    				<entry>
    					<key><value>java.naming.security.protocol</value></key>
    					<value>ssl</value>
    				</entry>
    				<entry>
    					<key><value>java.naming.security.authentication</value></key>
    					<value>simple</value>
    				</entry>
    				<entry>
    					<key><value>java.naming.security.principal</value></key>
    					<value>${ldap.userName}</value>
    				</entry>
    				<entry>
    					<key><value>java.naming.security.credentials</value></key>
    					<value>${ldap.Password}</value>
    				</entry>
    				<entry>
    					<key><value>java.naming.security.protocol</value></key>
    					<value>ssl</value>
    				</entry>
    			</map>
    			
    		</property>
    	</bean>
    The corresponding code snipplet looks like this:
    Code:
        public boolean authenticate(ActiveDirectoryObject ado) {
            boolean isAuthenticated = false;
            try {
     	        ActiveDirectoryUser eu = (ActiveDirectoryUser)ado;
    	        AndFilter filter = new AndFilter();
    	        filter.and(new EqualsFilter("objectclass", ado.getObjectClass()));
    	        DirContextAdapter ad = contextAdapter.setActiveDirectoryObject(ado);
    	        ActiveDirectoryAuthenticationSource as = new ActiveDirectoryAuthenticationSource();
    	        as.setPrincipal(eu.getUserPrincipalName());
    	        as.setCredentials(eu.getPasswort());
    	        LdapTemplate ldTempl = getLdapTemplate(as);
    	        ldTempl.setIgnorePartialResultException(true);     
                filter.and(new EqualsFilter(ActiveDirectoryObjectDaoImpl.ATT_USERPRINCIPALNAME, ad.getStringAttribute(ActiveDirectoryObjectDaoImpl.ATT_USERPRINCIPALNAME)));
     	        List l = ldTempl.search(baseDn, filter.encode(), contextMapper);
    	        if(l.size() == 1) {
    	            isAuthenticated = true;
    	            Iterator it = l.iterator();
    	            while(it.hasNext()) {
    	                ActiveDirectoryUser eu1 = (ActiveDirectoryUser)it.next();             
    	            }
    	        }
            } catch (Exception e) {
                logger.error("Could not build Attributes mapping", e);
            }
            return isAuthenticated;
        }
    Exactly the same configuration is running in Websphere 6.0 and Websphere 5.1 without any problems. We can ping the Active Directory and telnet into port 363. So it is no Network problem. I assume, the cause is a change in the Implementation of the SSL libraries. But we were not able to find out, what exactly changed and how to resolve yet. Any help is welcome. Thanks in advance.

  • #2
    I doubt that it has anything to do with your problems, but you seem to set the "java.naming.security.protocol" property twice.

    Comment


    • #3
      Ah, good to know ;-) It's better to have 6 eyes review the code. But as you said, that doesn't resolve the problem.

      Comment


      • #4
        I ran into this problem recently. Websphere 6.1 requires new properties to be set:

        Security.setProperty("ssl.SocketFactory.provider", "com.ibm.jsse2.SSLSocketFactoryImpl");
        Security.setProperty("ssl.ServerSocketFactory.prov ider", "com.ibm.jsse2.SSLServerSocketFactoryImpl");

        Since LdapContextSource does not have a way to set these properties, I subclassed it and overrode setupAuthenticatedEnvironment(), calling super.setupAuthenticatedEnvironment() at the end. Lastly, I substituted LdapContextSource with my subclass in the Spring context file.

        Comment

        Working...
        X