Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

InitialDirContext Throwing ServiceUnavailableException socket closed

843811May 17 2006 — edited May 17 2006
Any assistance is appreciated.

Problems occurring when multiple DirContext instances are created. Attempting to make a SSL connection to Active Directory on port 636. A single successful context can be established in the below code. However, a second instantiation of InitialDirContext(env) results in a javax.naming.ServiceUnavailableException: [domain]:636; socket closed error. Multiple contexts are desired to establish a connection pool.

A few items to note. Establishing four unsecure DirContext on port 389 works successfully. I can establish a DirContext on port 636, use the context, close the context then establish new contexts without a problem. A server certificate was imported to the C:\j2sdk1.4.2_11\jre\lib\security\cacerts file. Testing on a local computer. Below is sample code:
public static void main(String[] args) {
    try {
        System.setProperty("javax.net.debug","all");
        // Set up the environment for creating the initial context
        Hashtable env = new Hashtable();
         env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.SECURITY_PRINCIPAL, "[USER DN]");
        env.put(Context.SECURITY_CREDENTIALS, "[PWD]");
        //NON SSL
        //env.put(Context.PROVIDER_URL, "ldap://[server]:389");
        //SSL
        env.put(Context.PROVIDER_URL, "ldap://[server]:636");
        env.put(Context.SECURITY_PROTOCOL, "ssl");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");

        // Create the initial context
        DirContext ctx = null;
        DirContext ctx2 = null;
        DirContext ctx3 = null;
        DirContext ctx4 = null;

        try {
            //Works every time...
            ctx = new InitialDirContext(env);
        } catch (NamingException e) {
            e.printStackTrace();
        }

        try {
        //Fails on port 636, works on port 389
        ctx2 = new InitialDirContext(env);
        } catch (NamingException e) {
            e.printStackTrace();  
        }

        try {
        //Works on port 636 (after 2nd attempt fails) and port 389
        ctx3 = new InitialDirContext(env);
        } catch (NamingException e) {
            e.printStackTrace();
        }

        try {
        //Fails on port 636, works on port 389
        ctx4 = new InitialDirContext(env);
        } catch (NamingException e) {
            e.printStackTrace();
        }

        Attributes attrs = ctx.getAttributes("[A USER DN]");
        System.out.println("Total attributes returned: " + attrs.size());

        try {
            ctx.close();
            ctx2.close();
            ctx3.close();
            ctx4.close();
        } catch (NamingException e) {
            e.printStackTrace();
        }

    } catch (Exception ex) {
        ex.printStackTrace();
    }
    System.exit(0);
}
The java debug statements at the second exception: 
Thread-1, WRITE: TLSv1 Handshake, length = 121
Thread-1, received EOFException: ignored
Thread-1, called closeInternal(false)
Thread-1, SEND TLSv1 ALERT:  warning, description = close_notify
Plaintext before ENCRYPTION:  len = 18
0000: 01 00 0F 78 84 EE 16 24   F6 99 B0 83 52 14 FF 86  ...x...$....R...
0010: 29 3C                                              )<
Thread-1, WRITE: TLSv1 Alert, length = 18
Thread-1, called close()
Thread-1, called closeInternal(true)
Again, any assistance is appreciated.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jun 14 2006
Added on May 17 2006
#java-secure-socket-extension-jsse
1 comment
570 views