ldaprealm doesn't work - javax.naming.NotContextException thrown

[glassfishrobot]

OS: solaris 10 build: 04/14 build Steps to reproduce the bug: 1. Install V3 build, start domain domain1 2. Checkout SQE workspace cvs co appserver-sqe/boostrap.xml cd appserver-sqe ant -f bootstrap.xml co-security 3.set env variables AS_HOME SPS_HOME ANT_HOME JAVA_HOME 4. change the following varaibles in appserver-sqe/pe/config.properties file

Directory Server Properties

directory.server.url=ldap://:389 directory.server.host= directory.server.port=389 directory.server.basedn=dc=red,dc=iplanet,dc=com directory.manager.dn=cn=Directory Manager directory.manager.pwd= Make sure the ldap instance is running fine 5. cd appserver-sqe/pe/security/ldaprealm, run "ant setup" This step create ldaprealm, ldapusers... The execution was successfull(see attached setup.log) 6. cd appserver-sqe/pe/security/ldaprealm/simpleweb, run "ant build deploy restart runweb". The test failed. User is not able to login. I saw javax.naming.NotContextException in server.log (see attached server.log) P.S. I ran the same test case using the same ldap server against as9.1.1, the test passed.

Environment

Operating System: All Platform: All

Affected Versions

[V3]

[glassfishrobot]

• Issue Imported From: https://github.com/javaee/glassfish/issues/4777
• Original Issue Raised By:@glassfishrobot
• Original Issue Assigned To: @yaminikb
• Original Issue Closed By:@glassfishrobot

[glassfishrobot]

@glassfishrobot Commented sonialiu said: Created an attachment (id=1441) server.log

[glassfishrobot]

@glassfishrobot Commented sonialiu said: Created an attachment (id=1442) setup.log

[glassfishrobot]

@glassfishrobot Commented @vbkumarjayanti said: reassing to venu for evaluation.

[glassfishrobot]

@glassfishrobot Commented venu said: The problem is that GFInitialContextFactoryBuilder is being set into NamingManager resulting in a non IDirContext object being returned.

[glassfishrobot]

@glassfishrobot Commented jimse said: Are there any known workarounds to this? I'm experiencing the same kind of problem because the war file I'm deploying makes use of JNDI (InitialLdapContext to be exact).

Which project is com.sun.enterprise.naming.impl.GFInitialContextFactoryBuilder in? I was thinking of taking a look at it to see if it could sense when to build a SerialInitContextFactory and when to act more like NamingManager.getInitialContext. For example, if the env doesn't set java.naming.factory.initial to a class it recognizes (like com.sun.enterprise.naming.impl.SerialInitContextFactory), maybe it could load and return whatever is set in java.naming.factory.initial.

[glassfishrobot]

@glassfishrobot Commented mk111283 said: This class is in common/glassfish-naming

By the way, one possible work around is to use new InitialContext(env), where env points to the appropriate InitialContextFactory

More specifically, env should contain

java.naming.factory.initial=

[glassfishrobot]

@glassfishrobot Commented jimse said: Thanks mk111283,

I'm afraid calling new InitialContext(env) doesn't work. InitialContext(env) calls InitialContext.init(env) which calls InitialContext.getDefaultInitCtx() which calls NamingManager.getInitialContext(env) which normally produces the correct intital context from the environment.

The problem is that NamingManager.getInitialContext(env) calls NamingManager.getInitialContextFactoryBuilder(), and if one is present, it uses that context factory builder to produce the context factory. In the case of Glassfish, that call to NamingManager.getInitialContextFactoryBuilder() returns com.sun.enterprise.naming.impl.GFInitialContextFactoryBuilder, and then when com.sun.enterprise.naming.impl.GFInitialContextFactoryBuilder.createInitialContextFactory(env) gets called, the factory returned is a com.sun.enterprise.naming.impl.SerialInitContextFactory. Oddly enough, this happens even though java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory in the passed env.

I really need LdapCtxFactory to produce an InitialLdapContext.

I couldn't find a "common" (I was looking here https://glassfish.dev.java.net/source/browse/glassfish/) I'm checking out the whole repo now – maybe I'll find it in there.

[glassfishrobot]

@glassfishrobot Commented jimse said: so, GFInitialContextFactoryBuilder doesn't even look at the passed env, and always returns a SerialInitContextFactory. So it seems like any web application wanting to use JNDI is not going to work unless there's a way to run glassfish in such a way as to have it not call NamingManager.setInitialContextFactoryBuilder, passing GFInitialContextFactoryBuilder (because that sets the initial ctx factory builder in a static variable).

Either that, or GFInitialContextFactoryBuilder should not do what it's doing when the passed env contains a java.naming.factory.initial

[glassfishrobot]

@glassfishrobot Commented jimse said: Does anyone know where the repository is that holds com.sun.enterprise.naming.impl.GFInitialContextFactoryBuilder? I pulled down the entire glassfish repo and it's not in there. I managed to find the source in a jar here http://download.java.net/maven/glassfish/org/glassfish/common/glassfish-naming/10.0-SNAPSHOT/ but where is the source repo?

[glassfishrobot]

@glassfishrobot Commented kumara said: Add gfv3-prelude-include to status whiteboard

[glassfishrobot]

@glassfishrobot Commented jimse said: BTW, I changed my local copy of GFInitialContextFactoryBuilder to check the env like this: String className = environment != null ? (String)environment.get(Context.INITIAL_CONTEXT_FACTORY) : null;

if (className == null || className.equals("com.sun.enterprise.naming.impl.SerialInitContextFactory"))

{ return new SerialInitContextFactory(environment, habitat); }

// else load the class in classname here

it works perfectly for me.

[glassfishrobot]

@glassfishrobot Commented kumara said: v3 defect tracking

[glassfishrobot]

@glassfishrobot Commented @vbkumarjayanti said: Assigning the Bug to Jerome so he can reassign to appropriate Engg. There is no suitable sub-category for glassfish-naming module so setting the it to other.

GlassFish V3 makes use of NamingManager.setInitialContextFactoryBuilder(), in Class ServicesHookup.java (method : setGFInitialContextFactoryBuilder() )

The GFInitialContextFactoryBuilder makes use of a SerialInitContextFactory. Which creates SerialContext Objects on call to getInitialContext(). The SerialContext is not javax.naming.Context.

This severely limits the ability of V3, since it prevents the J2SE Naming API's from making use of URL Context Factories for resolving URL based Initialcontexts.

In this case the URL was an LDAP url : ldap://localhost:389

So a call to ctx = new InitialLdapContext(getLdapBindProps(), null); from LDAPRealm results in a SerialContext object getting returned. But waht is expected is an instance of DirContext which supports search. So we endup getting the following exception :

---

javax.naming.NotContextException: Not an instance of DirContext at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(In itialDirContext.java:92) at javax.naming.directory.InitialDirContext.search(InitialDirContext.jav

The JDK Doc for InitialContext says the following :

This default policy of locating the initial context and URL context factories may be overridden by calling NamingManager.setInitialContextFactoryBuilder().

---

Attached is the callstack of how a call to new IntialLdapContext/InitialDirContext gets resolved in V3 and V2.

[glassfishrobot]

@glassfishrobot Commented @vbkumarjayanti said: Created an attachment (id=1775) call stack of how new InitialDirContext is processed in V2 for an LDAP URL

[glassfishrobot]

@glassfishrobot Commented @vbkumarjayanti said: Created an attachment (id=1776) call stack of how new InitialDirContext() for an LDAP URL is handled in V3

[glassfishrobot]

@glassfishrobot Commented @vbkumarjayanti said: I tried to do a few workarounds but none seemed to work.

When i tried to add to add the following code in SerialInitContextFactory

if (env != null) { Object directory = env.get(PROVIDER_URL); if (directory != null && directory instanceof String ) { String url = (String)directory; if (url.startsWith("ldap://"))

{ return com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(directory, env); }

} return new SerialContext(env, habitat); } else

{ return new SerialContext(defaultEnv, habitat); }

But with this change i always get :

Sep 6, 2008 11:30:24 AM OSGiModuleImpl loadClass SEVERE: Exception in module org.glassfish.common.glassfish-naming [27] : java.la ng.ClassNotFoundException: com.sun.enterprise.naming.impl.ServicesHookup Sep 6, 2008 11:30:24 AM SEVERE: Exception in thread "GlassFish Kernel Main Thread" Sep 6, 2008 11:30:24 AM SEVERE: org.jvnet.hk2.component.ComponentException: Failed to load com.sun.enter prise.naming.impl.ServicesHookup from org.jvnet.hk2.osgiadapter.OSGiModuleImpl$1 $1@210b5b Sep 6, 2008 11:30:24 AM SEVERE: at com.sun.hk2.component.LazyInhabitant.fetch(LazyInhabitant.jav a:94) Sep 6, 2008 11:30:24 AM SEVERE: at com.sun.hk2.component.LazyInhabitant.get(LazyInhabitant.java: 106) Sep 6, 2008 11:30:24 AM SEVERE: at com.sun.hk2.component.AbstractInhabitantImpl.get(AbstractInha bitantImpl.java:60) Sep 6, 2008 11:30:24 AM SEVERE: at com.sun.enterprise.v3.server.AppServerStartup.run(AppServerSt artup.java:137) Sep 6, 2008 11:30:24 AM SEVERE: at com.sun.enterprise.v3.server.AppServerStartup$1.run(AppServer Startup.java:103) Sep 6, 2008 11:30:24 AM SEVERE: Caused by: java.lang.ClassNotFoundException: com.sun.enterprise.naming.i mpl.ServicesHookup Sep 6, 2008 11:30:24 AM SEVERE: at org.jvnet.hk2.osgiadapter.OSGiModuleImpl$1$1.loadClass(OSGiMo

not sure why ?.

[glassfishrobot]

@glassfishrobot Commented @vbkumarjayanti said: reassign to Mahesh after discussion with Abhijit.

[glassfishrobot]

@glassfishrobot Commented mk111283 said: See Issue# 6025

[glassfishrobot]

@glassfishrobot Commented mk111283 said: Fixed

Sending common/glassfish-naming/src/main/java/com/sun/enterprise/naming/impl/SerialInitContextFactory.java Sending common/glassfish-naming/src/test/java/com/sun/enterprise/naming/impl/AppTest.java Adding (bin) distributions/nucleus-base/lib/jndi-properties.jar Transmitting file data ... Committed revision 22845.

Deleting impl/GFInitialContextFactoryBuilder.java Deleting impl/ServicesHookup.java

Committed revision 22846.

[glassfishrobot]

@glassfishrobot Commented File: server.log Attached By: sonialiu

[glassfishrobot]

@glassfishrobot Commented File: setup.log Attached By: sonialiu

[glassfishrobot]

@glassfishrobot Commented File: v2initctx.JPG Attached By: @vbkumarjayanti

[glassfishrobot]

@glassfishrobot Commented File: v3initctx.JPG Attached By: @vbkumarjayanti

[glassfishrobot]

@glassfishrobot Commented Was assigned to mk111283

[glassfishrobot]

@glassfishrobot Commented This issue was imported from java.net JIRA GLASSFISH-4777

[glassfishrobot]

@glassfishrobot Commented Reported by sonialiu

[glassfishrobot]

@glassfishrobot Commented Marked as fixed on Friday, September 19th 2008, 12:32:36 pm