I'm developing a Java EE 6 application that uses AD to help with logging in. My authenticator is simple and looks like this:
#Singleton
#TransactionManagement(TransactionManagementType.BEAN)
public class ADAuthenticator{
private static final String ldapHost = "ldap://domainname.mycompany.com:389";
private static final String domain = "domainname";
public ADAuthenticator() {
}
public void authenticate(String user, String pass) throws NamingException{
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapHost);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, user + "#" + domain);
env.put(Context.SECURITY_CREDENTIALS, pass);
LdapContext ctxGC = new InitialLdapContext(env, null);
}
}
This has worked well for some time, but lately I'm getting the following exception (except some times where it magically works):
javax.naming.CommunicationException: mydomain.mycompany.com:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:210)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at com.xdin.competence.util.ADAuthenticator.authenticate(ADAuthenticator.java:35)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at <ejb stuff omitted>
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at java.net.Socket.connect(Socket.java:478)
at java.net.Socket.<init>(Socket.java:375)
at java.net.Socket.<init>(Socket.java:189)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:352)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:187)
... 101 more
Nothing has changed with the code, and according to IT-support, no configuration regarding AD has been changed either.
I seperated the relevant code into a simple console application, and it works perfectly with the exact same settings. So the problem seems related to Java EE or the webserver. Any ideas?
The packets for the TCP/IP connection do not arrive in time. This may have multiple reasons, but from what you describe, this may simply be a network congestion between your Java code and the LDAP server which in turn causes package loss. There might also be a firewall blocking that port inbetween.
You need to learn about the ping, traceroute and telnet host port tools to troubleshoot your network layer. I would suggest you team up with a network guy from IT-support and ask him nicely to help finding out where your package loss is.
Related
I cannot tell if its a credentials/SSL issue or an LDAP configuration issue on the server. I tried accessing the local version and i had no problem (then again local Ldap and server setup is a little different). The socket is definitely not closed as we are using that url in our processing system and it is not down.
Code is failing at this line:
NamingEnumeration<?> namingEnum = ctx.search("dc=barney,dc=com", "(objectclass=person)", getSimpleSearchControls());
Code block:
final String ldapAdServer = "ldap://myspecialhost.barney.us:389";
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapAdServer);
LdapContext ctx = new InitialLdapContext(env, null);
ctx.setRequestControls(null);
NamingEnumeration<?> namingEnum = ctx.search("dc=barney,dc=com", "(objectclass=person)", getSimpleSearchControls());
And the stacktrace is here:
javax.naming.ServiceUnavailableException: tiffany.barney.ca:389; socket closed; remaining name 'dc=barney,dc=com'
at com.sun.jndi.ldap.Connection.readReply(Connection.java:437)
at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:613)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:536)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1965)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1827)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at com.barney.shopping.tiffany.LDAPImpTest.main(LDAPImplTest.java:154)
EDIT 1:
I tried using a different url and i get a connection timed out. Does this new url seem more right and i'm getting closer to the correct url perhaps?
EDIT 2:
new stacktrace
javax.naming.CommunicationException: possibleURL:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:209)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:116)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1582)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2678)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at blablalbla.LDAPInterfaceTest.main(LDAPInterfaceTest.java:154)
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at java.net.Socket.connect(Socket.java:478)
at java.net.Socket.<init>(Socket.java:375)
at java.net.Socket.<init>(Socket.java:189)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:351)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:186)
... 13 more
I've tried to used RMI, here is server side. at first it worked without any exception, but now after three times whenever i try to run the below code, i will get some errors
The code is:
import java.rmi.server.UnicastRemoteObject;
/**
* Created by elyas on 12/11/14 AD.
*/
public class LogicImplement extends UnicastRemoteObject implements Logic
{
public LogicImplement() throws Exception
{
java.rmi.registry.LocateRegistry.createRegistry(6060);
java.rmi.Naming.rebind("Object1",this);
}
#Override
public int sum(int a, int b) throws Exception
{
int result = a + b;
System.out.println("ana sum executed");
return result;
}
public static void main(String[] args)
{
try
{
LogicImplement logicImplement = new LogicImplement();
} catch (Exception e)
{
e.printStackTrace();
}
}
}
The error is like this: i've tried to change the Object1 to for example Object2, but again i will get error, also i change the port number...
what is solution?
java.rmi.ConnectException: Connection refused to host: 127.0.0.1; nested exception is:
java.net.ConnectException: Connection refused
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:619)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:341)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
at java.rmi.Naming.rebind(Naming.java:177)
at LogicImplement.<init>(LogicImplement.java:12)
at LogicImplement.main(LogicImplement.java:27)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
Caused by: java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at java.net.Socket.connect(Socket.java:528)
at java.net.Socket.<init>(Socket.java:425)
at java.net.Socket.<init>(Socket.java:208)
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:147)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
... 12 more
java.net.ConnectException: Connection refused
There could be couple of reasons for this exception:
You have not started your rmiregistry in background.
You are trying to connect to the wrong port number.
Your firewall maybe blocking the connections.
The Answer was very simple, By default, the registry runs on port 1099. To start the registry on a different port, specify the port number on the command line. Do not forget to unset your CLASSPATH environment variable. for more information check this link: Running the Example Programs
** So for fixing this code i must change the port number form 6060 to 1099
notice that: if 1099 is used by other services you have to test 1100, and if 1100 is used too, you have yo use 1101 and so on. :-)
Since this was a port number issue, there is another way to start the registry on the port number you want:
java.rmi.registry.Registry rmiRegistry = java.rmi.registry.LocateRegistry.
createRegistry(6060); // Creates a registry on 6060
rmiRegistry.rebind("Object1",this); // Binds to registry created on 6060
You haven't started the RMI Registry.
When you get past this, if it still happens when calling the remote method, see item A.1 of the RMI FAQ.
I am connecting to LDAP, which is working fine. However, I need to change the value of one attribute. I am able to read the current value, but I can't modify the value. This is my code:
I have tried many things from the internet, but all cause in one error:
[Root exception is java.net.ConnectException: Connection refused: connect] (It's always in the "executing" line of code).
at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:74)
at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:410)
at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:357)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_bind(ComponentContext.java:596)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(PartialCompositeContext.java:183)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.bind(PartialCompositeContext.java:173)
at javax.naming.InitialContext.bind(InitialContext.java:400)
at Client.connect(Client.java:80)
at Main.main(Main.java:22)
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:570)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:371)
at com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:71)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:316)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:186)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:116)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1580)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2678)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:134)
at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:35)
at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:584)
at javax.naming.spi.NamingManager.processURL(NamingManager.java:364)
at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:344)
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:316)
at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:93)
This is what I tried - what am I doing wrong? Please give me some suggestions.
Attribute mod0 = new BasicAttribute("attribute", "AAA");
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0);
authContext.modifyAttributes("correctDn", mods);
Later, I tried this one:
Attribute acl = new BasicAttribute( "attribute", "asdf");
authContext.modify( entryDN, new LDAPModification(LDAPModification.ADD, acl));
EDITED This is a connection refusal while processing a referral. You are talking to an LDAP slave that has sent you a referral to the master, and you can't connect to the master, either because the slave configuration has given you the wrong referral information or because there is a firewall in the way of the master LDAP server.
I am trying to prototype TCP hole punching of a NAT as described in this paper http://www.brynosaurus.com/pub/net/p2pnat/.
I have this simple piece of code that tries to open a connection to a server on a specific local port. I am trying to observe on the public server if the NAT maps both the connections to the same NAT mapping.
int localPort = getFreeLocalPort();
while (true) {
Socket connection = new Socket(_publicServerHost,_publicServerPort,
getLocalSocketAddress(), localPort);
connection.setReuseAddress(true);
connection.close();
}
The 1st time it connects fine. But the 2nd attempt it throws an exception:
Local port chosen for hole punching: 65416
2012-06-17 15:55:21,545 ERROR - Address already in use: connect
2012-06-17 15:55:25,175 DEBUG - Details:
java.net.BindException: Address already in use: connect
at java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:1.6.0_24]
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351) ~[na:1.6.0_24]
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213) ~[na:1.6.0_24]
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200) ~[na:1.6.0_24]
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) ~[na:1.6.0_24]
at java.net.Socket.connect(Socket.java:529) ~[na:1.6.0_24]
at java.net.Socket.connect(Socket.java:478) ~[na:1.6.0_24]
at java.net.Socket.(Socket.java:375) ~[na:1.6.0_24]
at java.net.Socket.(Socket.java:249) ~[na:1.6.0_24]
try adding connection.setSoLinger(true, 0); directly before connection.close();.
Like so:
connection.setSoLinger(true, 0);
connection.close();
This forces the OS to release the socket.
On what basis was the local port chosen? Obviosuly not a sound one. You would be better off letting the system choose it, by specifying zero, and getting the actual value from the socket after opening, if you need it at all.
Have you solved your problem ?
setReuseAddress() should be called before port is assigned.
Socket connection = new Socket();
connection.setReuseAddress(true);
connection.bind( ...);
This question already has answers here:
What is a connection timeout during a http request
(2 answers)
Closed last month.
I get an exception when I run this code. Why?
Exception in thread "main" java.net.ConnectException: Connection timed out: connect
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
public class MainClass {
public static void main(String[] args) throws Exception {
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
URL url = new URL("https://www.verisign.com/");
BufferedReader in = new BufferedReader(new InputStreamReader(url.openStream()));
String line;
while ((line = in.readLine()) != null) {
System.out.println(line);
}
in.close();
}
}
Exception:
Exception in thread "main" java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:525)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:550)
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:141)
at sun.net.NetworkClient.doConnect(NetworkClient.java:163)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:394)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:529)
at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:272)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:329)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:172)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:801)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:158)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1049)
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
at java.net.URL.openStream(URL.java:1010)
at https.ssl.MainClass.main(MainClass.java:13)
We can't diagnose your networks for you. You need to do it yourself, or get your local admins to look at.
Things you should check before you bug your admins:
can you ping the host?
can you connect to http://www.verisign.com using a web browser?
can you connect to https://www.verisign.com using a web browser?
can you connect to http://www.verisign.com using your program?
can you connect to anything using your program?
The chances are that your problem is firewall related. My first guess would be that you don't have the correct environment variables or Java system properties set to tell the JVM to use a local proxy server for outgoing HTTP / HTTPS requests.
If it is not a problem with your settings, you will need to get help from someone local who can help you diagnose the problem.