Bug ID: JDK-8325029 Connection.java now requires custom socket factories to implement javax.net.SocketFactory

Type: Bug
Component: core-libs
Sub-Component: javax.naming
Affected Version: 8u401

Priority: P3
Status: Resolved
Resolution: Fixed

Submitted: 2024-01-31
Updated: 2024-03-26
Resolved: 2024-03-15

JDK 8
8u421 b01Fixed

Our applications throw the following exception:

Caused by: javax.naming.CommunicationException: cefrlb-eas33.ce.sdxcorp.net:636 [Root exception is java.lang.ClassCastException: com.sap.security.core.server.https.SecureConnectionFactory (loaded by library:security.class@85328 com.sap.engine.boot.loader.ResourceMultiParentClassLoader) cannot be cast to javax.net.SocketFactory (loaded by <bootstrap>)]
        at com.sun.jndi.ldap.Connection.<init>(Connection.java:247)
        at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
        at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2847)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
        at com.sap.engine.system.naming.provider.DefaultInitialContext._getDefaultInitCtxt(DefaultInitialContext.java:64)
        ... 128 more
Caused by: java.lang.ClassCastException: com.sap.security.core.server.https.SecureConnectionFactory (loaded by library:security.class@85328 com.sap.engine.boot.loader.ResourceMultiParentClassLoader) cannot be cast to javax.net.SocketFactory (loaded by <bootstrap>)
        at com.sun.jndi.ldap.Connection.getSocketFactory(Connection.java:330)
        at com.sun.jndi.ldap.Connection.createSocket(Connection.java:296)
        at com.sun.jndi.ldap.Connection.<init>(Connection.java:224)
        ... 138 more

Our class SecureConnectionFactory does not implement interface javax.net.SocketFactory.

This was not necessary before 8u401. With 8u401, we see this issue.

For us it looks like with the backport of JDK-8314063 a snippet of JDK-8048175,
a change from jdk9, sneaked in:

src/share/classes/com/sun/jndi/ldap/Connection.java:
-  Class<?> socketFactoryClass = Obj.helper.loadClass(socketFactory);
+  Class<? extends SocketFactory> socketFactoryClass =
+          (Class<? extends SocketFactory>) Obj.helper.loadClass
+          (socketFactory);

It is unclear to us whether implementing SocketFactory is required in 8.
All we found about this is https://docs.oracle.com/javase/jndi/tutorial/ldap/security/ssl.html.
Obviously JDK-8048175 enforces this since jdk9, but for 8 it looks as an regression.

If this change was intended, a release note would have been useful.

[~dfuchs] yes, I will work on both, CSR and RN, for JDK-8048175

01-03-2024

It seems that the compatibility issues caused by JDK-8048175 had not been expected. In the light of the regression outlined in this issue I would recommend filing a retro-active CSR and Release Notes for JDK-8048175. [~aefimov] would you be willing to file the retro-active CSR and release notes?

01-03-2024

Relates :	JDK-8315240 - The socket is not closed in Connection::createSocket when the handshake failed for LDAP connection
Relates :	JDK-8314063 - The socket is not closed in Connection::createSocket when the handshake failed for LDAP connection
Relates :	JDK-8048175 - Remove redundant use of reflection on core classes from JNDI