Problem in SSL AD Authentication

Hi,

I have the following code running fine as a Console application;

however, when I run it under tomcat as a servlet (the same exact machine),

I get an error.

See the code (the error follows after):

publicstaticvoid main(String[] args){

Hashtable env =new Hashtable();

String adminName ="uid@domain.com";

String adminPassword ="password";

String ldapURL ="ldaps://aramco.com:636";

String keystore = System.getProperty("java.home") +

"/lib/security/cacerts";

System.setProperty("javax.net.ssl.trustStore",keystore);

env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.SECURITY_AUTHENTICATION,"simple");

env.put(Context.SECURITY_PRINCIPAL,adminName);

env.put(Context.SECURITY_CREDENTIALS,adminPassword);

env.put(Context.SECURITY_PROTOCOL,"ssl");

env.put(Context.PROVIDER_URL,ldapURL);

try{

LdapContext ctx =new InitialLdapContext(env,null);

ctx.close();

System.out.println("success");

}

catch (NamingException e){

System.err.println("Problem searching directory: " + e);

}

As I mentioned, above code works fine for standalone console application; however, once I put it in a servlet, I get below exception:

javax.naming.CommunicationException: simple bind failed:

domain.com:636 [Root exception is javax.net.ssl.SSLHandshakeException:

sun.security.validator.ValidatorException: PKIX path building failed:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find

valid certification path to requested target]

javax.naming.CommunicationException: simple bind failed:

domain.com:636 [Root exception is javax.net.ssl.SSLHandshakeException:

sun.security.validator.ValidatorException: PKIX path building failed:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find

valid certification path to requested target] at

com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197) at

com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2658) at

com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:287) at

com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at

com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)

com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)

com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)

javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)

at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) at

javax.naming.InitialContext.init(InitialContext.java:223) at

javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:134) at

ad.auth.processRequest(auth.java:69) at ad.auth.doPost(auth.java:110) at

javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at

javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at

org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)

org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)

org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)

org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)

org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)

org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)

org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)

org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)

org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)

at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300)

org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374)

at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743) at

org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675)

at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866)

org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)

at java.lang.Thread.run(Thread.java:619) Caused by:

javax.net.ssl.SSLHandshakeException:

sun.security.validator.ValidatorException: PKIX path building failed:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find

valid certification path to requested target at

com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at

com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1520)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182) at

com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176) at

com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)

com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)

com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)

com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)

com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)

com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)

com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:621)

com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)

at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)

at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at

com.sun.jndi.ldap.Connection.writeRequest(Connection.java:393) at

com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334) at

com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192) ... 40 more

Caused by: sun.security.validator.ValidatorException: PKIX path building

failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to

find valid certification path to requested target at

sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) at

sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)

at sun.security.validator.Validator.validate(Validator.java:218) at

com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)

com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)

com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)

com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)

... 52 more Caused by:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find

valid certification path to requested target at

sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at

sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) ... 58

Please help.

Thanks.

[9377 byte] By [j_dev22a] at [2007-11-26 18:09:55]

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Problem in SSL AD Authentication

Core New Topic

Core Hot Topic

Core

All Classified