-
Bug
-
Resolution: Fixed
-
P2
-
6u22
-
b130
-
generic
-
generic
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-2208820 | 6u27 | Robert Mckenna | P2 | Closed | Fixed | b01 |
JDK-2208671 | 6u26-rev | Robert Mckenna | P2 | Resolved | Fixed | b21 |
JDK-2208649 | 6u25-rev | Robert Mckenna | P2 | Resolved | Fixed | b21 |
JDK-2205708 | 6u24-rev | Robert Mckenna | P2 | Closed | Fixed | b25 |
From the cu:
SES uses oracle ldap library (ldapjclnt11.jar) to connect to OID
(Oracle Internet Directory) for authentication, validation of users, getting
group information for users etc. for secure search.
Intermittently while invoking some LDAP APIs, it throws following exception -
<java.lang.IndexOutOfBoundsException: Posn: -1, Size: 0>
<at javax.naming.ldap.LdapName.getPrefix(LdapName.java:240)>
<at com.sun.jndi.toolkit.ctx.Continuation.fillInException(Continuation.java:133)>
<at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1877)>
<at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)>
<at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)>
<at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)>
<at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)>
<at oracle.ldap.util.Util.getEntryDetails(Util.java:501)>
<at oracle.ldap.util.User.resolve(User.java:1069)>
<at oracle.ldap.util.User.<init>(User.java:382)>
<at oracle.ldap.util.User.<init>(User.java:240)>
<at oracle.search.plugin.security.identity.oid.OIDPlugin.getUserForName(OIDPlugin.java:696)>
<at oracle.search.plugin.security.identity.oid.OIDPlugin.getUserForName(OIDPlugin.java:674)>
<at oracle.search.plugin.security.identity.oid.OIDPlugin.getAllGroups(OIDPlugin.java:630)>
This happens while validating the user SES creates LDAP User object.
Following is the SES code -
private User getUserForName(String username, int authnAttrId, boolean
retry)
throws PluginException
{
try {
return new User(m_context, authnAttrId, username, m_subscriber, true);
} catch (CommunicationErrorException cee) {
if (retry) {
m_logger.info(
"getUserForName: caught CommunicationErrorException; reconnecting"
);
try {
connect(); // re-connect to OID server
} catch (NamingException ne) {
m_logger.warn("getUserForName: NamingException on reconnect");
throw new PluginException(ne.getMessage());
}
return getUserForName(username, authnAttrId, false);
} else {
m_logger.warn("getUserForName: failed after reconnection attempt");
return null;
}
} catch (UtilException ue) {
m_logger.warn("getUserForName: UtilException("+ue.getMessage()+")");
// This appears to be the exception thrown when there is no such user
return null;
}
This error cannot be consistently reproduced and since the the exception
doesn't give any clue about the real cause of the issue (e.g. error because
of stale connection or some communication exception, in which case SES can
reconnect and re-try the operation)
This IndexOutOfBoundException is seen instead of CommunicationException only
if
- searchbase is "" and
- searcbase input to the DirContext.search is javax.naming.Name (not String)
and
- server closed the connection before the search() method is invoked.
SES uses oracle ldap library (ldapjclnt11.jar) to connect to OID
(Oracle Internet Directory) for authentication, validation of users, getting
group information for users etc. for secure search.
Intermittently while invoking some LDAP APIs, it throws following exception -
<java.lang.IndexOutOfBoundsException: Posn: -1, Size: 0>
<at javax.naming.ldap.LdapName.getPrefix(LdapName.java:240)>
<at com.sun.jndi.toolkit.ctx.Continuation.fillInException(Continuation.java:133)>
<at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1877)>
<at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)>
<at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)>
<at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)>
<at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)>
<at oracle.ldap.util.Util.getEntryDetails(Util.java:501)>
<at oracle.ldap.util.User.resolve(User.java:1069)>
<at oracle.ldap.util.User.<init>(User.java:382)>
<at oracle.ldap.util.User.<init>(User.java:240)>
<at oracle.search.plugin.security.identity.oid.OIDPlugin.getUserForName(OIDPlugin.java:696)>
<at oracle.search.plugin.security.identity.oid.OIDPlugin.getUserForName(OIDPlugin.java:674)>
<at oracle.search.plugin.security.identity.oid.OIDPlugin.getAllGroups(OIDPlugin.java:630)>
This happens while validating the user SES creates LDAP User object.
Following is the SES code -
private User getUserForName(String username, int authnAttrId, boolean
retry)
throws PluginException
{
try {
return new User(m_context, authnAttrId, username, m_subscriber, true);
} catch (CommunicationErrorException cee) {
if (retry) {
m_logger.info(
"getUserForName: caught CommunicationErrorException; reconnecting"
);
try {
connect(); // re-connect to OID server
} catch (NamingException ne) {
m_logger.warn("getUserForName: NamingException on reconnect");
throw new PluginException(ne.getMessage());
}
return getUserForName(username, authnAttrId, false);
} else {
m_logger.warn("getUserForName: failed after reconnection attempt");
return null;
}
} catch (UtilException ue) {
m_logger.warn("getUserForName: UtilException("+ue.getMessage()+")");
// This appears to be the exception thrown when there is no such user
return null;
}
This error cannot be consistently reproduced and since the the exception
doesn't give any clue about the real cause of the issue (e.g. error because
of stale connection or some communication exception, in which case SES can
reconnect and re-try the operation)
This IndexOutOfBoundException is seen instead of CommunicationException only
if
- searchbase is "" and
- searcbase input to the DirContext.search is javax.naming.Name (not String)
and
- server closed the connection before the search() method is invoked.
- backported by
-
JDK-2208649 A request for better error handling in JNDI
- Resolved
-
JDK-2208671 A request for better error handling in JNDI
- Resolved
-
JDK-2205708 A request for better error handling in JNDI
- Closed
-
JDK-2208820 A request for better error handling in JNDI
- Closed