LDAPS issue when running native image in Spring Boot 3

Question

I am getting the below issue when using a native image. With JVM-based uber jar, no issues.

Spring Boot 3.0.1

openjdk version "17.0.5" 2022-10-18
OpenJDK Runtime Environment GraalVM CE 22.3.0 (build 17.0.5+8-jvmci-22.3-b08)
OpenJDK 64-Bit Server VM GraalVM CE 22.3.0 (build 17.0.5+8-jvmci-22.3-b08, mixed mode, sharing)

StackTrace :

org.springframework.ldap.CommunicationException: xxx-ad-vip.xxx.com:636
    at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108) ~[na:na]
    at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:363) ~[ldap-service:3.0.0]
    at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:147) ~[ldap-service:3.0.0]
    at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:166) ~[ldap-service:3.0.0]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:367) ~[ldap-service:3.0.0]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:319) ~[ldap-service:3.0.0]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:626) ~[ldap-service:3.0.0]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:596) ~[ldap-service:3.0.0]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:1661) ~[ldap-service:3.0.0]
    at com.vmware.ldapservice.serviceImpl.LDAPServiceImpl.getADAttributes(LDAPServiceImpl.java:82) ~[ldap-service:na]
    at [email protected]/java.lang.reflect.Method.invoke(Method.java:568) ~[ldap-service:na]
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343) ~[na:na]
    at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196) ~[ldap-service:6.0.3]
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[ldap-service:6.0.3]
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:752) ~[na:na]
    at org.springframework.cache.interceptor.CacheInterceptor.lambda$invoke$0(CacheInterceptor.java:54) ~[ldap-service:6.0.3]
    at org.springframework.cache.interceptor.CacheAspectSupport.invokeOperation(CacheAspectSupport.java:366) ~[ldap-service:6.0.3]
    at org.springframework.cache.interceptor.CacheAspectSupport.execute(CacheAspectSupport.java:421) ~[ldap-service:6.0.3]
    at org.springframework.cache.interceptor.CacheAspectSupport.execute(CacheAspectSupport.java:345) ~[ldap-service:6.0.3]
    at org.springframework.cache.interceptor.CacheInterceptor.invoke(CacheInterceptor.java:64) ~[ldap-service:6.0.3]
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) ~[ldap-service:6.0.3]
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:752) ~[na:na]
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:703) ~[na:na]
    at com.xxx.ldapservice.serviceImpl.LDAPServiceImpl$$SpringCGLIB$$0.getADAttributes(<generated>) ~[ldap-service:na]
    at com.xxx.ldapservice.controller.LdapController.lambda$0(LdapController.java:34) ~[ldap-service:na]
    at [email protected]/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768) ~[na:na]
    at [email protected]/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1760) ~[na:na]
    at [email protected]/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373) ~[ldap-service:na]
    at [email protected]/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182) ~[na:na]
    at [email protected]/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655) ~[ldap-service:na]
    at [email protected]/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622) ~[ldap-service:na]
    at [email protected]/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165) ~[ldap-service:na]
    at org.graalvm.nativeimage.builder/com.oracle.svm.core.thread.PlatformThreads.threadStartRoutine(PlatformThreads.java:775) ~[ldap-service:na]
    at org.graalvm.nativeimage.builder/com.oracle.svm.core.posix.thread.PosixPlatformThreads.pthreadStartRoutine(PosixPlatformThreads.java:203) ~[na:na]
Caused by: javax.naming.CommunicationException: xxx-ad-vip.xxx.com:636
    at [email protected]/com.sun.jndi.ldap.Connection.<init>(Connection.java:253) ~[na:na]
    at [email protected]/com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[na:na]
    at [email protected]/com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1616) ~[na:na]
    at [email protected]/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2848) ~[na:na]
    at [email protected]/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348) ~[na:na]
    at [email protected]/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225) ~[ldap-service:na]
    at [email protected]/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) ~[ldap-service:na]
    at [email protected]/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243) ~[ldap-service:na]
    at [email protected]/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) ~[ldap-service:na]
    at [email protected]/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) ~[ldap-service:na]
    at [email protected]/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:732) ~[ldap-service:na]
    at [email protected]/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) ~[ldap-service:na]
    at [email protected]/javax.naming.InitialContext.init(InitialContext.java:236) ~[ldap-service:na]
    at [email protected]/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) ~[na:na]
    at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) ~[ldap-service:3.0.0]
    at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:351) ~[ldap-service:3.0.0]
    ... 32 common frames omitted
Caused by: java.lang.NoSuchMethodException: javax.net.ssl.SSLSocketFactory.getDefault()
    at [email protected]/java.lang.Class.getMethod(DynamicHub.java:2227) ~[ldap-service:na]
    at [email protected]/com.sun.jndi.ldap.Connection.createSocket(Connection.java:293) ~[na:na]
    at [email protected]/com.sun.jndi.ldap.Connection.<init>(Connection.java:232) ~[na:na]
    ... 47 common frames omitted

Answer 1

Meanwhile, folks who are facing the issue can add a RuntimeHint for missing javax.net.ssl.SSLSocketFactory.getDefault().

static class MyHint implements RuntimeHintsRegistrar {
    @Override
    public void registerHints(RuntimeHints hints, ClassLoader classLoader) {
        hints.reflection().registerType(TypeReference.of("javax.net.ssl.SSLSocketFactory"), builder -> builder.withMembers(MemberCategory.INVOKE_PUBLIC_METHODS));
    }
}

and add @ImportRuntimeHints(MyHint.class) to your Spring Boot application (main class).

I was further facing issues with the custom truststore. It can be added like below

@PostConstruct
    void postConstruct() {

        System.setProperty("javax.net.ssl.trustStore", System.getProperty("javax.net.ssl.trustStore"));
        System.setProperty("javax.net.ssl.trustStorePassword", System.getProperty("javax.net.ssl.trustStorePassword"));

    }

and when running the native executable, run it as below and it works fine.

./target/<executable> -Djavax.net.ssl.trustStore=/Users/xxx/Downloads/truststore.jks -Djavax.net.ssl.trustStorePassword=changeit