Would you like someone to walk you through this? Our experts can help!

Subscribers click here.

Troubleshooting

Issue Tracker

Need more help? Learn about
Oracle Java Support subscriptions

JNDI Providers: LDAP, DNS, RMI, or CORBA Raise 'java.lang.IllegalArgumentException' or 'javax.naming.NamingException' After Updating to the April 2022 CPU


Applies To

This document applies to all Java SE releases as of the April 2022 Critical Patch Update (CPU):

  • JDK19, 20, 21, 22, 23, and 24
  • JDK 18.0.1 and 18.0.2
  • JDK 17.0.3 and newer
  • JDK 11.0.15 and newer
  • JDK 8 Update 331 and newer
  • JDK 7 Update 341 and newer

This document does not apply to JDKs released prior to the April 2022 CPU:

  • JDK 18 GA (initial release)
  • JDK 17.0.2 or older
  • JDK 11.0.14 or older
  • JDK 8 Update 321 or older
  • JDK 7 Update 331 or older

Symptoms

After updating to one of the April 2022 CPU JDK releases, such as JDK 8 Update 331 (8u331), you may notice applications that build Uniform Resource Locator (URL) or Uniform Resource Identifier (URI) strings in a JNDI context may fail with a java.lang.IllegalArgumentException or javax.naming.NamingException (or a subclass of it). Reverting to a previous JDK update, such as JDK 8u321, allows the applications to work again.

Example: The following JDK 8u331 exception stack trace has been reported in several WebLogic Server (WLS) instances:

Caused By: java.lang.IllegalArgumentException: Malformed IPv6 address at index 8:
at java.net.URI.create(URI.java:852)
at com.sun.jndi.ldap.LdapURL.validateURI(LdapURL.java:215)
at com.sun.jndi.ldap.LdapURL.fromList(LdapURL.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:76)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:694)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
...<snip>...
Caused By: java.net.URISyntaxException: Malformed IPv6 address at index 8: ldap://[<IPv4>]:<PORT>
at java.net.URI$Parser.fail(URI.java:2845)
at java.net.URI$Parser.parseIPv6Reference(URI.java:3466)
at java.net.URI$Parser.parseServer(URI.java:3216)
at java.net.URI$Parser.parseAuthority(URI.java:3152)
at java.net.URI$Parser.parseHierarchical(URI.java:3094)
at java.net.URI$Parser.parse(URI.java:3050)
at java.net.URI.<init>(URI.java:588)
at java.net.URI.create(URI.java:850)
at com.sun.jndi.ldap.LdapURL.validateURI(LdapURL.java:215)
at com.sun.jndi.ldap.LdapURL.fromList(LdapURL.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:76)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:694)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.createCtx(JNDIConnectionPool.java:795)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.create(JNDIConnectionPool.java:837)
at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.<init>(JNDIConnectionPool.java:269)
at oracle.ods.virtualization.engine.backend.jndi.RemoteServer.getJNDIConnectionPool(RemoteServer.java:214)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:1121)

Cause

Although the JDK reports the exceptions, the cause is an application code issue. Specifically, a URL or URI string in the application code contains characters or syntax not included in the URI Generic Syntax Standard RFC 3986 (URI Syntax Standard).


Why Does the Problem Start Suddenly with an Update to JDK 8u331 or other April 2022 CPU Release?

Beginning with the April 2022 CPU JDK releases, the JDK’s parsers for its built-in JNDI providers (LDAP, DNS, RMI, and CORBA) more strictly adhere to the URI Syntax Standard. This means some invalid URL/URI syntax that may have been ignored by parsers in previous JDK releases will now raise a java.lang.IllegalArgumentException or javax.naming.NamingException (or a subclass of it). For more information, see the JDK 8u331 Release Note “core-libs/javax.naming➜The parsing of URLs in the LDAP, DNS, RMI and CORBA built-in JNDI providers as been made more strict.”


How Can I Find the Root Cause for My Application?

Review the exception stack trace for clues, find the application code calling into the JDK classes, and review that application code for violations against the URI Syntax Standard.


Example:

Following the WLS example exception stack trace above, this is what is noticed:

  • The java.lang.IllegalArgumentException was caused by a java.net.URISyntaxException: Malformed IPv6 address at index 8: ldap://[<IPv4>]:<PORT>.
  • The exception occurred in a JNDI context, particularly with the LDAP provider.
  • The URI Syntax expected is an IPv6 address, but the address wrapped in square brackets is an IPv4 address (or a hostname whose underlying IP address is IPv4) and therefore, the expected IPv6 address is reported as malformed.
  • The application code of interest is the oracle.ods.virtualization.engine code that is calling into the JDK at the javax.naming classes.

The LIBOVD development team’s review of the `virtualization.engine code revealed a bug in the LIBOVD component. Specifically, square bracket characters were being used with IPv4 addresses, which is not allowed. Per the URI Syntax Standard Section 3.2.2, square brackets are allowed only around IPv6 addresses: > A host identified by an Internet Protocol literal address, version 6 [RFC3513] or later, is distinguished by enclosing the IP literal within square brackets (“[” and ”]”). This is the only place where square bracket characters are allowed in the URI syntax.


Solutions

If you encounter this issue with a custom Java application:

Raise it to your application development team to find and fix the invalid URL/URI syntax in the application code, as indicated by the exception stack trace. Developers are encouraged to use java.net.URIconstructors or its factory method to build URLs, rather than handcraft URL strings.

If you encounter this issue with a third party application:

Raise a support ticket with your application vendor.

If you encounter this issue with an Oracle application that runs with JDK 8u331, such as Enterprise Manager, WebCenter, WebLogic Server, and the like:

Submit a service request with the Oracle application product support team.


Workaround

The April 2022 CPU JDK releases also introduce new system properties for the JNDI providers’ parsing behavior:

  • -Dcom.sun.jndi.ldapURLParsing="legacy" | "compat" | "strict" (to control “ldap:” URLs)
  • -Dcom.sun.jndi.dnsURLParsing="legacy" | "compat" | "strict" (to control “dns:” URLs)
  • -Dcom.sun.jndi.rmiURLParsing="legacy" | "compat" | "strict" (to control “rmi:” URLs)
  • -Dcom.sun.jndi.corbaURLParsing="legacy" | "compat" | "strict" (to control “iiop:” and “iiopname:” URLs)

The legacy value turns off the new validations reverts the JNDI providers’ parsers to pre-April 2022 CPU behavior. This option is a possible short-term workaround for situations where application code fixes cannot be made immediately. However, it should be viewed as an option of “last resort” and is not intended as a long-term workaround or solution.


More Information

For additional details, see the release note for your version:


Last reviewed on Wed Jan 01 2025 00:00:00 GMT+0000 (Coordinated Universal Time)