Skip to content

How to fix java.lang.ClassNotFoundException: com.ibm.websphere.ssl.protocol.SSLSocketFactory in eclipse

If you use IBM’s WebSphere plugin for eclipse you might have the problem that other plugins can’t establish an SSL connection anymore. The result is most times a ClassNotFoundException: com.ibm.websphere.ssl.protocol.SSLSocketFactory. This blog explains the reason behind the problem and gives a workaround to prevent that exception.

Problem description

When a component within eclipse (e.g. atlassian jira connector) tries to connect to an SSL socket a ClassNotFoundException: com.ibm.websphere.ssl.protocol.SSLSocketFactory is thrown. This exception is often the root cause of other exceptions.

Caused by: java.net.SocketException: java.lang.ClassNotFoundException: com.ibm.websphere.ssl.protocol.SSLSocketFactory
	at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:198)
	at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:205)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:116)
	at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:130)
	at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
	at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
	at com.sun.jersey.client.apache.DefaultApacheHttpMethodExecutor.executeMethod(DefaultApacheHttpMethodExecutor.java:210)
	... 18 more
Caused by: java.lang.ClassNotFoundException: com.ibm.websphere.ssl.protocol.SSLSocketFactory
	at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
	at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
	at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:104)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:112)
	... 25 more

In my case it happened when I tried to add a “Jira Task Repository” that is accessed via HTTPS. However the problem is not to  limited the jira connector. It can happen with every plugin that tries to connect to an SSL socket.

Environment

In my case I have the following environment

  • Eclipse Kepler – running with oracle-jdk-1.7.0 u45
  • IBM WebSphere Application Server V8.5.5 Developer Tools for Eclipse Kepler V8.5.5.2
  • Atlassian JIRA Connector 3.2.2

Cause

The problem is caused by the “IBM WebSphere Application Server V8.5.5 Developer Tools for Eclipse Kepler V8.5.5.2” plugin. There is also a bug report at IBM.

When the IBM WebSphere plugin gets loaded it tries to find out if the ssl.SocketFactory.provider property is defined in the <JRE_HOME>\lib\security\java.security file. If the property is not defined the WebSphere plugin assumes that it must configure the ssl.SocketFactory.provider and therefore sets the security property to com.ibm.websphere.ssl.protocol.SSLSocketFactory programmatically via System.setProperty(String, String). Sadly the class com.ibm.websphere.ssl.protocol.SSLSocketFactory is not visible to other eclipse plugins than the IBM WebSphere plugin and thus the ClassNotFoundException is raised when trying to connect to an SSL socket.

The problematic code in websphere is located in the <WAS_HOME>/plugins/com.ibm.ws.runtime.jar in the class com.ibm.ws.ssl.provider.AbstractJSSEProvider. The com.ibm.ws.ssl.provider.AbstractJSSEProvider sets the ssl.SocketFactory.provider if the java.security configuration property is null.

So if we want to prevent the com.ibm.ws.ssl.provider.AbstractJSSEProvider from setting the ibm socket factory we must set a ssl.SocketFactory.provider in the <JRE_HOME>\lib\security\java.security.

But here comes another tricky part. We can NOT simply set the ssl.SocketFactory.provider to the javax.net.ssl.DefaultSSLSocketFactory. This might end in an InstantiationException, because the DefaultSSLSocketFactory only has package scope and therefore only classes in the same package like the javax.net.ssl.SSLSocketFactory have access to it. If another component reads the security property and tries to instantiate it via reflection (e.g. using commons httpclient) you might get an exception like this:

Caused by: java.lang.InstantiationException: javax.net.ssl.DefaultSSLSocketFactory
	at java.lang.Class.newInstance(Class.java:359)
	at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:108)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:112)
	... 25 more

So we need an solution that prevents the websphere plugin class  com.ibm.ws.ssl.provider.AbstractJSSEProvider from setting IBM WebSphere’s SSL socket factory and instead use the DefaultSSLSocketFactory even if we have not specified it explicitly.

Solution

Edit the <JRE_HOME>\lib\security\java.security file of the JVM that runs eclipse and ensure that the ssl.SocketFactory.provider and ssl.ServerSocketFactory.provider are empty.

I prefer to leave them just empty so that javax.net.ssl.SSLSocketFactory will load the default factories.

ssl.SocketFactory.provider=
ssl.ServerSocketFactory.provider=

This solution works because the websphere class com.ibm.ws.ssl.provider.AbstractJSSEProvider checks if the properties are null or not. Since the properties are defined but don’t define a value the value is an empty string. So the IBM WebSphere’s plugin will not set it’s own factory and default implementation of the JDK will load the DefaultSSLSocketFactory, because it can not load a class with an empty name.

 

6 thoughts on “How to fix java.lang.ClassNotFoundException: com.ibm.websphere.ssl.protocol.SSLSocketFactory in eclipse”

  1. Thanks René,

    Your soultions really works for me. Thank you so much for this post. And one thing I would like to mention that there are several blog which are talking about IBM websphere SSL configurations related things but none of them given the correct solutions for this SSL error. I found only your blog have proper solution with correct reasoning. Once again thank you. Keep posting such nice technical article on your blog.

    -Ravi Kant Gaur

  2. Hi
    I m using this jar “com.ibm.ws.security.crypto.jar” which have both files com.ibm.websphere.ssl.protocol.SSLSocketFactory & com.ibm.websphere.ssl.protocol.SSLServerSocketFactory
    and I when I settled my Java.secuirty file like below , I am getting the following error.

    #ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl
    #ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl
    # WebSphere socket factories (in cryptosf.jar)
    ssl.SocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLSocketFactory
    ssl.ServerSocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLServerSocketFactory

    Do you have any idea on this. Now SSLSocketFactory class not found exception gone but I am getting this. Actually What will happen if my customer refuse to use the DefaultSSLSocketFactory which is provided by oracle java. They want to use Ibm specific crypto jar.

    Caused by: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.net.SocketException: java.lang.SecurityException: Cannot read non-File URL java.security.PrivilegedActionException: java.io.IOException: no entry name specified; targetException=java.lang.IllegalArgumentException: Error opening socket: java.net.SocketException: java.lang.SecurityException: Cannot read non-File URL java.security.PrivilegedActionException: java.io.IOException: no entry name specified]
    [1/20/15 16:37:30:528 PST] 000000c9 SystemErr R at com.ibm.ws.management.connector.soap.SOAPConnectorClient.reconnect(SOAPConnectorClient.java:429)
    [1/20/15 16:37:30:528 PST] 000000c9 SystemErr R at com.ibm.ws.management.connector.soap.SOAPConnectorClient.(SOAPConnectorClient.java:228)
    [1/20/15 16:37:30:528 PST] 000000c9 SystemErr R … 26 more
    [1/20/15 16:37:30:528 PST] 000000c9 SystemErr R Caused by: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.net.SocketException: java.lang.SecurityException: Cannot read non-File URL java.security.PrivilegedActionException: java.io.IOException: no entry name specified; targetException=java.lang.IllegalArgumentException: Error opening socket: java.net.SocketException: java.lang.SecurityException: Cannot read non-File URL java.security.PrivilegedActionException: java.io.IOException: no entry name specified]
    [1/20/15 16:37:30:528 PST] 000000c9 SystemErr R at org.apache.soap.transport.http.SOAPHTTPConnection.send(SOAPHTTPConnection.java:475)
    [1/20/15 16:37:30:528 PST] 000000c9 SystemErr R at org.apache.soap.rpc.Call.WASinvoke(Call.java:487)
    [1/20/15 16:37:30:528 PST] 000000c9 SystemErr R at com.ibm.ws.management.connector.soap.SOAPConnectorClient$4.run(SOAPConnectorClient.java:387)
    [1/20/15 16:37:30:528 PST] 000000c9 SystemErr R at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    [1/20/15 16:37:30:528 PST] 000000c9 SystemErr R at com.ibm.ws.management.connector.soap.SOAPConnectorClient.reconnect(SOAPConnectorClient.java:372)

  3. Thanks a lot René,

    Only your blog has helped my solve my problem with exact problem statement and the accurate solution for it.

    Thanks and Regards,
    PK

Leave a Reply

Your email address will not be published. Required fields are marked *

 

GDPR Cookie Consent with Real Cookie Banner