CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/maven-org-springframework-security--spring-security-remoting

Spring Security Remoting provides security services for remote method invocation in distributed Spring applications including RMI context propagation, HTTP invoker authentication, and DNS resolution utilities.

Pending
Overview
Eval results
Files

dns-resolution.mddocs/

DNS Resolution

DNS resolution utilities for service discovery in distributed environments. Provides both A record and SRV record lookups with JNDI-based implementation for resolving hostnames and discovering services.

Deprecation Notice: All DNS resolution APIs are deprecated as of Spring Security 5.6.0 with no replacement.

Capabilities

DNS Resolver Interface

Core interface defining DNS resolution operations for both standard hostname resolution and service discovery through SRV records.

public interface DnsResolver {
    /**
     * Resolves the IP Address (A record) to the specified host name.
     * @param hostname The hostname for which you need the IP Address
     * @return IP Address as a String
     * @throws DnsEntryNotFoundException No record found
     * @throws DnsLookupException Unknown DNS error
     */
    String resolveIpAddress(String hostname) throws DnsEntryNotFoundException, DnsLookupException;

    /**
     * Resolves the host name for the specified service in the specified domain.
     * Uses SRV records to find services, returning the record with highest priority
     * (lowest number) and highest weight.
     * @param serviceType The service type (e.g. ldap, kerberos)
     * @param domain The domain in which to search for the service
     * @return The hostname of the service
     * @throws DnsEntryNotFoundException No record found
     * @throws DnsLookupException Unknown DNS error
     */
    String resolveServiceEntry(String serviceType, String domain) 
        throws DnsEntryNotFoundException, DnsLookupException;

    /**
     * Resolves the host name for the specified service and then the IP Address 
     * for this host in one call.
     * @param serviceType The service type (e.g. ldap, kerberos)
     * @param domain The domain in which to search for the service
     * @return IP Address of the service
     * @throws DnsEntryNotFoundException No record found
     * @throws DnsLookupException Unknown DNS error
     */
    String resolveServiceIpAddress(String serviceType, String domain)
        throws DnsEntryNotFoundException, DnsLookupException;
}

JNDI DNS Resolver Implementation

JNDI-based implementation of DnsResolver using com.sun.jndi.dns.DnsContextFactory for DNS queries. Uses a default InitialContextFactory unless explicitly configured with a custom factory.

public class JndiDnsResolver implements DnsResolver {
    /**
     * Allows injection of custom JNDI context factory.
     * @param ctxFactory factory to use when a DirContext is needed
     */
    public void setCtxFactory(InitialContextFactory ctxFactory);

    /**
     * Resolves the host name for the specified service and then the IP Address 
     * and port for this host in one call.
     * @param serviceType The service type (e.g. ldap, kerberos)
     * @param domain The domain in which to search for the service
     * @return IP address and port formatted as [ip_address]:[port]
     * @throws DnsEntryNotFoundException No record found
     * @throws DnsLookupException Unknown DNS error
     * @since 5.6
     */
    public String resolveServiceIpAddressAndPort(String serviceType, String domain);
}

Initial Context Factory

Interface for providing JNDI DirContext instances for DNS queries, allowing custom JNDI configuration.

public interface InitialContextFactory {
    /**
     * Must return a DirContext which can be used for DNS queries.
     * @return JNDI DirContext
     */
    DirContext getCtx();
}

Usage Examples

Basic Hostname Resolution

import org.springframework.security.remoting.dns.JndiDnsResolver;
import org.springframework.security.remoting.dns.DnsEntryNotFoundException;
import org.springframework.security.remoting.dns.DnsLookupException;

JndiDnsResolver resolver = new JndiDnsResolver();

try {
    String ipAddress = resolver.resolveIpAddress("example.com");
    System.out.println("IP Address: " + ipAddress);
} catch (DnsEntryNotFoundException e) {
    System.err.println("Host not found: " + e.getMessage());
} catch (DnsLookupException e) {
    System.err.println("DNS lookup failed: " + e.getMessage());
}

Service Discovery with SRV Records

import org.springframework.security.remoting.dns.JndiDnsResolver;

JndiDnsResolver resolver = new JndiDnsResolver();

try {
    // Find LDAP service in domain
    String ldapHost = resolver.resolveServiceEntry("ldap", "example.com");
    System.out.println("LDAP Server: " + ldapHost);
    
    // Get both IP and port in one call (Spring Security 5.6+)
    String ldapEndpoint = resolver.resolveServiceIpAddressAndPort("ldap", "example.com");
    System.out.println("LDAP Endpoint: " + ldapEndpoint); // e.g., "192.168.1.10:389"
    
} catch (DnsEntryNotFoundException e) {
    System.err.println("Service not found: " + e.getMessage());
} catch (DnsLookupException e) {
    System.err.println("DNS lookup failed: " + e.getMessage());
}

Custom JNDI Context Factory

import org.springframework.security.remoting.dns.JndiDnsResolver;
import org.springframework.security.remoting.dns.InitialContextFactory;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import java.util.Hashtable;

// Custom context factory with specific DNS server
InitialContextFactory customFactory = new InitialContextFactory() {
    @Override
    public DirContext getCtx() {
        Hashtable<String, String> env = new Hashtable<>();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
        env.put(Context.PROVIDER_URL, "dns://8.8.8.8"); // Use Google DNS
        try {
            return new InitialDirContext(env);
        } catch (NamingException ex) {
            throw new DnsLookupException("Cannot create InitialDirContext", ex);
        }
    }
};

JndiDnsResolver resolver = new JndiDnsResolver();
resolver.setCtxFactory(customFactory);

String ipAddress = resolver.resolveIpAddress("example.com");

SRV Record Format

When using service discovery, DNS server must provide SRV records in the format:

_service._tcp.domain IN SRV priority weight port target

Example:

_ldap._tcp.example.com IN SRV 10 0 389 ldap.example.com.

The resolver returns the record with highest priority (lowest number) and if there are multiple records with the same priority, it returns the one with the highest weight.

Exception Handling

public class DnsLookupException extends RuntimeException {
    public DnsLookupException(String msg);
    public DnsLookupException(String msg, Throwable cause);
}

public class DnsEntryNotFoundException extends DnsLookupException {
    public DnsEntryNotFoundException(String msg);
    public DnsEntryNotFoundException(String msg, Throwable cause);
}
  • DnsLookupException: Thrown for unknown DNS errors, network issues, or JNDI problems
  • DnsEntryNotFoundException: Thrown when no DNS entry matches the specified query (extends DnsLookupException)

Install with Tessl CLI

npx tessl i tessl/maven-org-springframework-security--spring-security-remoting

docs

dns-resolution.md

http-invoker-auth.md

index.md

rmi-context-propagation.md

tile.json