-
CSR
-
Resolution: Approved
-
P3
-
None
-
behavioral
-
medium
-
-
System or security property
-
JDK
Summary
Introduce LDAP and RMI protocol-specific object factory filters to JNDI implementation
Problem
The jdk.jndi.object.factoriesFilter
system and security property introduced in Java 17 allow a global factories filter to be specified that controls the set of object factory classes permitted to instantiate objects from object references returned by naming/directory systems.
This filter covers all protocols supported by the JNDI implementation which includes widely used LDAP and RMI protocols.
Such a scope is too broad and doesn't provide enough flexibility to limit object factories allowed to instantiate objects on a per protocol basis. LDAP and RMI protocols may be more easily restricted when instantiating objects with object factories, and providing a separate factory filter to further limit object instantiation on a per-protocol basis for LDAP and RMI will help defining a better default for these protocols.
Solution
Introduce new system and security properties for specifying factory filters for the JNDI/LDAP
and the JNDI/RMI
JDK provider implementations. These properties allow more granular control over the set of object factories allowed to reconstruct Java objects from LDAP and RMI contexts. The new factory filters are consulted in tandem with the jdk.jndi.object.factoriesFilter
global factories filter to determine if a specific object factory is permitted to instantiate objects for the given protocol.
The following factory filters are introduced:
LDAP-specific factories filter:
Defined by jdk.jndi.ldap.object.factoriesFilter
property, and controls the set of object factory classes which will
be allowed to instantiate objects from object references returned by LDAP contexts. The factory class named
by the reference instance first will be matched against this LDAP-specific filter and then against the global filter.
The factory class is rejected if any of these two filters reject it, or if none of them allow it.
The default value of the factories filter allows any object factory class provided by the JDK LDAP provider
implementation.
RMI-specific factories filter:
Defined by jdk.jndi.rmi.object.factoriesFilter
property, controls the set of object factory classes that will
be allowed to instantiate objects from object references returned by RMI contexts. The factory class named
by the reference instance first will be matched against this RMI-specific filter and then against the global filter.
The factory class is rejected if any of these two filters reject it, or if none of them allow it.
The default value of the factories filter allows any object factory class provided by the JDK RMI provider
implementation.
If a protocol is not LDAP or RMI only the jdk.jndi.object.factoriesFilter
global factories filter is consulted to check if a factory is allowed to be instantiated. The semantic of this check is changed to allow a factory class only if the global filter allows it, compared to the previous behavior where a factory was allowed if not rejected by the filter.
Specification
New JDK specific system and security properties are added for LDAP and RMI specific factory filters:
- LDAP factories filter:
jdk.jndi.ldap.object.factoriesFilter
with a default value set to"java.naming/com.sun.jndi.ldap.**;!*"
that allows any object factory class provided by the JDK LDAP provider implementation to instatiate objects. - RMI factories filter:
jdk.jndi.rmi.object.factoriesFilter
with a default value set to"jdk.naming.rmi/com.sun.jndi.rmi.**;!*"
that allows any object factory class provided by the JDK RMI provider implementation to instatiate objects.
The webrev with updated java.naming
/jdk.rmi
module info files and java.security
file is attached.
- csr of
-
JDK-8290368 Introduce LDAP and RMI protocol-specific object factory filters to JNDI implementation
-
- Closed
-
- relates to
-
JDK-8352609 Introduce LDAP and RMI protocol-specific object factory filters to JNDI implementation
-
- Provisional
-