Summary

Introduce LDAP and RMI protocol-specific object factory filters to JNDI implementation

Problem

The jdk.jndi.object.factoriesFilter system and security property introduced in Java 17 allow a global factories filter to be specified that controls the set of object factory classes permitted to instantiate objects from object references returned by naming/directory systems. This filter covers all protocols supported by the JNDI implementation which includes widely used LDAP and RMI protocols.

Such a scope is too broad and doesn't provide enough flexibility to limit object factories allowed to instantiate objects on a per protocol basis. LDAP and RMI protocols may be more easily restricted when instantiating objects with object factories, and providing a separate factory filter to further limit object instantiation on a per-protocol basis for LDAP and RMI will help defining a better default for these protocols.

Solution

Introduce new system and security properties for specifying factory filters for the JNDI/LDAP and the JNDI/RMI JDK provider implementations. These properties allow more granular control over the set of object factories allowed to reconstruct Java objects from LDAP and RMI contexts. The new factory filters are consulted in tandem with the jdk.jndi.object.factoriesFilter global factories filter to determine if a specific object factory is permitted to instantiate objects for the given protocol.

The following factory filters are introduced: LDAP-specific factories filter: Defined by jdk.jndi.ldap.object.factoriesFilter property, and controls the set of object factory classes which will be allowed to instantiate objects from object references returned by LDAP contexts. The factory class named by the reference instance first will be matched against this LDAP-specific filter and then against the global filter. The factory class is rejected if any of these two filters reject it, or if none of them allow it. The default value of the factories filter allows any object factory class provided by the JDK LDAP provider implementation.

RMI-specific factories filter: Defined by jdk.jndi.rmi.object.factoriesFilter property, controls the set of object factory classes that will be allowed to instantiate objects from object references returned by RMI contexts. The factory class named by the reference instance first will be matched against this RMI-specific filter and then against the global filter. The factory class is rejected if any of these two filters reject it, or if none of them allow it. The default value of the factories filter allows any object factory class provided by the JDK RMI provider implementation.

If a protocol is not LDAP or RMI only the jdk.jndi.object.factoriesFilter global factories filter is consulted to check if a factory is allowed to be instantiated. The semantic of this check is changed to allow a factory class only if the global filter allows it, compared to the previous behavior where a factory was allowed if not rejected by the filter.

Specification

New JDK specific system and security properties are added for LDAP and RMI specific factory filters:

• LDAP factories filter: jdk.jndi.ldap.object.factoriesFilter with a default value set to "java.naming/com.sun.jndi.ldap.**;!*" that allows any object factory class provided by the JDK LDAP provider implementation to instatiate objects.
• RMI factories filter: jdk.jndi.rmi.object.factoriesFilter with a default value set to "jdk.naming.rmi/com.sun.jndi.rmi.**;!*" that allows any object factory class provided by the JDK RMI provider implementation to instatiate objects.

The webrev with updated java.naming/jdk.rmi module info files and java.security file is attached.