Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8291556

Introduce LDAP and RMI protocol-specific object factory filters to JNDI implementation

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P3 P3
    • 20
    • core-libs
    • None
    • behavioral
    • medium
    • Hide
      The default values of LDAP and RMI factory filters only allow object factories defined in `java.naming` and `jdk.rmi` modules.
      An application depending on custom object factories in order to recreate Java objects from JNDI/LDAP or JNDI/RMI contexts will need to supply a (security or system) property with an updated filter-pattern value that allows such third-party object factories to reconstruct LDAP or RMI objects.
      If usage of a factory is denied the lookup operation may return a plain instance of 'javax.naming.Reference' instance, which could cause a `ClassCastException` in the calling code.

      In addition, before this change, the `jdk.jndi.object.factoriesFilter` global filter allowed access to a factory class unless the filter rejected it. This is changed to allow a factory class only if the global filter allows it. To maintain compatibility with previous behavior applications which specify a global factory filter may need to append a wildcard after the list of denied factories in order to allow any other factory classes.
      Show
      The default values of LDAP and RMI factory filters only allow object factories defined in `java.naming` and `jdk.rmi` modules. An application depending on custom object factories in order to recreate Java objects from JNDI/LDAP or JNDI/RMI contexts will need to supply a (security or system) property with an updated filter-pattern value that allows such third-party object factories to reconstruct LDAP or RMI objects. If usage of a factory is denied the lookup operation may return a plain instance of 'javax.naming.Reference' instance, which could cause a `ClassCastException` in the calling code. In addition, before this change, the `jdk.jndi.object.factoriesFilter` global filter allowed access to a factory class unless the filter rejected it. This is changed to allow a factory class only if the global filter allows it. To maintain compatibility with previous behavior applications which specify a global factory filter may need to append a wildcard after the list of denied factories in order to allow any other factory classes.
    • System or security property
    • JDK

      Summary

      Introduce LDAP and RMI protocol-specific object factory filters to JNDI implementation

      Problem

      The jdk.jndi.object.factoriesFilter system and security property introduced in Java 17 allow a global factories filter to be specified that controls the set of object factory classes permitted to instantiate objects from object references returned by naming/directory systems. This filter covers all protocols supported by the JNDI implementation which includes widely used LDAP and RMI protocols.

      Such a scope is too broad and doesn't provide enough flexibility to limit object factories allowed to instantiate objects on a per protocol basis. LDAP and RMI protocols may be more easily restricted when instantiating objects with object factories, and providing a separate factory filter to further limit object instantiation on a per-protocol basis for LDAP and RMI will help defining a better default for these protocols.

      Solution

      Introduce new system and security properties for specifying factory filters for the JNDI/LDAP and the JNDI/RMI JDK provider implementations. These properties allow more granular control over the set of object factories allowed to reconstruct Java objects from LDAP and RMI contexts. The new factory filters are consulted in tandem with the jdk.jndi.object.factoriesFilter global factories filter to determine if a specific object factory is permitted to instantiate objects for the given protocol.

      The following factory filters are introduced: LDAP-specific factories filter: Defined by jdk.jndi.ldap.object.factoriesFilter property, and controls the set of object factory classes which will be allowed to instantiate objects from object references returned by LDAP contexts. The factory class named by the reference instance first will be matched against this LDAP-specific filter and then against the global filter. The factory class is rejected if any of these two filters reject it, or if none of them allow it. The default value of the factories filter allows any object factory class provided by the JDK LDAP provider implementation.

      RMI-specific factories filter: Defined by jdk.jndi.rmi.object.factoriesFilter property, controls the set of object factory classes that will be allowed to instantiate objects from object references returned by RMI contexts. The factory class named by the reference instance first will be matched against this RMI-specific filter and then against the global filter. The factory class is rejected if any of these two filters reject it, or if none of them allow it. The default value of the factories filter allows any object factory class provided by the JDK RMI provider implementation.

      If a protocol is not LDAP or RMI only the jdk.jndi.object.factoriesFilter global factories filter is consulted to check if a factory is allowed to be instantiated. The semantic of this check is changed to allow a factory class only if the global filter allows it, compared to the previous behavior where a factory was allowed if not rejected by the filter.

      Specification

      New JDK specific system and security properties are added for LDAP and RMI specific factory filters:

      • LDAP factories filter: jdk.jndi.ldap.object.factoriesFilter with a default value set to "java.naming/com.sun.jndi.ldap.**;!*" that allows any object factory class provided by the JDK LDAP provider implementation to instatiate objects.
      • RMI factories filter: jdk.jndi.rmi.object.factoriesFilter with a default value set to "jdk.naming.rmi/com.sun.jndi.rmi.**;!*" that allows any object factory class provided by the JDK RMI provider implementation to instatiate objects.

      The webrev with updated java.naming/jdk.rmi module info files and java.security file is attached.

        1. webrev.zip
          165 kB
        2. webrev-1.zip
          166 kB
        3. webrev-2.zip
          168 kB

            aefimov Aleksej Efimov
            aefimov Aleksej Efimov
            Daniel Fuchs
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: