Previous | Next | Trail Map | Beyond the Basics | Miscellaneous

Security

The JNDI does not define a security model. It uses the security models that are in place in the underlying Java platform and in the underlying naming/directory service. In terms of security support, the JNDI does, however, provide security-related environment properties that allow the JNDI client to specify commonly needed security-related information. These properties are listed in the Environment Properties (in the Beyond the Basics trail) lesson. We provide a brief summary of them here: Service providers are encouraged to use these properties when they are applicable for accessing the underlying naming/directory service. However, service providers are free to use other means to authenticate its clients, such as by using the Java Authentication and Authorization Service.

Environment Properties

It is important to keep in mind that the environment properties contain possibly security-sensitive information (such as passwords). It is also important to understand that when you supply environment properties to a service provider (by using the InitialContext constructors(in the API reference documentation)) , those environment properties are passed by the service provider to factories (see the Object Factories (in the Java Objects and the Directory trail) , State Factories (in the Java Objects and the Directory trail) , and Response Control Factories (in the Tips for LDAP Users trail) lessons for details). Therefore, you should make sure that all factories and providers that you use can be trusted with possibly security-sensitive information.

Application resource files, as described in the Environment Properties (in the Beyond the Basics trail), allow you to specify environment properties in a very easy-to-use manner. The JNDI will read all application resource files in the classpath and use them. Since environment properties can affect the factories that you use (see below), you should be careful about the class definitions and application resource files that are in your classpath.

Factories

The JNDI architecture is designed to be very flexible. You can dynamically choose service providers, as well as customize them by using object factories, state factories, and response control factories. Thus, depending on the configuration of providers and factories, a program's behavior can vary dramatically. This flexibility, though powerful, has security implications. You should make sure that the factories that you use are trusted. Malicious factories can return wrong or bogus data, or corrupt your underlying naming/directory service. Given that naming/directory services are often used to store security-related information, extra precaution should be taken to include only valid and trusted factories.

Instances of Context

An instance of Context(in the API reference documentation) or one of its subinterfaces is a possibly authenticated connection to the underlying naming/directory service. It can be returned by various methods in the JNDI API and SPI, including:
Context.lookup()(in the API reference documentation) Context.lookupLink()(in the API reference documentation)
Context.listBindings()(in the API reference documentation) Context.createSubcontext()(in the API reference documentation)
DirContext.createSubcontext()(in the API reference documentation) various forms of DirContext.search()(in the API reference documentation)
DirContext.getSchema()(in the API reference documentation) DirContext.getSchemaClassDefinition()(in the API reference documentation)
Attribute.getAttributeDefinition()(in the API reference documentation) Attribute.getAttributeSyntaxDefinition()(in the API reference documentation)
LdapContext.newInstance(in the API reference documentation) NamingManager.getContinuationContext()(in the API reference documentation)
DirectoryManager.getContinuationDirContext()(in the API reference documentation) NamingManager.getObjectInstance() (in the API reference documentation)
DirectoryManager.getObjectInstance() (in the API reference documentation) NamingManager.getURLContext() (in the API reference documentation)
NamingManager.getInitialContext() (in the API reference documentation) NamingEvent.getEventContext (in the API reference documentation)and getSource() (inherited from java.util.EventObject).
NamingExceptionEvent.getEventContext (in the API reference documentation)and getSource() (inherited from java.util.EventObject). UnsolicitedNotificationEvent.getSource() (inherited from java.util.EventObject).
Context instances are also passed to object, state, and control factories.

Like environment properties, you should not pass context instances to untrusted service providers, factories, or any other untrusted code.


Previous | Next | Trail Map | Beyond the Basics | Miscellaneous