JNDI Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
 
(28 intermediate revisions by the same user not shown)
Line 5: Line 5:
=Context=
=Context=


A ''JNDI context'' consists of name-to-object bindings.  
A ''JNDI context'' consists of name-to-object bindings. The Java implementation of the context exposes an API for examining and updating these bindings. The Context instance is not guaranteed to be synchronized against concurrent access by multiple threads. Threads that need to access a single Context instance concurrently should synchronize amongst themselves and provide the necessary locking.  


==Context Names==


Each name passed as an argument to a <tt>Context</tt> method is relative to that context.  The empty name is used to name the context itself. The names can be represented as <tt>Name</tt> instances or as String instances, and both representations are equivalent. 


For systems that support [[#Federation|federation]], String names represent composite names. <tt>Name</tt> arguments that are instances of <tt>CompositeName</tt> are treated as composite names, while <tt>Name</tt> arguments that are not instances of <tt>CompositeName</tt> are treated as compound names. <tt>list()</tt> return <tt>NamingEnumeration</tt>s with composite names represented as strings. For more details see [[#Composite_and_Compound_Names|Composite and Compound Names]].


==Initial Context==


The <tt>InitialContext</tt> corresponds to the root of the naming hierarchy.


==Context Environment==


JNDI applications need a way to communicate various preferences and properties that define the environment in which naming and directory services are accessed. For example, a context might require specification of security credentials in order to access the service. Another context might require that server configuration information be supplied. These are referred to as the <em>environment</em> of a context. The <tt>Context</tt> interface provides methods for retrieving and updating this environment. The environment is inherited from the parent context as context methods proceed from one context to the next. Changes to the environment of one context do not directly affect those of other contexts.


It is implementation-dependent when environment properties are used and/or verified for validity.  For example, some of the security-related properties are used by service providers to "log in" to the directory.  This login process might occur at the time the context is created, or the first time a method is invoked on the context.  When, and whether this occurs at all, is implementation-dependent.  When environment properties are added or removed from the context, verifying the validity of the changes is again implementation-dependent. For example, verification of some properties might occur at the time the change is made, or at the time the next operation is performed on the context, or not at all.


* This interface represents a naming context, which
Any object with a reference to a context may examine that context's environment.  Sensitive information such as clear-text passwords should not be stored there unless the implementation is known to protect it.
* consists of a set of name-to-object bindings.
* It contains methods for examining and updating these bindings.
*
* <h1>Names</h1>
* Each name passed as an argument to a <tt>Context</tt> method is relative
* to that context.  The empty name is used to name the context itself.
* A name parameter may never be null.
* <p>
* Most of the methods have overloaded versions with one taking a
* <code>Name</code> parameter and one taking a <code>String</code>.
* These overloaded versions are equivalent in that if
* the <code>Name</code> and <code>String</code> parameters are just
* different representations of the same name, then the overloaded
* versions of the same methods behave the same.
* In the method descriptions below, only one version is fully documented.
* The second version instead has a link to the first:  the same
* documentation applies to both.
* <p>
* For systems that support federation, <tt>String</tt> name arguments to
* <tt>Context</tt> methods are composite names. Name arguments that are
* instances of <tt>CompositeName</tt> are treated as composite names,
* while <tt>Name</tt> arguments that are not instances of
* <tt>CompositeName</tt> are treated as compound names (which might be
* instances of <tt>CompoundName</tt> or other implementations of compound
* names). This allows the results of <tt>NameParser.parse()</tt> to be used as
* arguments to the <tt>Context</tt> methods.
* Prior to JNDI 1.2, all name arguments were treated as composite names.
*<p>
* Furthermore, for systems that support federation, all names returned
* in a <tt>NamingEnumeration</tt>
* from <tt>list()</tt> and <tt>listBindings()</tt> are composite names
* represented as strings.
* See <tt>CompositeName</tt> for the string syntax of names.
*<p>
* For systems that do not support federation, the name arguments (in
* either <tt>Name</tt> or <tt>String</tt> forms) and the names returned in
* <tt>NamingEnumeration</tt> may be names in their own namespace rather than
* names in a composite namespace, at the discretion of the service
* provider.
*
*<h1>Exceptions</h1>
* All the methods in this interface can throw a <tt>NamingException</tt> or
* any of its subclasses. See <tt>NamingException</tt> and their subclasses
* for details on each exception.
*
*<h1>Concurrent Access</h1>
* A Context instance is not guaranteed to be synchronized against
* concurrent access by multiple threads.  Threads that need to access
* a single Context instance concurrently should synchronize amongst
* themselves and provide the necessary locking.  Multiple threads
* each manipulating a different Context instance need not
* synchronize.  Note that the {@link #lookup(Name) <tt>lookup</tt>}
* method, when passed an empty name, will return a new Context instance
* representing the same naming context.
*<p>
* For purposes of concurrency control,
* a Context operation that returns a <tt>NamingEnumeration</tt> is
* not considered to have completed while the enumeration is still in
* use, or while any referrals generated by that operation are still
* being followed.
*
*
*<h1>Parameters</h1>
* A <tt>Name</tt> parameter passed to any method of the
* <tt>Context</tt> interface or one of its subinterfaces
* will not be modified by the service provider.
* The service provider may keep a reference to it
* for the duration of the operation, including any enumeration of the
* method's results and the processing of any referrals generated.
* The caller should not modify the object during this time.
* A <tt>Name</tt> returned by any such method is owned by the caller.
* The caller may subsequently modify it; the service provider may not.
*
*
*<h1>Environment Properties</h1>
*<p>
* JNDI applications need a way to communicate various preferences
* and properties that define the environment in which naming and
* directory services are accessed. For example, a context might
* require specification of security credentials in order to access
* the service. Another context might require that server configuration
* information be supplied. These are referred to as the <em>environment</em>
* of a context. The <tt>Context</tt> interface provides methods for
* retrieving and updating this environment.
*<p>
* The environment is inherited from the parent context as
* context methods proceed from one context to the next. Changes to
* the environment of one context do not directly affect those
* of other contexts.
*<p>
* It is implementation-dependent when environment properties are used
* and/or verified for validity.  For example, some of the
* security-related properties are used by service providers to "log in"
* to the directory.  This login process might occur at the time the
* context is created, or the first time a method is invoked on the
* context.  When, and whether this occurs at all, is
* implementation-dependent.  When environment properties are added or
* removed from the context, verifying the validity of the changes is again
* implementation-dependent. For example, verification of some properties
* might occur at the time the change is made, or at the time the next
* operation is performed on the context, or not at all.
*<p>
* Any object with a reference to a context may examine that context's
* environment.  Sensitive information such as clear-text
* passwords should not be stored there unless the implementation is
* known to protect it.
*
*<p>
*<a name=RESOURCEFILES></a>
*<h1>Resource Files</h1>
*<p>
* To simplify the task of setting up the environment
* required by a JNDI application,
* application components and service providers may be distributed
* along with <em>resource files.</em>
* A JNDI resource file is a file in the properties file format (see
* {@link java.util.Properties#load <tt>java.util.Properties</tt>}),
* containing a list of key/value pairs.
* The key is the name of the property (e.g. "java.naming.factory.object")
* and the value is a string in the format defined
* for that property.  Here is an example of a JNDI resource file:
*
* <blockquote>{@code
* java.naming.factory.object=com.sun.jndi.ldap.AttrsToCorba:com.wiz.from.Person
* java.naming.factory.state=com.sun.jndi.ldap.CorbaToAttrs:com.wiz.from.Person
* java.naming.factory.control=com.sun.jndi.ldap.ResponseControlFactory
* }</blockquote>
*
* The JNDI class library reads the resource files and makes the property
* values freely available.  Thus JNDI resource files should be considered
* to be "world readable", and sensitive information such as clear-text
* passwords should not be stored there.
*<p>
* There are two kinds of JNDI resource files:
* <em>provider</em> and <em>application</em>.
*
* <h2>Provider Resource Files</h2>
*
* Each service provider has an optional resource that lists properties
* specific to that provider.  The name of this resource is:
* <blockquote>
* [<em>prefix</em>/]<tt>jndiprovider.properties</tt>
* </blockquote>
* where <em>prefix</em> is
* the package name of the provider's context implementation(s),
* with each period (".") converted to a slash ("/").
*
* For example, suppose a service provider defines a context
* implementation with class name <tt>com.sun.jndi.ldap.LdapCtx</tt>.
* The provider resource for this provider is named
* <tt>com/sun/jndi/ldap/jndiprovider.properties</tt>.  If the class is
* not in a package, the resource's name is simply
* <tt>jndiprovider.properties</tt>.
*
* <p>
* <a name=LISTPROPS></a>
* Certain methods in the JNDI class library make use of the standard
* JNDI properties that specify lists of JNDI factories:
* <ul>
* <li>java.naming.factory.object
* <li>java.naming.factory.state
* <li>java.naming.factory.control
* <li>java.naming.factory.url.pkgs
* </ul>
* The JNDI library will consult the provider resource file
* when determining the values of these properties.
* Properties other than these may be set in the provider
* resource file at the discretion of the service provider.
* The service provider's documentation should clearly state which
* properties are allowed; other properties in the file will be ignored.
*
* <h2>Application Resource Files</h2>
*
* When an application is deployed, it will generally have several
* codebase directories and JARs in its classpath.  Similarly, when an
* applet is deployed, it will have a codebase and archives specifying
* where to find the applet's classes.  JNDI locates (using
* {@link ClassLoader#getResources <tt>ClassLoader.getResources()</tt>})
* all <em>application resource files</em> named <tt>jndi.properties</tt>
* in the classpath.
* In addition, if the file <i>java.home</i><tt>/lib/jndi.properties</tt>
* exists and is readable,
* JNDI treats it as an additional application resource file.
* (<i>java.home</i> indicates the
* directory named by the <tt>java.home</tt> system property.)
* All of the properties contained in these files are placed
* into the environment of the initial context.  This environment
* is then inherited by other contexts.
*
* <p>
* For each property found in more than one application resource file,
* JNDI uses the first value found or, in a few cases where it makes
* sense to do so, it concatenates all of the values (details are given
* below).
* For example, if the "java.naming.factory.object" property is found in
* three <tt>jndi.properties</tt> resource files, the
* list of object factories is a concatenation of the property
* values from all three files.
* Using this scheme, each deployable component is responsible for
* listing the factories that it exports.  JNDI automatically
* collects and uses all of these export lists when searching for factory
* classes.
*
* <h2>Search Algorithm for Properties</h2>
*
* When JNDI constructs an initial context, the context's environment
* is initialized with properties defined in the environment parameter
* passed to the constructor, the system properties, the applet parameters,
* and the application resource files.  See
* <a href=InitialContext.html#ENVIRONMENT><tt>InitialContext</tt></a>
* for details.
* This initial environment is then inherited by other context instances.
*
* <p>
* When the JNDI class library needs to determine
* the value of a property, it does so by merging
* the values from the following two sources, in order:
* <ol>
* <li>The environment of the context being operated on.
* <li>The provider resource file (<tt>jndiprovider.properties</tt>)
* for the context being operated on.
* </ol>
* For each property found in both of these two sources,
* JNDI determines the property's value as follows.  If the property is
* one of the standard JNDI properties that specify a list of JNDI
* factories (listed <a href=#LISTPROPS>above</a>), the values are
* concatenated into a single colon-separated list.  For other
* properties, only the first value found is used.
*
* <p>
* When a service provider needs to determine the value of a property,
* it will generally take that value directly from the environment.
* A service provider may define provider-specific properties
* to be placed in its own provider resource file.  In that
* case it should merge values as described in the previous paragraph.
*
* <p>
* In this way, each service provider developer can specify a list of
* factories to use with that service provider. These can be modified by
* the application resources specified by the deployer of the application
* or applet, which in turn can be modified by the user.
*
* @author Rosanna Lee
* @author Scott Seligman
* @author R. Vasudevan
*
* @since 1.3


=Resource Files=


The [[#Context_Environment|environment]] may be set based on content distributed in ''resource files''. A JNDI resource file is a file in the properties file format containing a list of key/value pairs. The key is the name of the property (e.g. "java.naming.factory.object") and the value is a string in the format defined for that property.
Example:
<pre>
java.naming.factory.object=com.sun.jndi.ldap.AttrsToCorba:com.wiz.from.Person
java.naming.factory.state=com.sun.jndi.ldap.CorbaToAttrs:com.wiz.from.Person
java.naming.factory.control=com.sun.jndi.ldap.ResponseControlFactory
</pre>
Thus JNDI resource files should be considered to be "world readable", and sensitive information such as clear-text passwords should not be stored there.
==Provider Resource Files==
{{External|https://docs.oracle.com/javase/8/docs/api/javax/naming/Context.html}}
==Application Resource Files==
When an application is initialized, JNDI locates all ''application resource files'' named <tt>jndi.properties</tt>, using <tt>ClassLoader.getResources()</tt>. In addition, if the file <i>java.home</i><tt>/lib/jndi.properties</tt> exists and is readable, JNDI treats it as an additional application resource file. All of the properties contained in these files are placed into the environment of the initial context.  This environment is then inherited by other contexts.
More details {{External|https://docs.oracle.com/javase/8/docs/api/javax/naming/Context.html}}


=NameClassPair=
=NameClassPair=


The <tt>javax.naming.NameClassPair</tt> class represents the name and the class of an object bound in JNDI into a specific context. The name is the , and the class is represented by a fully qualified class name.
The <tt>javax.naming.NameClassPair</tt> class represents the name and the class of an object bound in JNDI into a specific context. The name is the , and the class is represented by a fully qualified class name.
=Federation=
=Composite and Compound Names=
=Namespaces=
==<tt>java:</tt>==
==EJB Namespaces==
{{Internal|EJB_Concepts#Namespaces|EJB JNDI Namespaces}}

Latest revision as of 17:00, 24 March 2017

Internal

Context

A JNDI context consists of name-to-object bindings. The Java implementation of the context exposes an API for examining and updating these bindings. The Context instance is not guaranteed to be synchronized against concurrent access by multiple threads. Threads that need to access a single Context instance concurrently should synchronize amongst themselves and provide the necessary locking.

Context Names

Each name passed as an argument to a Context method is relative to that context. The empty name is used to name the context itself. The names can be represented as Name instances or as String instances, and both representations are equivalent.

For systems that support federation, String names represent composite names. Name arguments that are instances of CompositeName are treated as composite names, while Name arguments that are not instances of CompositeName are treated as compound names. list() return NamingEnumerations with composite names represented as strings. For more details see Composite and Compound Names.

Initial Context

The InitialContext corresponds to the root of the naming hierarchy.

Context Environment

JNDI applications need a way to communicate various preferences and properties that define the environment in which naming and directory services are accessed. For example, a context might require specification of security credentials in order to access the service. Another context might require that server configuration information be supplied. These are referred to as the environment of a context. The Context interface provides methods for retrieving and updating this environment. The environment is inherited from the parent context as context methods proceed from one context to the next. Changes to the environment of one context do not directly affect those of other contexts.

It is implementation-dependent when environment properties are used and/or verified for validity. For example, some of the security-related properties are used by service providers to "log in" to the directory. This login process might occur at the time the context is created, or the first time a method is invoked on the context. When, and whether this occurs at all, is implementation-dependent. When environment properties are added or removed from the context, verifying the validity of the changes is again implementation-dependent. For example, verification of some properties might occur at the time the change is made, or at the time the next operation is performed on the context, or not at all.

Any object with a reference to a context may examine that context's environment. Sensitive information such as clear-text passwords should not be stored there unless the implementation is known to protect it.

Resource Files

The environment may be set based on content distributed in resource files. A JNDI resource file is a file in the properties file format containing a list of key/value pairs. The key is the name of the property (e.g. "java.naming.factory.object") and the value is a string in the format defined for that property.

Example:

java.naming.factory.object=com.sun.jndi.ldap.AttrsToCorba:com.wiz.from.Person
java.naming.factory.state=com.sun.jndi.ldap.CorbaToAttrs:com.wiz.from.Person
java.naming.factory.control=com.sun.jndi.ldap.ResponseControlFactory

Thus JNDI resource files should be considered to be "world readable", and sensitive information such as clear-text passwords should not be stored there.

Provider Resource Files

https://docs.oracle.com/javase/8/docs/api/javax/naming/Context.html

Application Resource Files

When an application is initialized, JNDI locates all application resource files named jndi.properties, using ClassLoader.getResources(). In addition, if the file java.home/lib/jndi.properties exists and is readable, JNDI treats it as an additional application resource file. All of the properties contained in these files are placed into the environment of the initial context. This environment is then inherited by other contexts.

More details

https://docs.oracle.com/javase/8/docs/api/javax/naming/Context.html

NameClassPair

The javax.naming.NameClassPair class represents the name and the class of an object bound in JNDI into a specific context. The name is the , and the class is represented by a fully qualified class name.

Federation

Composite and Compound Names

Namespaces

java:

EJB Namespaces

EJB JNDI Namespaces