JNDI Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
 
(16 intermediate revisions by the same user not shown)
Line 17: Line 17:
The <tt>InitialContext</tt> corresponds to the root of the naming hierarchy.
The <tt>InitialContext</tt> corresponds to the root of the naming hierarchy.


==Context Environment==


JNDI applications need a way to communicate various preferences and properties that define the environment in which naming and directory services are accessed. For example, a context might require specification of security credentials in order to access the service. Another context might require that server configuration information be supplied. These are referred to as the <em>environment</em> of a context. The <tt>Context</tt> interface provides methods for retrieving and updating this environment. The environment is inherited from the parent context as context methods proceed from one context to the next. Changes to the environment of one context do not directly affect those of other contexts.
JNDI applications need a way to communicate various preferences and properties that define the environment in which naming and directory services are accessed. For example, a context might require specification of security credentials in order to access the service. Another context might require that server configuration information be supplied. These are referred to as the <em>environment</em> of a context. The <tt>Context</tt> interface provides methods for retrieving and updating this environment. The environment is inherited from the parent context as context methods proceed from one context to the next. Changes to the environment of one context do not directly affect those of other contexts.


It is implementation-dependent when environment properties are used and/or verified for validity.  For example, some of the security-related properties are used by service providers to "log in" to the directory.  This login process might occur at the time the context is created, or the first time a method is invoked on the context.  When, and whether this occurs at all, is implementation-dependent.  When environment properties are added or removed from the context, verifying the validity of the changes is again implementation-dependent. For example, verification of some properties might occur at the time the change is made, or at the time the next operation is performed on the context, or not at all.
It is implementation-dependent when environment properties are used and/or verified for validity.  For example, some of the security-related properties are used by service providers to "log in" to the directory.  This login process might occur at the time the context is created, or the first time a method is invoked on the context.  When, and whether this occurs at all, is implementation-dependent.  When environment properties are added or removed from the context, verifying the validity of the changes is again implementation-dependent. For example, verification of some properties might occur at the time the change is made, or at the time the next operation is performed on the context, or not at all.
Line 25: Line 25:
Any object with a reference to a context may examine that context's environment.  Sensitive information such as clear-text passwords should not be stored there unless the implementation is known to protect it.
Any object with a reference to a context may examine that context's environment.  Sensitive information such as clear-text passwords should not be stored there unless the implementation is known to protect it.


*<a name=RESOURCEFILES></a>
=Resource Files=
*<h1>Resource Files</h1>
 
*<p>
The [[#Context_Environment|environment]] may be set based on content distributed in ''resource files''. A JNDI resource file is a file in the properties file format containing a list of key/value pairs. The key is the name of the property (e.g. "java.naming.factory.object") and the value is a string in the format defined for that property.
* To simplify the task of setting up the environment
 
* required by a JNDI application,
Example:
* application components and service providers may be distributed
 
* along with <em>resource files.</em>
<pre>
* A JNDI resource file is a file in the properties file format (see
java.naming.factory.object=com.sun.jndi.ldap.AttrsToCorba:com.wiz.from.Person
* {@link java.util.Properties#load <tt>java.util.Properties</tt>}),
java.naming.factory.state=com.sun.jndi.ldap.CorbaToAttrs:com.wiz.from.Person
* containing a list of key/value pairs.
java.naming.factory.control=com.sun.jndi.ldap.ResponseControlFactory
* The key is the name of the property (e.g. "java.naming.factory.object")
</pre>
* and the value is a string in the format defined
 
* for that property. Here is an example of a JNDI resource file:
Thus JNDI resource files should be considered to be "world readable", and sensitive information such as clear-text passwords should not be stored there.
*
 
* <blockquote>{@code
==Provider Resource Files==
* java.naming.factory.object=com.sun.jndi.ldap.AttrsToCorba:com.wiz.from.Person
 
* java.naming.factory.state=com.sun.jndi.ldap.CorbaToAttrs:com.wiz.from.Person
{{External|https://docs.oracle.com/javase/8/docs/api/javax/naming/Context.html}}
* java.naming.factory.control=com.sun.jndi.ldap.ResponseControlFactory
 
* }</blockquote>
==Application Resource Files==
*
 
* The JNDI class library reads the resource files and makes the property
When an application is initialized, JNDI locates all ''application resource files'' named <tt>jndi.properties</tt>, using <tt>ClassLoader.getResources()</tt>. In addition, if the file <i>java.home</i><tt>/lib/jndi.properties</tt> exists and is readable, JNDI treats it as an additional application resource file. All of the properties contained in these files are placed into the environment of the initial context.  This environment is then inherited by other contexts.
* values freely available.  Thus JNDI resource files should be considered
 
* to be "world readable", and sensitive information such as clear-text
More details {{External|https://docs.oracle.com/javase/8/docs/api/javax/naming/Context.html}}
* passwords should not be stored there.
*<p>
* There are two kinds of JNDI resource files:
* <em>provider</em> and <em>application</em>.
*
* <h2>Provider Resource Files</h2>
*
* Each service provider has an optional resource that lists properties
* specific to that provider.  The name of this resource is:
* <blockquote>
* [<em>prefix</em>/]<tt>jndiprovider.properties</tt>
* </blockquote>
* where <em>prefix</em> is
* the package name of the provider's context implementation(s),
* with each period (".") converted to a slash ("/").
*
* For example, suppose a service provider defines a context
* implementation with class name <tt>com.sun.jndi.ldap.LdapCtx</tt>.
* The provider resource for this provider is named
* <tt>com/sun/jndi/ldap/jndiprovider.properties</tt>.  If the class is
* not in a package, the resource's name is simply
* <tt>jndiprovider.properties</tt>.
*
* <p>
* <a name=LISTPROPS></a>
* Certain methods in the JNDI class library make use of the standard
* JNDI properties that specify lists of JNDI factories:
* <ul>
* <li>java.naming.factory.object
* <li>java.naming.factory.state
* <li>java.naming.factory.control
* <li>java.naming.factory.url.pkgs
* </ul>
* The JNDI library will consult the provider resource file
* when determining the values of these properties.
* Properties other than these may be set in the provider
* resource file at the discretion of the service provider.
* The service provider's documentation should clearly state which
* properties are allowed; other properties in the file will be ignored.
*
* <h2>Application Resource Files</h2>
*
* When an application is deployed, it will generally have several
* codebase directories and JARs in its classpath.  Similarly, when an
* applet is deployed, it will have a codebase and archives specifying
* where to find the applet's classes.  JNDI locates (using
* {@link ClassLoader#getResources <tt>ClassLoader.getResources()</tt>})
* all <em>application resource files</em> named <tt>jndi.properties</tt>
* in the classpath.
* In addition, if the file <i>java.home</i><tt>/lib/jndi.properties</tt>
* exists and is readable,
* JNDI treats it as an additional application resource file.
* (<i>java.home</i> indicates the
* directory named by the <tt>java.home</tt> system property.)
* All of the properties contained in these files are placed
* into the environment of the initial context.  This environment
* is then inherited by other contexts.
*
* <p>
* For each property found in more than one application resource file,
* JNDI uses the first value found or, in a few cases where it makes
* sense to do so, it concatenates all of the values (details are given
* below).
* For example, if the "java.naming.factory.object" property is found in
* three <tt>jndi.properties</tt> resource files, the
* list of object factories is a concatenation of the property
* values from all three files.
* Using this scheme, each deployable component is responsible for
* listing the factories that it exports.  JNDI automatically
* collects and uses all of these export lists when searching for factory
* classes.
*
* <h2>Search Algorithm for Properties</h2>
*
* When JNDI constructs an initial context, the context's environment
* is initialized with properties defined in the environment parameter
* passed to the constructor, the system properties, the applet parameters,
* and the application resource files.  See
* <a href=InitialContext.html#ENVIRONMENT><tt>InitialContext</tt></a>
* for details.
* This initial environment is then inherited by other context instances.
*
* <p>
* When the JNDI class library needs to determine
* the value of a property, it does so by merging
* the values from the following two sources, in order:
* <ol>
* <li>The environment of the context being operated on.
* <li>The provider resource file (<tt>jndiprovider.properties</tt>)
* for the context being operated on.
* </ol>
* For each property found in both of these two sources,
* JNDI determines the property's value as follows.  If the property is
* one of the standard JNDI properties that specify a list of JNDI
* factories (listed <a href=#LISTPROPS>above</a>), the values are
* concatenated into a single colon-separated list. For other
* properties, only the first value found is used.
*
* <p>
* When a service provider needs to determine the value of a property,
* it will generally take that value directly from the environment.
* A service provider may define provider-specific properties
* to be placed in its own provider resource file.  In that
* case it should merge values as described in the previous paragraph.
*
* <p>
* In this way, each service provider developer can specify a list of
* factories to use with that service provider. These can be modified by
* the application resources specified by the deployer of the application
* or applet, which in turn can be modified by the user.
*
* @author Rosanna Lee
* @author Scott Seligman
* @author R. Vasudevan
*
* @since 1.3


=NameClassPair=
=NameClassPair=
Line 173: Line 57:
=Composite and Compound Names=
=Composite and Compound Names=


=Composite and Compound Names=
=Namespaces=
 
==<tt>java:</tt>==
 
==EJB Namespaces==
 
{{Internal|EJB_Concepts#Namespaces|EJB JNDI Namespaces}}

Latest revision as of 17:00, 24 March 2017

Internal

Context

A JNDI context consists of name-to-object bindings. The Java implementation of the context exposes an API for examining and updating these bindings. The Context instance is not guaranteed to be synchronized against concurrent access by multiple threads. Threads that need to access a single Context instance concurrently should synchronize amongst themselves and provide the necessary locking.

Context Names

Each name passed as an argument to a Context method is relative to that context. The empty name is used to name the context itself. The names can be represented as Name instances or as String instances, and both representations are equivalent.

For systems that support federation, String names represent composite names. Name arguments that are instances of CompositeName are treated as composite names, while Name arguments that are not instances of CompositeName are treated as compound names. list() return NamingEnumerations with composite names represented as strings. For more details see Composite and Compound Names.

Initial Context

The InitialContext corresponds to the root of the naming hierarchy.

Context Environment

JNDI applications need a way to communicate various preferences and properties that define the environment in which naming and directory services are accessed. For example, a context might require specification of security credentials in order to access the service. Another context might require that server configuration information be supplied. These are referred to as the environment of a context. The Context interface provides methods for retrieving and updating this environment. The environment is inherited from the parent context as context methods proceed from one context to the next. Changes to the environment of one context do not directly affect those of other contexts.

It is implementation-dependent when environment properties are used and/or verified for validity. For example, some of the security-related properties are used by service providers to "log in" to the directory. This login process might occur at the time the context is created, or the first time a method is invoked on the context. When, and whether this occurs at all, is implementation-dependent. When environment properties are added or removed from the context, verifying the validity of the changes is again implementation-dependent. For example, verification of some properties might occur at the time the change is made, or at the time the next operation is performed on the context, or not at all.

Any object with a reference to a context may examine that context's environment. Sensitive information such as clear-text passwords should not be stored there unless the implementation is known to protect it.

Resource Files

The environment may be set based on content distributed in resource files. A JNDI resource file is a file in the properties file format containing a list of key/value pairs. The key is the name of the property (e.g. "java.naming.factory.object") and the value is a string in the format defined for that property.

Example: 

java.naming.factory.object=com.sun.jndi.ldap.AttrsToCorba:com.wiz.from.Person
java.naming.factory.state=com.sun.jndi.ldap.CorbaToAttrs:com.wiz.from.Person
java.naming.factory.control=com.sun.jndi.ldap.ResponseControlFactory

Thus JNDI resource files should be considered to be "world readable", and sensitive information such as clear-text passwords should not be stored there.

Provider Resource Files

https://docs.oracle.com/javase/8/docs/api/javax/naming/Context.html

Application Resource Files

When an application is initialized, JNDI locates all application resource files named jndi.properties, using ClassLoader.getResources(). In addition, if the file java.home/lib/jndi.properties exists and is readable, JNDI treats it as an additional application resource file. All of the properties contained in these files are placed into the environment of the initial context. This environment is then inherited by other contexts.

More details

https://docs.oracle.com/javase/8/docs/api/javax/naming/Context.html

NameClassPair

The javax.naming.NameClassPair class represents the name and the class of an object bound in JNDI into a specific context. The name is the , and the class is represented by a fully qualified class name.

Federation

Composite and Compound Names

Namespaces

java:

EJB Namespaces

EJB JNDI Namespaces
Retrieved from "https://kb.novaordis.com/index.php?title=JNDI_Concepts&oldid=18877"