Module java.naming

module java.naming
Defines the Java Naming and Directory Interface (JNDI) API.

Common standard JNDI environment properties that may be supported by JNDI providers are defined and documented in Context. Specific JNDI provider implementations may also support other environment or system properties, which are specific to their implementation.

Implementation Note:
The following implementation specific environment properties are supported by the default LDAP Naming Service Provider implementation in the JDK:
  • com.sun.jndi.ldap.connect.timeout:
    The value of this property is the string representation of an integer representing the connection timeout in milliseconds. If the LDAP provider cannot establish a connection within that period, it aborts the connection attempt. The integer should be greater than zero. An integer less than or equal to zero means to use the network protocol's (i.e., TCP's) timeout value.
    If this property is not specified, the default is to wait for the connection to be established or until the underlying network times out.
  • com.sun.jndi.ldap.read.timeout:
    The value of this property is the string representation of an integer representing the read timeout in milliseconds for LDAP operations. If the LDAP provider cannot get a LDAP response within that period, it aborts the read attempt. The integer should be greater than zero. An integer less than or equal to zero means no read timeout is specified which is equivalent to waiting for the response infinitely until it is received.
    If this property is not specified, the default is to wait for the response until it is received.
  • com.sun.jndi.ldap.tls.cbtype:
    The value of this property is the string representing the TLS Channel Binding type required for an LDAP connection over SSL/TLS. Possible value is :
    • "tls-server-end-point" - Channel Binding data is created on the basis of the TLS server certificate.

    "tls-unique" TLS Channel Binding type is specified in RFC-5929 but not supported.
    If this property is not specified, the client does not send channel binding information to the server.

The following implementation specific system properties are supported by the default LDAP Naming Service Provider implementation in the JDK:

  • com.sun.jndi.ldap.object.trustSerialData:
    The value of this system property is the string representation of a boolean value that controls the deserialization of java objects from the javaSerializedData LDAP attribute, reconstruction of RMI references from the javaRemoteLocation LDAP attribute, and reconstruction of binary reference addresses from the javaReferenceAddress LDAP attribute. To allow the deserialization or reconstruction of java objects from javaSerializedData, javaRemoteLocation or javaReferenceAddress attributes, the system property value can be set to true (case insensitive).
    If the property is not specified the deserialization of java objects from the javaSerializedData, the javaRemoteLocation, or javaReferenceAddress attributes is not allowed.
  • jdk.jndi.object.factoriesFilter:
    The value of this system property defines a filter used by the JNDI runtime implementation to control the set of object factory classes which will be allowed to instantiate objects from object references returned by naming/directory systems. The factory class named by the reference instance will be matched against this filter. The filter property supports pattern-based filter syntax with the same format as jdk.serialFilter. Limit patterns specified in the filter property are unused. This property can also be specified as a security property. This property is also supported by the default JNDI RMI Provider.
    The default value allows any object factory class specified by the reference instance to recreate the referenced object.
  • jdk.jndi.ldap.object.factoriesFilter:
    The value of this system property defines a filter used by the JDK LDAP provider implementation to further restrict the set of object factory classes which will be allowed to instantiate objects from object references returned by LDAP systems. The factory class named by the reference instance first will be matched against this specific filter and then against the global filter. The factory class is rejected if any of these two filters reject it, or if none of them allow it. The filter property supports pattern-based filter syntax with the same format as jdk.serialFilter. Limit patterns specified in the filter property are unused.
    The default value allows any object factory class provided by the JDK LDAP provider implementation.
    This system property will be used to filter LDAP specific object factories only if global ObjectFactoryBuilder is not set.

Other providers may define additional properties in their module description:

Since:
9

  • Packages

    Exports
    Package
    Description
    javax.naming
    Provides the classes and interfaces for accessing naming services.
    javax.naming.directory
    Extends the javax.naming package to provide functionality for accessing directory services.
    javax.naming.event
    Provides support for event notification when accessing naming and directory services.
    javax.naming.ldap
    Provides support for LDAPv3 extended operations and controls.
    javax.naming.ldap.spi
     
    javax.naming.spi
    Provides the means for dynamically plugging in support for accessing naming and directory services through the javax.naming and related packages.

  • Services

    Provides
    Type
    Description
    Provider
    This class represents a "provider" for the Java Security API, where a provider implements some or all parts of Java Security.
    Uses
    Type
    Description
    InitialContextFactory
    This interface represents a factory that creates an initial context.
    LdapDnsProvider
    Service-provider class for DNS lookups when performing LDAP operations.
    StartTlsResponse
    This class implements the LDAPv3 Extended Response for StartTLS as defined in Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security The object identifier for StartTLS is 1.3.6.1.4.1.1466.20037 and no extended response value is defined.