On Wed, 5 Oct 2022 15:23:43 GMT, Aleksei Efimov <aefi...@openjdk.org> wrote:
> ### Summary of the change > This change introduces new system and security properties for specifying > factory filters for the JNDI/LDAP and the JNDI/RMI JDK provider > implementations. > > These new properties allow more granular control over the set of object > factories allowed to reconstruct Java objects from LDAP and RMI contexts. > > The new factory filters are supplementing the existing > `jdk.jndi.object.factoriesFilter` global factories filter to determine if a > specific object factory is permitted to instantiate objects for the given > protocol. > > Links: > > - [CSR with details](https://bugs.openjdk.org/browse/JDK-8291556) > - [JBS issue](https://bugs.openjdk.org/browse/JDK-8290368) > > ### List of code changes > > - Implementation for two new system and security properties have been added > to the `com.sun.naming.internal.ObjectFactoriesFilter` class > - `java.security` and `module-info.java` files have been updated with a > documentation for the new properties > - To keep API of `javax.naming.spi.NamingManager` and > `javax.naming.spi.DirectoryManager` classes unmodified a new internal > `com.sun.naming.internal.NamingManagerHelper` class has been introduced. All > `getObjectInstance` calls have been updated to use the new helper class. > > #### NamingManagerHelper changes > Changes performed to construct the `NamingManagerHelper` class: > - `DirectoryManager.getObjectInstance` -> > `NamingManagerHelper.getDirObjectInstance`. Dependant methods were also moved > to the `NamingManagerHelper` class > - `NamingManager.getObjectInstance` -> > `NamingManagerHelper.getObjectInstance`. Methods responsible for > setting/getting object factory builder were moved to the > `NamingManagerHelper` class too. > > > ### Test changes > New tests have been added for checking that new factory filters can be used > to restrict reconstruction of Java objects from LDAP and RMI contexts: > - LDAP protocol specific test: > test/jdk/com/sun/jndi/ldap/objects/factory/LdapFactoriesFilterTest.java > - RMI protocol specific test: > test/jdk/com/sun/jndi/rmi/registry/objects/RmiFactoriesFilterTest.java > Existing `test/jdk/javax/naming/module/RunBasic.java` test has been updated > to allow test-specific factories filter used to reconstruct objects from the > test LDAP server. > > ### Testing > tier1-tier3 and JNDI regression/JCK tests not showing any failures related to > this change. > No failures observed for the modified regression tests. This pull request has now been integrated. Changeset: d37ce4cd Author: Aleksei Efimov <aefi...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/d37ce4cdd18afc4facf996598f79e72aae68f4ff Stats: 1566 lines in 22 files changed: 1211 ins; 303 del; 52 mod 8290368: Introduce LDAP and RMI protocol-specific object factory filters to JNDI implementation Reviewed-by: dfuchs, rriggs, jpai ------------- PR: https://git.openjdk.org/jdk/pull/10578
