12.2 Requirements for Oracle JVM Support for JNDI
This section describes the implementation requirements for JNDI support in the Oracle JVM. This section is divided into the following sections:
12.2.1 Namespace
The namespace is represented similarly as in the typical Unix File System structure. The root directory and the directory separator are represented by the slash symbol (/). The root directory is owned by SYS and only SYS can create new subdirectories under it.
The following two directories (DirContexts) are created during the installation process of OJDS:
-
/publicdirectoryThe
/publicdirectory is a public area for testing and any user can bind, delete, or lookup objects in this directory. -
/etcdirectoryThe
/etcdirectory is an area for the deployment of all production type objects that a client may need and is protected from any update or removal. The/etcdirectory is writable only by theSYSuser, but is readable by all users.
12.2.1.1 Object permissions
You can assign permissions to the objects stored in the directory structure. These permissions are a union of the following permissions:
-
Read
-
Write
-
Execute
The following table describes the permissions that you can assign to the objects stored in the directory structure:
| Action | Parent Context Permissions | Child (obj/ctx) Permissions |
|---|---|---|
|
|
Write |
NA |
|
|
Write |
Write |
|
|
Write |
NA |
|
|
Read |
Read |
|
|
Write |
Write |
|
|
Write |
Write |
|
|
Read |
Read |
|
|
Read |
Read |
|
|
Read |
Read |
|
|
Read |
Read |
|
|
Write |
Write (if exists) |
|
|
Read |
Read |
Note:
All parent contexts must have Execute permission for operations to succeed.
12.2.1.2 Persistent Storage Tables, Indexes, and Sequences
The database tables owned by OJVMSYS store the following details for each object:
-
Namespace metadata
-
Bound names
-
Attributes
-
Permissions
-
Stored object representations
12.2.1.3 Initial Contexts and Permissions
The following table shows the contexts that are created by default at the time of installation:
| Name | Owner | Read | Write | Execute |
|---|---|---|---|---|
|
/ |
SYS |
PUBLIC |
SYS |
PUBLIC |
|
/public |
SYS |
PUBLIC |
PUBLIC |
PUBLIC |
|
/etc |
SYS |
PUBLIC |
SYS |
PUBLIC |
12.2.2 Oracle Java Directory Service JNDI Name Space Provider
This section describes the following Oracle Java Directory Service concepts:
12.2.2.1 Directory Context
The Oracle Java Directory Service (OJDS) must implement the interface as specified by the javax.naming.directory.DirContext context. The javax.naming.directory.DirContext context, the oracle.aurora.jndi.ojds.OjdsServerContext context, and the oracle.aurora.jndi.ojds.OjdsClientContext context provide the methods for examining and updating attributes associated with the objects, and enables searches of the directory for server-side and client-side executions respectively.
The following table describes the JNDI properties that you can use for creating a context or using a context:
| Package Name | Description |
|---|---|
|
|
Specifies what class to use to create initial contexts for the application. The |
|
|
Specifies the user ID for creating a database connection. You must specify the value for this property. |
|
|
Specifies the password for creating a database connection. You must specify the value for this property. |
|
|
Specifies the connection URL for creating a database connection. This property is optional. |
|
|
Is a colon separated list of URL handlers for specific JNDI implementations. The |
12.2.2.2 StateFactories
A StateFactory transforms a Java object into an object that can be stored in the implementing JNDI provider. The OJDS converts all the objects to bind to a serialized object. OJDS follows the specifications of the java.io.Serializable interface and the Java Object Serialization Specification for this conversion. Once serialized, the object is stored in the OJDS persistent store. No external StateFactories are supported for OJDS.
12.2.2.3 ObjectFactories
An ObjectFactory takes objects stored in the implementing JNDI provider and converts them to back into Java objects.The OJDS does not support external ObjectFactories. The serialized objects are created from their binary form that are retrieved from the OJDS persistent store. After an object is deserialized, OJDS handles the object in one of the following ways:
-
If the object is a
Context, then theconnectionand theenvfields are set and aDirContextis returned. -
If the object is a
javax.naming.Reference, then you can use theDirectoryManager.getObjectInstancemethod to create the object. -
If the object is neither a
Contextnor ajavax.naming.Reference, then the object is returned as it is to the user.
The retrieved bytes specifying an object must conform to the java.io.Serializable interface standards. If the class implementing the object changes on the client, then the deserialization of the object can fail. So, you must be careful to maintain compatibility between the object bytes and the class or object stream deserializing the object bytes.
12.2.2.4 OJDS URL Support
The OJDS supports a URL specified in the following format:
ojds://jdbc_connection_url/path…/object
In the preceding syntax:
-
jdbc_connection_urlis one of the supported JDBC connection URLs. You must specify thejdbc_connection_urlin the URL to connect to the directory.Note:
The OJDS provider supports both the thin and OCI URLs for a JDK-based external client. For example, you can use the following URLs for thin driver and OCI driver respectively:
thin:localhost:5521:mysid oci:22.133.242:5521:mysid
However, OJDS URL support in the server is only for thin connection type. You must set a value for
Context.SECURITY_PRINCIPALandContext.SECURITY_CREDENTIALSto complete the URL connection. -
pathis a slashFoot 1-separated list similar to a Unix type file system. This represents nodes in the Directory tree. -
objectis the actual terminal object name in the context. If the object is omitted, then the path terminates in a slash (/). In such a case, aDirContextis returned representing this path as the root.
Example
The following code snippet shows how to look up for the object myobj of type MyObj in the directory /one/two using the OCI driver connected as user HR:
import javax.naming.*;
.
.
.
Hashtable env = new Hashtable();
env.put(“java.naming.security.principal",“HR");
@ env.put(“java.naming.security.credentials","<password>");
MyObj obj = (MyObj)(new InitialDirContext(env)).lookup(ojds://oci:host1:5521:mysid/one/two/myobj");
12.2.3 Namespace Browser
The namespace browser enables browsing permissions and properties of objects stored in the OJDS. The existing ojvmjava utility is enhanced to support the operations as described in the following table:
| Command Name | Description |
|---|---|
|
|
Lists the contents of a context similar to Unix |
|
|
Removes the context or an object. |
|
|
Creates a context in the OJDS. |
|
|
Changes the owner of the given context, object, and so on. |
|
|
Changes rights on objects or contexts. |
|
|
Changes the working context. |
|
|
Lists the current working context. |
|
|
Refers to the same object by using different names, similar to a symbolic link in Unix. |
|
|
Changes or rebinds old names of a context (or object), to a new name. |
|
|
Binds an object reference or naming context into the JNDI namespace. |
|
|
Binds a Data Source object to a given context. |
|
|
Binds a URL object to the given context. |
Related Topics
Footnote Legend
Footnote 1:The slash symbol (\)