RFR: 8290367: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property

Aleksei Efimov aefimov at openjdk.org
Fri Sep 9 11:12:45 UTC 2022 

### Summary of the change

The LDAP Naming Service Provider implementation's default settings are changed to disallow deserialization and reconstruction of Java objects from different LDAP attributes (RFC 2713). Currently, only the deserialization is controlled by the `com.sun.jndi.ldap.object.trustSerialData` system property, and it is allowed by default.
The change proposed here switches the default value of the` com.sun.jndi.ldap.object.trustSerialData `system property to `"false"`, and also extends its scope to cover the reconstruction of RMI remote objects from the `javaRemoteLocation` LDAP attribute.

CSR for this change can be viewed [here](https://bugs.openjdk.org/browse/JDK-8290369).

### List of code changes
- Switch the default value of the 'com.sun.jndi.ldap.object.trustSerialData' system property to "false".

- Extend the scope of the property to also cover the reconstruction of RMI remote objects from the deprecated 'javaRemoteLocation' LDAP attribute.

- Document the support for `javaRemoteLocation` and the `javaReferenceAddress` LDAP attributes in `java.naming`'s module-info.

### Test changes
- New `test/jdk/com/sun/jndi/ldap/objects/RemoteLocationAttributeTest.java` test has been added to test that `com.sun.jndi.ldap.object.trustSerialData` system property can be used to control reconstruction of RMI objects from the `javaRemoteLocation` LDAP attribute.

-  `test/jdk/javax/naming/module/RunBasic.java` was modified to pass `com.sun.jndi.ldap.object.trustSerialData=true` to the sub-tests that rely on reconstruction/deserialization from LDAP attributes. 

- During the update for `test/jdk/javax/naming/module/RunBasic.java`, it was spotted that sub-tests apps launched in separate processes were returning the '0' exit value irrelevant to their execution status. All these sub-tests were modified to throw an exception when failure is observed. It helps to ensure that the exit value of launched process is not '0' for failed sub-tests.

### Testing

`tier1`-`tier3` and JNDI regression/JCK tests not showing any failures related to this change.
No failures observed for the modified regression tests.

-------------

Commit messages:
 - Update storeFruit sub-test parameters
 - Move and modify the SP description in module-info
 - Update trustSerialData description in java.naming module-info
 - Update and move trustSerialData description
 - 8290367: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property

Changes: https://git.openjdk.org/jdk/pull/10228/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=10228&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8290367
  Stats: 254 lines in 13 files changed: 208 ins; 3 del; 43 mod
  Patch: https://git.openjdk.org/jdk/pull/10228.diff
  Fetch: git fetch https://git.openjdk.org/jdk pull/10228/head:pull/10228

PR: https://git.openjdk.org/jdk/pull/10228

More information about the core-libs-dev mailing list