Results 1 to 3 of 3

Thread: JNDI for resource lookup

  1. Jan 26th, 2010, 02:06 AM #1
    sasuke
    sasuke is offline Junior Member
    Join Date
    Mar 2009
    Posts
    11

    Default JNDI for resource lookup

    Hi all,

    I've been recently skimming through the 12th chapter of Spring in Action, 2nd edition. In the section which deals with sending mails, the author mentions:
    The mail server’s hostname and the username/password pair are explicitly configured in Spring. However, this setup may raise red flags for you with regard to security. Maybe you don’t want to hard-code this information in the Spring configuration.

    You may already have a javax.mail.MailSession configured in JNDI (or perhaps one was placed there by your application server). If so then Spring’s JavaMailSenderImpl offers you an option to use the MailSender in JNDI.
    What kind of "security" implications is the author talking about here? Does this refer to the fact that the mail configuration lies in open in plain text as opposed to being published on a server as a managed resource which can be accessed by only those people who have the password for the application-servers' management console?

    What are the practical design decisions which influence your choice of preferring one over the another (JNDI v/s non-JNDI)? Are there any reasons/motivations why an architect would bring in a full-fledged application server in the deployment cycle just to use JNDI?

    Some points which I can come up with:
    • JNDI not a feasible option unless you are using some kind of full-fledged application server.
    • JNDI a wise choice if security really becomes a concern (plain text configuration not a possibility)


    Suggestions/opinions/experiences appreciated. TIA,
    sasuke
    Reply With Quote Reply With Quote
  2. Jan 26th, 2010, 03:18 AM #2
    Marten Deinum
    Marten Deinum is offline Senior Member
    Join Date
    Jun 2006
    Location
    The Netherlands
    Posts
    13,624

    Default

    Why would you need a full fledge app server for that... Tomcat and Jetty also have JNDI support and those aren't really full fledged app servers...

    Also you probably don't want any configuration details (usernames/passwords/urls) in your xml but preferably in properties files which are easy to maintain. If you need to change the xml for each environment (dev, prod, accept) it means rebuilding the application each time.
    Marten Deinum
    Java Consultant / Pragmatist / Open Source Enthousiast / Author

    Pro Spring MVC: With Web Flow
    Conspect

    Have you read the reference guide.
    Use the [ code ] tags, young padawan
    Reply With Quote Reply With Quote
  3. Jan 26th, 2010, 04:05 AM #3
    sasuke
    sasuke is offline Junior Member
    Join Date
    Mar 2009
    Posts
    11

    Default

    Hi Marten,

    Thanks for the response. When I mentioned 'plain text' I was kinda referring to the configuration information presented as plain text via properties + Spring XML config file (using PropertyPlaceholderConfigurer). Also I'm not very sure whether a simple web container (not app server) is not required to provide JNDI support (not lookup but creation of JNDI entities) and hence my mention of full-fledged app server. :-)

    These things aside are there *really* any advantages of preferring JNDI?

    TIA,
    sasuke
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules