JNDI Injection – Starter of Log4Shell

Web Security

Shortand version of Java Naming and Directory Interface, basically we say JDNI. It is basically a common interface for interacting with Naming and Directory Services written applications in Java. In a nutshell, it’s an API.



  • Naming Service: DNS, RMI etc.
  • Directory Service: LDAP etc.

We can think JNDI is a hashmap with a String key and Object values representing resources on the web.


What is RMI Registry?

Java Remote Method Invocation, A Java RMI registry is a simplified name service that allows clients to get a reference (a stub) to a remote object.


An RMI consists of 3 parts:

  • RMI Server: Simply created methods, objects and registers to the RMI registry.
  • RMI Registry: Holds the registered data. You can think like it’s a kind of DB.
  • RMI Client: It lookups (fetches) the object with the registered name to RMI registery, then invokes the method from RMI server.

For example, let’s think we are going to interact with a naming service such as RMI and it’s located at localhost:1099. To access this we can use RMI as a protocol: rmi://localhost:1099


The InitialContext stands for the current environment simply. The context object is constructed with the environment variables.


  • bind(String name, Object obj) method binds a name to an object

Then, simple we can bind a new object “foo” in the RMI registry:



After binding the object to RMI registry, we can access it’s methods, attributes via lookup method:


Also, we can register a new services with their provide URLs such as LDAP:


JNDI intorudces the Naming Reference:

  • Reference Address: eg: “rmi://servar/reference_name”
  • Remote Factory: Holds the location of a remote factory class to insantiate the object. Simply it holds the memory address of a factory class of an object, then we can use this object.
    • Factory Class Name: for example Hello for a class which generates objects
    • Codebase: Location of the factory class file, /path/to/hello.java


Leave a Reply