Java System Properties
Quick Reference Guide

com.sun.jndi.ldap.object.trustSerialData Java System Property

The com.sun.jndi.ldap.object.trustSerialData java system property controls the control the deserialization of java objects from the javaSerializedData LDAP attribute

Default Value

true or false

As of Java 20 the default value is false:

If the property is not specified the deserialization of java objects from the javaSerializedData, the javaRemoteLocation, or javaReferenceAddress attributes is not allowed.
via: java.naming module summary in Java 20

Overview of com.sun.jndi.ldap.object.trustSerialData

Java's JNDI LDAP provider implements RFC 2713 (Schema for Representing Java Objects in an LDAP Directory) and the javaRemoteLocation LDAP attribute (RMI remote object deserialization). These implementation bindings can allow for the deserialization of Java objects.

Related Properties

Security Tip

Avoid setting com.sun.jndi.ldap.object.trustSerialData to true, as it may open you up to security risk.


Supported Since

Java has supported the com.sun.jndi.ldap.object.trustSerialData system property since Java 8u311, Java 11.0.13 and Java 17.0.1.

Setting com.sun.jndi.ldap.object.trustSerialData on Startup

You can set the com.sun.jndi.ldap.object.trustSerialData java system property during startup of the java runtime using the -D command line argument:

java -Dcom.sun.jndi.ldap.object.trustSerialData=false MyAppMain

You may also be able to specify com.sun.jndi.ldap.object.trustSerialData via the JAVA_TOOL_OPTIONS environment variable:


Setting / Reading com.sun.jndi.ldap.object.trustSerialData at Runtime

You can set com.sun.jndi.ldap.object.trustSerialData at runtime with the following Java code:

System.setProperty("com.sun.jndi.ldap.object.trustSerialData", "false");

WARNING: Depending on the property and JVM version using setProperty may or may not work if the JDK Java class that uses this variable has already been loaded. The value of the com.sun.jndi.ldap.object.trustSerialData system property may be cached within an internal private static variable of the implementing class.

To read the value of com.sun.jndi.ldap.object.trustSerialData at runtime, you can use this Java code:

String propertyValue = System.getProperty("com.sun.jndi.ldap.object.trustSerialData");
if (propertyValue != null) {
    System.out.println("com.sun.jndi.ldap.object.trustSerialData = " + propertyValue);
} else {
    System.out.println("com.sun.jndi.ldap.object.trustSerialData was null");