On Wed, 22 Dec 2021 22:01:00 GMT, Kevin Walls <kev...@openjdk.org> wrote:
>> src/jdk.jstatd/share/classes/sun/tools/jstatd/Jstatd.java line 51: >> >>> 49: private static RemoteHost remoteHost; >>> 50: >>> 51: private static final String rmiFilterPattern = >>> "sun.jvmstat.monitor.remote.RemoteVm;com.sun.proxy.jdk.proxy1.$Proxy1;com.sun.proxy.jdk.proxy1.$Proxy2;java.lang.reflect.Proxy;java.rmi.server.RemoteObjectInvocationHandler;java.rmi.server.RemoteObject;!*"; >> >> The class name of the dynamic proxy is generated at runtime and can be >> different. As Bernd commented, the proxy classes cannot/should not be >> listed in the filter pattern. > > OK thanks - I was trying the minimal pattern to overcome rejections such as > the following, captured in logs on different runs: > > <message>ObjectInputFilter REJECTED: class com.sun.proxy.jdk.proxy1.$Proxy1, > array length: -1, nRefs: 2, depth: 1, bytes: 84, ex: n/a</message> > > <message>ObjectInputFilter REJECTED: class com.sun.proxy.jdk.proxy1.$Proxy2, > array length: -1, nRefs: 2, depth: 1, bytes: 84, ex: n/a</message> I think the proxy classes need to be there. The `RemoteHost` API has a parameter of type `RemoteVm` which is a stub to an RMI remote object, which consists of a proxy and a handler. The proxy's interface list is filtered by the serialization filter so somebody can't just pass a proxy for anything. The name of the proxy class probably does need to be wildcarded though. ------------- PR: https://git.openjdk.java.net/jdk/pull/6919
