On Wed, 22 Dec 2021 21:41:13 GMT, Mandy Chung <mch...@openjdk.org> wrote:
>> Remove the use of Security Manager from jstatd. >> Add use of an ObjectInputFilter to restrict RMI. >> >> Also we can undo the property-setting Launcher.gmk change from: 8279007: >> jstatd fails to start because SecurityManager is disabled >> ..as that is no longer needed. >> >> Docs/man page update to follow (JDK-8278619). > > src/jdk.jstatd/share/classes/sun/tools/jstatd/Jstatd.java line 51: > >> 49: private static RemoteHost remoteHost; >> 50: >> 51: private static final String rmiFilterPattern = >> "sun.jvmstat.monitor.remote.RemoteVm;com.sun.proxy.jdk.proxy1.$Proxy1;com.sun.proxy.jdk.proxy1.$Proxy2;java.lang.reflect.Proxy;java.rmi.server.RemoteObjectInvocationHandler;java.rmi.server.RemoteObject;!*"; > > The class name of the dynamic proxy is generated at runtime and can be > different. As Bernd commented, the proxy classes cannot/should not be > listed in the filter pattern. OK thanks - I was trying the minimal pattern to overcome rejections such as the following, captured in logs on different runs: <message>ObjectInputFilter REJECTED: class com.sun.proxy.jdk.proxy1.$Proxy1, array length: -1, nRefs: 2, depth: 1, bytes: 84, ex: n/a</message> <message>ObjectInputFilter REJECTED: class com.sun.proxy.jdk.proxy1.$Proxy2, array length: -1, nRefs: 2, depth: 1, bytes: 84, ex: n/a</message> ------------- PR: https://git.openjdk.java.net/jdk/pull/6919
