changeset 17428:b46885be0c21 jdk-9.0.4+3

8187558: Undo JDK-8159377 spec change Reviewed-by: dfuchs, rriggs, shshahma, jwilhelm, asapre
author robm
date Thu, 28 Sep 2017 15:30:52 +0100
parents 3f959d0f413c
children 0d40ce5e2249
files src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectorServer.java src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java src/java.management/share/classes/com/sun/jmx/remote/util/EnvHelp.java src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java test/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java
diffstat 5 files changed, 91 insertions(+), 68 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectorServer.java	Tue Oct 10 12:53:03 2017 -0700
+++ b/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectorServer.java	Thu Sep 28 15:30:52 2017 +0100
@@ -32,7 +32,6 @@
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-import java.io.ObjectInputFilter;
 import java.io.ObjectOutputStream;
 import java.net.MalformedURLException;
 import java.rmi.server.RMIClientSocketFactory;
@@ -102,59 +101,19 @@
         "jmx.remote.rmi.server.socket.factory";
 
     /**
-    * Name of the attribute that specifies an
-    * {@link ObjectInputFilter} pattern string to filter classes acceptable
-    * for {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
+    * Name of the attribute that specifies a list of class names acceptable
+    * as parameters to the {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
     * remote method call.
     * <p>
-    * The filter pattern must be in same format as used in
-    * {@link java.io.ObjectInputFilter.Config#createFilter}
+    * This list of classes should correspond to the transitive closure of the
+    * credentials class (or classes) used by the installed {@linkplain JMXAuthenticator}
+    * associated with the {@linkplain RMIServer} implementation.
     * <p>
-    * This list of classes allowed by filter should correspond to the
-    * transitive closure of the credentials class (or classes) used by the
-    * installed {@linkplain JMXAuthenticator} associated with the
-    * {@linkplain RMIServer} implementation.
-    * If the attribute is not set then any class is deemed acceptable.
-    * @see ObjectInputFilter
+    * If the attribute is not set, or is null, then any class is
+    * deemed acceptable.
     */
-    public static final String CREDENTIALS_FILTER_PATTERN =
-        "jmx.remote.rmi.server.credentials.filter.pattern";
-
-    /**
-     * This attribute defines a pattern from which to create a
-     * {@link java.io.ObjectInputFilter} that will be used when deserializing
-     * objects sent to the {@code JMXConnectorServer} by any client.
-     * <p>
-     * The filter will be called for any class found in the serialized
-     * stream sent to server by client, including all JMX defined classes
-     * (such as {@link javax.management.ObjectName}), all method parameters,
-     * and, if present in the stream, all classes transitively referred by
-     * the serial form of any deserialized object.
-     * The pattern must be in same format as used in
-     * {@link java.io.ObjectInputFilter.Config#createFilter}.
-     * It may define a white list of permitted classes, a black list of
-     * rejected classes, a maximum depth for the deserialized objects,
-     * etc.
-     * <p>
-     * To be functional, the filter should allow at least all the
-     * concrete types in the transitive closure of all objects that
-     * might get serialized when serializing all JMX classes referred
-     * as parameters in the {@link
-     * javax.management.remote.rmi.RMIConnection} interface,
-     * plus all classes that a {@link javax.management.remote.rmi.RMIConnector client}
-     * might need to transmit wrapped in {@linkplain java.rmi.MarshalledObject
-     * marshalled objects} in order to interoperate with the MBeans registered
-     * in the {@code MBeanServer}. That would potentially include all the
-     * concrete {@linkplain javax.management.openmbean  JMX OpenTypes} and the
-     * classes they use in their serial form.
-     * <p>
-     * Care must be taken when defining such a filter, as defining
-     * a white list too restrictive or a too wide a black list may
-     * prevent legitimate clients from interoperating with the
-     * {@code JMXConnectorServer}.
-     */
-    public static final String SERIAL_FILTER_PATTERN =
-       "jmx.remote.rmi.server.serial.filter.pattern";
+    public static final String CREDENTIAL_TYPES =
+            "jmx.remote.rmi.server.credential.types";
 
     /**
      * <p>Makes an <code>RMIConnectorServer</code>.
--- a/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java	Tue Oct 10 12:53:03 2017 -0700
+++ b/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java	Thu Sep 28 15:30:52 2017 +0100
@@ -97,22 +97,18 @@
         this.ssf = ssf;
         this.env = (env == null) ? Collections.<String, Object>emptyMap() : env;
 
-        // This attribute was represented by RMIConnectorServer.CREDENTIALS_TYPES.
-        // This attribute is superceded by
-        // RMIConnectorServer.CREDENTIALS_FILTER_PATTERN.
-        // Retaining this for backward compatibility.
         String[] credentialsTypes
-                = (String[]) this.env.get("jmx.remote.rmi.server.credential.types");
+                = (String[]) this.env.get(RMIConnectorServer.CREDENTIAL_TYPES);
 
         String credentialsFilter
-                = (String) this.env.get(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN);
+                = (String) this.env.get(EnvHelp.CREDENTIALS_FILTER_PATTERN);
 
         // It is impossible for both attributes to be specified
-        if(credentialsTypes != null && credentialsFilter != null)
+        if(credentialsTypes != null && credentialsFilter != null) {
             throw new IllegalArgumentException("Cannot specify both \""
-                    + "jmx.remote.rmi.server.credential.types" + "\" and \""
-           + RMIConnectorServer.CREDENTIALS_FILTER_PATTERN + "\"");
-        else if(credentialsFilter != null){
+                    + RMIConnectorServer.CREDENTIAL_TYPES + "\" and \""
+                    + EnvHelp.CREDENTIALS_FILTER_PATTERN + "\"");
+        } else if(credentialsFilter != null){
             cFilter = ObjectInputFilter.Config.createFilter(credentialsFilter);
             allowedTypes = null;
         }
@@ -127,7 +123,7 @@
         }
 
         String userJmxFilter =
-                (String) this.env.get(RMIConnectorServer.SERIAL_FILTER_PATTERN);
+                (String) this.env.get(EnvHelp.SERIAL_FILTER_PATTERN);
         if(userJmxFilter != null && !userJmxFilter.isEmpty())
             jmxRmiFilter = ObjectInputFilter.Config.createFilter(userJmxFilter);
         else
--- a/src/java.management/share/classes/com/sun/jmx/remote/util/EnvHelp.java	Tue Oct 10 12:53:03 2017 -0700
+++ b/src/java.management/share/classes/com/sun/jmx/remote/util/EnvHelp.java	Thu Sep 28 15:30:52 2017 +0100
@@ -53,6 +53,61 @@
 
 public class EnvHelp {
 
+   /**
+    * Name of the attribute that specifies an
+    * {@link ObjectInputFilter} pattern string to filter classes acceptable
+    * for {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
+    * remote method call.
+    * <p>
+    * The filter pattern must be in same format as used in
+    * {@link java.io.ObjectInputFilter.Config.createFilter}
+    * <p>
+    * This list of classes allowed by filter should correspond to the
+    * transitive closure of the credentials class (or classes) used by the
+    * installed {@linkplain JMXAuthenticator} associated with the
+    * {@linkplain RMIServer} implementation.
+    * If the attribute is not set then any class is deemed acceptable.
+    * @see ObjectInputFilter
+    */
+    public static final String CREDENTIALS_FILTER_PATTERN =
+        "jmx.remote.rmi.server.credentials.filter.pattern";
+
+    /**
+     * This attribute defines a pattern from which to create a
+     * {@link java.io.ObjectInputFilter} that will be used when deserializing
+     * objects sent to the {@code JMXConnectorServer} by any client.
+     * <p>
+     * The filter will be called for any class found in the serialized
+     * stream sent to server by client, including all JMX defined classes
+     * (such as {@link javax.management.ObjectName}), all method parameters,
+     * and, if present in the stream, all classes transitively referred by
+     * the serial form of any deserialized object.
+     * The pattern must be in same format as used in
+     * {@link java.io.ObjectInputFilter.Config.createFilter}.
+     * It may define a white list of permitted classes, a black list of
+     * rejected classes, a maximum depth for the deserialized objects,
+     * etc.
+     * <p>
+     * To be functional, the filter should allow at least all the
+     * concrete types in the transitive closure of all objects that
+     * might get serialized when serializing all JMX classes referred
+     * as parameters in the {@link
+     * javax.management.remote.rmi.RMIConnection} interface,
+     * plus all classes that a {@link javax.management.remote.rmi.RMIConnectorClient}
+     * might need to transmit wrapped in {@linkplain java.rmi.MarshalledObject
+     * marshalled objects} in order to interoperate with the MBeans registered
+     * in the {@code MBeanServer}. That would potentially include all the
+     * concrete {@linkplain javax.management.openmbean  JMX OpenTypes} and the
+     * classes they use in their serial form.
+     * <p>
+     * Care must be taken when defining such a filter, as defining
+     * a white list too restrictive or a too wide a black list may
+     * prevent legitimate clients from interoperating with the
+     * {@code JMXConnectorServer}.
+     */
+    public static final String SERIAL_FILTER_PATTERN =
+       "jmx.remote.rmi.server.serial.filter.pattern";
+
     /**
      * Name of the attribute that specifies a default class loader
      * object.
--- a/src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java	Tue Oct 10 12:53:03 2017 -0700
+++ b/src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java	Thu Sep 28 15:30:52 2017 +0100
@@ -514,7 +514,8 @@
         // This RMI server should not keep the VM alive
         Map<String, Object> env = new HashMap<>();
         env.put(RMIExporter.EXPORTER_ATTRIBUTE, new PermanentExporter());
-        env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN, String.class.getName() + ";!*");
+        env.put("jmx.remote.rmi.server.credentials.filter.pattern",
+                String.class.getName() + ";!*");
 
         // The local connector server need only be available via the
         // loopback connection.
@@ -540,6 +541,10 @@
             if (props ==  null) {
                 props = new Properties();
             }
+            String jmxRmiFilter = props.getProperty(PropertyNames.SERIAL_FILTER_PATTERN);
+            if (jmxRmiFilter != null && !jmxRmiFilter.isEmpty()) {
+                env.put("jmx.remote.rmi.server.serial.filter.pattern", jmxRmiFilter);
+            }
             String useLocalOnlyStr = props.getProperty(
                     PropertyNames.USE_LOCAL_ONLY, DefaultValues.USE_LOCAL_ONLY);
             boolean useLocalOnly = Boolean.valueOf(useLocalOnlyStr).booleanValue();
@@ -746,10 +751,11 @@
         PermanentExporter exporter = new PermanentExporter();
 
         env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter);
-        env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN, String.class.getName() + ";!*");
+        env.put("jmx.remote.rmi.server.credentials.filter.pattern",
+                String.class.getName() + ";!*");
 
         if(jmxRmiFilter != null && !jmxRmiFilter.isEmpty()) {
-            env.put(RMIConnectorServer.SERIAL_FILTER_PATTERN, jmxRmiFilter);
+            env.put("jmx.remote.rmi.server.serial.filter.pattern", jmxRmiFilter);
         }
 
         boolean useSocketFactory = bindAddress != null && !useSsl;
--- a/test/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java	Tue Oct 10 12:53:03 2017 -0700
+++ b/test/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java	Thu Sep 28 15:30:52 2017 +0100
@@ -45,6 +45,15 @@
 
 public class NewRMIClientFilterTest {
 
+   /**
+    * Name of the attribute that specifies an
+    * {@link ObjectInputFilter} pattern string to filter classes acceptable
+    * for {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
+    * remote method call.
+    */
+    static final String CREDENTIALS_FILTER_PATTERN =
+        "jmx.remote.rmi.server.credentials.filter.pattern";
+
     public static void main(String[] args) throws Exception {
         System.out.println("---NewRMIClientFilterTest-main: starting ...");
         String filter1 = java.lang.String.class.getName() + ";!*";
@@ -64,8 +73,7 @@
         server.stop();
 
         System.out.println("\n---NewRMIClientFilterTest-main: testing types = String[]");
-        env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN,
-                filter1);
+        env.put(CREDENTIALS_FILTER_PATTERN, filter1);
         server = newServer(url, env);
         serverUrl = server.getAddress();
         doTest(serverUrl, null);
@@ -80,8 +88,7 @@
         }
 
         System.out.println("\n---NewRMIClientFilterTest-main: testing user specific types = String, MyCredentials");
-        env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN,
-                filter2);
+        env.put(CREDENTIALS_FILTER_PATTERN, filter2);
         server = newServer(url, env);
         serverUrl = server.getAddress();
         doTest(serverUrl, null);