jmx-dev RFR: 8002307 javax.management.modelmbean.ModelMBeanInfoSupport may expose internal representation by storing an externally mutable object
Daniel Fuchs
daniel.fuchs at oracle.com
Tue May 28 09:34:24 PDT 2013
Hi Jaroslav,
in ModelMBeanInfoSupport:
328 modelMBeanAttributes = getAttributes();
329 modelMBeanConstructors = getConstructors();
330 modelMBeanOperations = getOperations();
331 modelMBeanNotifications = getNotifications();
I think you should call super.getXxxx() here rather than
plain getXxxx() - it would be cleaner - especially since
ModelMBeanInfoSupport is not final.
I also wonder whether lines 224-227 should be similarly modified...
-- daniel
On 5/28/13 3:04 PM, Jaroslav Bachorik wrote:
> Please, review the fix for JDK-8002307.
>
> The fix assures the immutability by cloning the provided arrays in the
> constructor and then cloning them again in the getters.
>
> The constructors are fixed in the javax/management/MBeanInfo.java and
> the arrays used in getters are cloned using an already existing
> functionality in the same class.
>
> http://cr.openjdk.java.net/~jbachorik/8002307/webrev.01
>
> Thanks,
>
> -JB-
>
More information about the jmx-dev
mailing list