jmx-dev RFR: 8283093: JMX connections should default to using an ObjectInputFilter [v2]
Daniel Fuchs
dfuchs at openjdk.org
Wed Oct 19 16:39:02 UTC 2022
On Wed, 19 Oct 2022 16:14:16 GMT, Kevin Walls <kevinw at openjdk.org> wrote:
>> Set the management.properties "com.sun.management.jmxremote.serial.filter.pattern" value by default, to restrict types that can be deserialized.
>>
>> Use the example value from the Core Libraries guide (see section 2. Serialization Filtering / Built-in Filters / Filters for JMX), plus Subject which is needed when using authentication.
>>
>> The sun/management tests run OK with this change. The existing test sun/management/jmxremote/startstop/JMXStartStopTest.java will fail if the filter specified is made too restrictive.
>
> Kevin Walls has updated the pull request incrementally with one additional commit since the last revision:
>
> Update test to check default filter in place.
Trivially you should probably add `8283093` in the list of bugs that the test helps verify.
Also I see the test is using `Utils.getFreePort()` which is a recipe for intermittent failures (not something you should change here, unless adding the new test case increases their occurrence, but something to remember for later).
-------------
PR: https://git.openjdk.org/jdk/pull/10507
More information about the jmx-dev
mailing list