jmx-dev RFR: 8010285 Enforce the requirement of Management Interfaces being public
Eamonn McManus
eamonn at mcmanus.net
Wed May 29 08:33:21 PDT 2013
I would recommend against changing the code to do additional calls to
Class.forName during MBean introspection. As I recall we made the opposite
change some years ago, both because Class.forName can be slow (it may call
out to a user ClassLoader) and because it is a potential source of security
problems.
Éamonn
2013/5/29 Jaroslav Bachorik <jaroslav.bachorik at oracle.com>
> Updated webrev - http://cr.openjdk.java.net/~jbachorik/8010285/webrev.01
>
> It adds regtests and takes care of the comments from David and Shanliang.
>
> -JB-
>
> On 05/28/2013 04:22 PM, Jaroslav Bachorik wrote:
> > The fix enforces the management interfaces (read MBean and MXBean
> > interfaces) being public. While this is defined in the specification it
> > was not enforced in any way and it was allowed to create MBeans for eg.
> > private MBean interfaces.
> >
> > The fix adds checks when creating and registering MBeans and throws
> > javax.management.NotCompliantMBeanException when a user tries to create
> > an MBean with non-public management interface.
> >
> > Since this change can cause problems for users having non-public
> > management interfaces a system property is introduced that will revert
> > to the old behaviour when set (com.sun.jmx.mbeans.allowNonPublic).
> >
> > Thanks,
> >
> > -JB-
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/serviceability-dev/attachments/20130529/a219eadc/attachment.html
More information about the serviceability-dev
mailing list