jmx-dev RFR: 8010285 Enforce the requirement of Management Interfaces being public
Jaroslav Bachorik
jaroslav.bachorik at oracle.com
Wed May 29 10:17:35 PDT 2013
On Wed 29 May 2013 05:33:21 PM CEST, Eamonn McManus wrote:
> I would recommend against changing the code to do additional calls to
> Class.forName during MBean introspection. As I recall we made the
> opposite change some years ago, both because Class.forName can be slow
> (it may call out to a user ClassLoader) and because it is a potential
> source of security problems.
Thanks. I was trying to dig some history from mercurial but couldn't.
Walking through all the related interfaces is equally acceptable - I've
tried both of the solutions and they test well with the regtests.
I am still puzzled by the current implementation which will fail to
locate the correct MBean interface in eg.
<<CInterface>> extends <<BInterface>> extends <<ServiceMBean>>
ClassA extends Service implements <<CInterface>>
as the process would stop on <<BInterface>> (checks the superclass of
the ClassA, checks all the interfaces implemented by the Service class,
checks all the interfaces extended by <<CInterface>>) which plainly
does not conform to the MBean interface naming convention and would
miss the <<ServiceMBean>> interface.
-JB-
>
> Éamonn
>
>
> 2013/5/29 Jaroslav Bachorik <jaroslav.bachorik at oracle.com
> <mailto:jaroslav.bachorik at oracle.com>>
>
> Updated webrev -
> http://cr.openjdk.java.net/~jbachorik/8010285/webrev.01
>
> It adds regtests and takes care of the comments from David and
> Shanliang.
>
> -JB-
>
> On 05/28/2013 04:22 PM, Jaroslav Bachorik wrote:
> > The fix enforces the management interfaces (read MBean and MXBean
> > interfaces) being public. While this is defined in the
> specification it
> > was not enforced in any way and it was allowed to create MBeans
> for eg.
> > private MBean interfaces.
> >
> > The fix adds checks when creating and registering MBeans and throws
> > javax.management.NotCompliantMBeanException when a user tries to
> create
> > an MBean with non-public management interface.
> >
> > Since this change can cause problems for users having non-public
> > management interfaces a system property is introduced that will
> revert
> > to the old behaviour when set (com.sun.jmx.mbeans.allowNonPublic).
> >
> > Thanks,
> >
> > -JB-
> >
>
>
More information about the serviceability-dev
mailing list