RFR: 8272317: jstatd has dependency on Security Manager which needs to be removed

[Kevin Walls]

On Wed, 22 Dec 2021 21:41:13 GMT, Mandy Chung <mchung at openjdk.org> wrote:

>> Remove the use of Security Manager from jstatd.
>> Add use of an ObjectInputFilter to restrict RMI.
>> 
>> Also we can undo the property-setting Launcher.gmk change from: 8279007: jstatd fails to start because SecurityManager is disabled
>> ..as that is no longer needed.
>> 
>> Docs/man page update to follow (JDK-8278619).
>
> src/jdk.jstatd/share/classes/sun/tools/jstatd/Jstatd.java line 51:
> 
>> 49:     private static RemoteHost remoteHost;
>> 50: 
>> 51:     private static final String rmiFilterPattern = "sun.jvmstat.monitor.remote.RemoteVm;com.sun.proxy.jdk.proxy1.$Proxy1;com.sun.proxy.jdk.proxy1.$Proxy2;java.lang.reflect.Proxy;java.rmi.server.RemoteObjectInvocationHandler;java.rmi.server.RemoteObject;!*";
> 
> The class name of the dynamic proxy is generated at runtime and can be different.   As Bernd commented, the proxy classes cannot/should not be listed in the filter pattern.

OK thanks - I was trying the minimal pattern to overcome rejections such as the following, captured in logs on different runs:

<message>ObjectInputFilter REJECTED: class com.sun.proxy.jdk.proxy1.$Proxy1, array length: -1, nRefs: 2, depth: 1, bytes: 84, ex: n/a</message>

<message>ObjectInputFilter REJECTED: class com.sun.proxy.jdk.proxy1.$Proxy2, array length: -1, nRefs: 2, depth: 1, bytes: 84, ex: n/a</message>

-------------

PR: https://git.openjdk.java.net/jdk/pull/6919