RFR: 8272317: jstatd has dependency on Security Manager which needs to be removed

[Stuart Marks]

On Wed, 22 Dec 2021 22:01:00 GMT, Kevin Walls <kevinw at openjdk.org> wrote:

>> src/jdk.jstatd/share/classes/sun/tools/jstatd/Jstatd.java line 51:
>> 
>>> 49:     private static RemoteHost remoteHost;
>>> 50: 
>>> 51:     private static final String rmiFilterPattern = "sun.jvmstat.monitor.remote.RemoteVm;com.sun.proxy.jdk.proxy1.$Proxy1;com.sun.proxy.jdk.proxy1.$Proxy2;java.lang.reflect.Proxy;java.rmi.server.RemoteObjectInvocationHandler;java.rmi.server.RemoteObject;!*";
>> 
>> The class name of the dynamic proxy is generated at runtime and can be different.   As Bernd commented, the proxy classes cannot/should not be listed in the filter pattern.
>
> OK thanks - I was trying the minimal pattern to overcome rejections such as the following, captured in logs on different runs:
> 
> <message>ObjectInputFilter REJECTED: class com.sun.proxy.jdk.proxy1.$Proxy1, array length: -1, nRefs: 2, depth: 1, bytes: 84, ex: n/a</message>
> 
> <message>ObjectInputFilter REJECTED: class com.sun.proxy.jdk.proxy1.$Proxy2, array length: -1, nRefs: 2, depth: 1, bytes: 84, ex: n/a</message>

I think the proxy classes need to be there. The `RemoteHost` API has a parameter of type `RemoteVm` which is a stub to an RMI remote object, which consists of a proxy and a handler. The proxy's interface list is filtered by the serialization filter so somebody can't just pass a proxy for anything.

The name of the proxy class probably does need to be wildcarded though.

-------------

PR: https://git.openjdk.java.net/jdk/pull/6919