RFR: 8272317: jstatd has dependency on Security Manager which needs to be removed
Kevin Walls
kevinw at openjdk.java.net
Fri Jan 7 20:28:33 UTC 2022
On Wed, 22 Dec 2021 18:14:43 GMT, Kevin Walls <kevinw at openjdk.org> wrote:
> Remove the use of Security Manager from jstatd.
> Add use of an ObjectInputFilter to restrict RMI.
>
> Also we can undo the property-setting Launcher.gmk change from: 8279007: jstatd fails to start because SecurityManager is disabled
> ..as that is no longer needed.
>
> Docs/man page update to follow (JDK-8278619).
Thanks for the comments -
The proxy objects are needed in the filter for this to work at all.
The proxy names/numbers and innner class names/numbers are predictable and stable IF we are using jstatd and jstat as standalone programs.
But they are unstable if there is other relevant activity in the VM process, e.g. a JMX connection comes in before they are created. We should wildcard the proxy names to work in such a situation: com.sun.proxy.jdk.proxy*
I'll mention also that jstatd has always been an experimental feature. The man page warns about lack of authentication and advises usage with caution.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6919
More information about the serviceability-dev
mailing list