RFR: 8283093: JMX connections should default to using an ObjectInputFilter [v3]

[Serguei Spitsyn]

On Wed, 19 Oct 2022 17:54:02 GMT, Kevin Walls <kevinw at openjdk.org> wrote:

>> Set the management.properties  "com.sun.management.jmxremote.serial.filter.pattern" value by default, to restrict types that can be deserialized.
>> 
>> Use the example value from the Core Libraries guide (see section 2. Serialization Filtering / Built-in Filters / Filters for JMX), plus Subject which is needed when using authentication.
>> 
>> The sun/management tests run OK with this change.  The existing test sun/management/jmxremote/startstop/JMXStartStopTest.java will fail if the filter specified is made too restrictive.
>
> Kevin Walls has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Additional test with command-line filter setting.

This looks good to me in general.
But I've posted a couple of questions.
If an RN is needed then it is better to review it before integration.
Thanks,
Serguei

test/jdk/javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java line 309:

> 307:         try {
> 308:             // Add custom filter on command-line.
> 309:             testDefaultAgent(null, "-Dcom.sun.management.jmxremote.serial.filter.pattern=\"java.lang.*;java.math.BigInteger;java.math.BigDecimal;java.util.*;javax.management.openmbean.*;javax.management.ObjectName;java.rmi.MarshalledObject;javax.security.auth.Subject;DefaultAgentFilterTest$MyTestObject;!*\"");

Long line. Can we use string concatenation to break it?

-------------

PR: https://git.openjdk.org/jdk/pull/10507