Mercurial > hg > openjdk > jdk8u > jdk
changeset 13008:f52ece1d8708 jdk8u172-b09
Merge
author | asaha |
---|---|
date | Tue, 06 Mar 2018 20:35:02 +0000 |
parents | 41df444245e3 (current diff) 2212d3291215 (diff) |
children | 5049f9184d0e |
files | .hgtags test/javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java test/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java test/javax/management/remote/mandatory/connection/mgmt1.properties test/javax/management/remote/mandatory/connection/mgmt2.properties |
diffstat | 22 files changed, 347 insertions(+), 746 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgtags Tue Mar 06 20:30:34 2018 +0000 +++ b/.hgtags Tue Mar 06 20:35:02 2018 +0000 @@ -866,6 +866,7 @@ 6cbe2e5989a85f82833191be05ccb531f685d171 jdk8u171-b06 9cf14f22734a057adceff1764b4bb6c71329088b jdk8u171-b07 9a59252d179a2a488e094cd28b58d86edbf454a0 jdk8u171-b08 +4617f1da787289f41d2a7e50d6859d85c005c857 jdk8u171-b09 64df143be721d3ef031d765d86277c1e114d627a jdk8u172-b00 25f7b0cd25cf13106783050fc8e6f4a78487a7bd jdk8u172-b01 db8272cb8c99eea536a66c4c368c4bf2bf013a81 jdk8u172-b02
--- a/src/share/classes/com/sun/jmx/remote/internal/RMIExporter.java Tue Mar 06 20:30:34 2018 +0000 +++ b/src/share/classes/com/sun/jmx/remote/internal/RMIExporter.java Tue Mar 06 20:35:02 2018 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package com.sun.jmx.remote.internal; -import sun.misc.ObjectInputFilter; import java.rmi.NoSuchObjectException; import java.rmi.Remote; import java.rmi.RemoteException; @@ -52,8 +51,7 @@ public Remote exportObject(Remote obj, int port, RMIClientSocketFactory csf, - RMIServerSocketFactory ssf, - ObjectInputFilter filter) + RMIServerSocketFactory ssf) throws RemoteException; public boolean unexportObject(Remote obj, boolean force)
--- a/src/share/classes/com/sun/jmx/remote/util/EnvHelp.java Tue Mar 06 20:30:34 2018 +0000 +++ b/src/share/classes/com/sun/jmx/remote/util/EnvHelp.java Tue Mar 06 20:35:02 2018 +0000 @@ -1,6 +1,6 @@ /* - * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -70,61 +70,6 @@ "jmx.remote.rmi.server.credential.types"; /** - * Name of the attribute that specifies an - * {@link ObjectInputFilter} pattern string to filter classes acceptable - * for {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()} - * remote method call. - * <p> - * The filter pattern must be in same format as used in - * {@link java.io.ObjectInputFilter.Config.createFilter} - * <p> - * This list of classes allowed by filter should correspond to the - * transitive closure of the credentials class (or classes) used by the - * installed {@linkplain JMXAuthenticator} associated with the - * {@linkplain RMIServer} implementation. - * If the attribute is not set then any class is deemed acceptable. - * @see ObjectInputFilter - */ - public static final String CREDENTIALS_FILTER_PATTERN = - "jmx.remote.rmi.server.credentials.filter.pattern"; - - /** - * This attribute defines a pattern from which to create a - * {@link java.io.ObjectInputFilter} that will be used when deserializing - * objects sent to the {@code JMXConnectorServer} by any client. - * <p> - * The filter will be called for any class found in the serialized - * stream sent to server by client, including all JMX defined classes - * (such as {@link javax.management.ObjectName}), all method parameters, - * and, if present in the stream, all classes transitively referred by - * the serial form of any deserialized object. - * The pattern must be in same format as used in - * {@link java.io.ObjectInputFilter.Config.createFilter}. - * It may define a white list of permitted classes, a black list of - * rejected classes, a maximum depth for the deserialized objects, - * etc. - * <p> - * To be functional, the filter should allow at least all the - * concrete types in the transitive closure of all objects that - * might get serialized when serializing all JMX classes referred - * as parameters in the {@link - * javax.management.remote.rmi.RMIConnection} interface, - * plus all classes that a {@link javax.management.remote.rmi.RMIConnectorClient} - * might need to transmit wrapped in {@linkplain java.rmi.MarshalledObject - * marshalled objects} in order to interoperate with the MBeans registered - * in the {@code MBeanServer}. That would potentially include all the - * concrete {@linkplain javax.management.openmbean JMX OpenTypes} and the - * classes they use in their serial form. - * <p> - * Care must be taken when defining such a filter, as defining - * a white list too restrictive or a too wide a black list may - * prevent legitimate clients from interoperating with the - * {@code JMXConnectorServer}. - */ - public static final String SERIAL_FILTER_PATTERN = - "jmx.remote.rmi.server.serial.filter.pattern"; - - /** * <p>Name of the attribute that specifies a default class loader * object. * The value associated with this attribute is a ClassLoader object</p>
--- a/src/share/classes/java/io/ObjectInputStream.java Tue Mar 06 20:30:34 2018 +0000 +++ b/src/share/classes/java/io/ObjectInputStream.java Tue Mar 06 20:35:02 2018 +0000 @@ -45,6 +45,8 @@ import sun.misc.SharedSecrets; import sun.misc.ObjectInputFilter; +import sun.misc.ObjectStreamClassValidator; +import sun.misc.SharedSecrets; import sun.reflect.misc.ReflectUtil; import sun.misc.JavaOISAccess; import sun.util.logging.PlatformLogger; @@ -262,8 +264,6 @@ }; sun.misc.SharedSecrets.setJavaOISAccess(javaOISAccess); - - sun.corba.SharedSecrets.setJavaOISAccess(javaOISAccess); } /* @@ -1752,6 +1752,9 @@ throw new StreamCorruptedException( String.format("invalid type code: %02X", tc)); } + if (descriptor != null) { + validateDescriptor(descriptor); + } return descriptor; } @@ -3897,4 +3900,21 @@ throw new AssertionError(); } } + + private void validateDescriptor(ObjectStreamClass descriptor) { + ObjectStreamClassValidator validating = validator; + if (validating != null) { + validating.validateDescriptor(descriptor); + } + } + + // controlled access to ObjectStreamClassValidator + private volatile ObjectStreamClassValidator validator; + + private static void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator) { + ois.validator = validator; + } + static { + SharedSecrets.setJavaObjectInputStreamAccess(ObjectInputStream::setValidator); + } }
--- a/src/share/classes/javax/management/remote/rmi/RMIConnectorServer.java Tue Mar 06 20:30:34 2018 +0000 +++ b/src/share/classes/javax/management/remote/rmi/RMIConnectorServer.java Tue Mar 06 20:35:02 2018 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,7 +33,6 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; -import sun.misc.ObjectInputFilter; import java.io.ObjectOutputStream; import java.net.MalformedURLException; import java.rmi.server.RMIClientSocketFactory;
--- a/src/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java Tue Mar 06 20:30:34 2018 +0000 +++ b/src/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java Tue Mar 06 20:35:02 2018 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,7 +26,6 @@ package javax.management.remote.rmi; import java.io.IOException; -import sun.misc.ObjectInputFilter; import java.rmi.NoSuchObjectException; import java.rmi.Remote; import java.rmi.RemoteException; @@ -48,11 +47,6 @@ import sun.rmi.server.DeserializationChecker; import sun.rmi.server.UnicastServerRef; import sun.rmi.server.UnicastServerRef2; -import java.util.Arrays; -import java.util.Set; -import java.util.stream.Collectors; -import sun.rmi.transport.LiveRef; - /** * <p>An {@link RMIServer} object that is exported through JRMP and that @@ -65,6 +59,8 @@ */ public class RMIJRMPServerImpl extends RMIServerImpl { + private final ExportedWrapper exportedWrapper; + /** * <p>Creates a new {@link RMIServer} object that will be exported * on the given port using the given socket factories.</p> @@ -105,37 +101,31 @@ String[] credentialsTypes = (String[]) this.env.get(EnvHelp.CREDENTIAL_TYPES); - - String credentialsFilter - = (String) this.env.get(EnvHelp.CREDENTIALS_FILTER_PATTERN); - - if(credentialsFilter != null){ - cFilter = ObjectInputFilter.Config.createFilter(credentialsFilter); - allowedTypes = null; + List<String> types = null; + if (credentialsTypes != null) { + types = new ArrayList<>(); + for (String type : credentialsTypes) { + if (type == null) { + throw new IllegalArgumentException("A credential type is null."); + } + ReflectUtil.checkPackageAccess(type); + types.add(type); + } } - else if (credentialsTypes != null) { - allowedTypes = Arrays.stream(credentialsTypes).filter( - s -> s!= null).collect(Collectors.toSet()); - allowedTypes.stream().forEach(ReflectUtil::checkPackageAccess); - cFilter = this::newClientCheckInput; - } else { - allowedTypes = null; - cFilter = null; - } - - String userJmxFilter = - (String) this.env.get(EnvHelp.SERIAL_FILTER_PATTERN); - if(userJmxFilter != null && !userJmxFilter.isEmpty()) - jmxRmiFilter = ObjectInputFilter.Config.createFilter(userJmxFilter); - else - jmxRmiFilter = null; + exportedWrapper = types != null ? + new ExportedWrapper(this, types) : + null; } protected void export() throws IOException { - export(this, cFilter); + if (exportedWrapper != null) { + export(exportedWrapper); + } else { + export(this); + } } - private void export(Remote obj, ObjectInputFilter typeFilter) throws RemoteException { + private void export(Remote obj) throws RemoteException { final RMIExporter exporter = (RMIExporter) env.get(RMIExporter.EXPORTER_ATTRIBUTE); final boolean daemon = EnvHelp.isServerDaemon(env); @@ -146,14 +136,16 @@ " cannot be used to specify an exporter!"); } - if (exporter != null) { - exporter.exportObject(obj, port, csf, ssf, typeFilter); - } else { + if (daemon) { if (csf == null && ssf == null) { - new UnicastServerRef(new LiveRef(port), typeFilter).exportObject(obj, null, daemon); + new UnicastServerRef(port).exportObject(obj, null, true); } else { - new UnicastServerRef2(port, csf, ssf, typeFilter).exportObject(obj, null, daemon); + new UnicastServerRef2(port, csf, ssf).exportObject(obj, null, true); } + } else if (exporter != null) { + exporter.exportObject(obj, port, csf, ssf); + } else { + UnicastRemoteObject.exportObject(obj, port, csf, ssf); } } @@ -180,7 +172,11 @@ * RMIJRMPServerImpl has not been exported yet. */ public Remote toStub() throws IOException { - return RemoteObject.toStub(this); + if (exportedWrapper != null) { + return RemoteObject.toStub(exportedWrapper); + } else { + return RemoteObject.toStub(this); + } } /** @@ -210,7 +206,7 @@ RMIConnection client = new RMIConnectionImpl(this, connectionId, getDefaultClassLoader(), subject, env); - export(client, jmxRmiFilter); + export(client); return client; } @@ -227,38 +223,56 @@ * server failed. */ protected void closeServer() throws IOException { - unexport(this, true); + if (exportedWrapper != null) { + unexport(exportedWrapper, true); + } else { + unexport(this, true); + } } - /** - * Check that a type in the remote invocation of {@link RMIServerImpl#newClient} - * is one of the {@code allowedTypes}. - * - * @param clazz the class; may be null - * @param size the size for arrays, otherwise is 0 - * @param nObjectRefs the current number of object references - * @param depth the current depth - * @param streamBytes the current number of bytes consumed - * @return {@code ObjectInputFilter.Status.ALLOWED} if the class is allowed, - * otherwise {@code ObjectInputFilter.Status.REJECTED} - */ - ObjectInputFilter.Status newClientCheckInput(ObjectInputFilter.FilterInfo filterInfo) { - ObjectInputFilter.Status status = ObjectInputFilter.Status.UNDECIDED; - if (allowedTypes != null && filterInfo.serialClass() != null) { - // If enabled, check type - String type = filterInfo.serialClass().getName(); - if (allowedTypes.contains(type)) - status = ObjectInputFilter.Status.ALLOWED; - else - status = ObjectInputFilter.Status.REJECTED; - } - return status; - } private final int port; private final RMIClientSocketFactory csf; private final RMIServerSocketFactory ssf; private final Map<String, ?> env; - private final Set<String> allowedTypes; - private final ObjectInputFilter jmxRmiFilter; - private final ObjectInputFilter cFilter; + + private static class ExportedWrapper implements RMIServer, DeserializationChecker { + private final RMIServer impl; + private final List<String> allowedTypes; + private ExportedWrapper(RMIServer impl, List<String> credentialsTypes) { + this.impl = impl; + allowedTypes = credentialsTypes; + } + + @Override + public String getVersion() throws RemoteException { + return impl.getVersion(); + } + + @Override + public RMIConnection newClient(Object credentials) throws IOException { + return impl.newClient(credentials); + } + + @Override + public void check(Method method, ObjectStreamClass descriptor, + int paramIndex, int callID) { + + String type = descriptor.getName(); + if (!allowedTypes.contains(type)) { + throw new ClassCastException("Unsupported type: " + type); + } + } + + @Override + public void checkProxyClass(Method method, String[] ifaces, + int paramIndex, int callID) { + if (ifaces != null && ifaces.length > 0) { + for (String iface : ifaces) { + if (!allowedTypes.contains(iface)) { + throw new ClassCastException("Unsupported type: " + iface); + } + } + } + } + } }
--- a/src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java Tue Mar 06 20:30:34 2018 +0000 +++ b/src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java Tue Mar 06 20:35:02 2018 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,7 +30,7 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; -import sun.misc.ObjectInputFilter; +import java.io.Serializable; import java.lang.management.ManagementFactory; import java.net.InetAddress; import java.net.MalformedURLException; @@ -43,6 +43,7 @@ import java.rmi.registry.Registry; import java.rmi.server.RMIClientSocketFactory; import java.rmi.server.RMIServerSocketFactory; +import java.rmi.server.RMISocketFactory; import java.rmi.server.RemoteObject; import java.rmi.server.UnicastRemoteObject; import java.security.KeyStore; @@ -82,7 +83,6 @@ import sun.rmi.server.UnicastRef; import sun.rmi.server.UnicastServerRef; import sun.rmi.server.UnicastServerRef2; -import sun.rmi.transport.LiveRef; /** * This class initializes and starts the RMIConnectorServer for JSR 163 @@ -141,8 +141,6 @@ "com.sun.management.jmxremote.ssl.need.client.auth"; public static final String SSL_CONFIG_FILE_NAME = "com.sun.management.jmxremote.ssl.config.file"; - public static final String SERIAL_FILTER_PATTERN = - "com.sun.management.jmxremote.serial.filter.pattern"; } /** @@ -183,8 +181,7 @@ public Remote exportObject(Remote obj, int port, RMIClientSocketFactory csf, - RMIServerSocketFactory ssf, - ObjectInputFilter filter) + RMIServerSocketFactory ssf) throws RemoteException { synchronized (this) { @@ -195,9 +192,9 @@ final UnicastServerRef ref; if (csf == null && ssf == null) { - ref = new UnicastServerRef(new LiveRef(port), filter); + ref = new UnicastServerRef(port); } else { - ref = new UnicastServerRef2(port, csf, ssf, filter); + ref = new UnicastServerRef2(port, csf, ssf); } return ref.exportObject(obj, null, true); } @@ -437,7 +434,6 @@ final String bindAddress = props.getProperty(PropertyNames.HOST); - final String jmxRmiFilter = props.getProperty(PropertyNames.SERIAL_FILTER_PATTERN); if (log.debugOn()) { log.debug("startRemoteConnectorServer", @@ -474,7 +470,7 @@ sslConfigFileName, enabledCipherSuitesList, enabledProtocolsList, sslNeedClientAuth, useAuthentication, loginConfigName, - passwordFileName, accessFileName, bindAddress, jmxRmiFilter); + passwordFileName, accessFileName, bindAddress); cs = data.jmxConnectorServer; url = data.jmxRemoteURL; log.config("startRemoteConnectorServer", @@ -514,7 +510,9 @@ // This RMI server should not keep the VM alive Map<String, Object> env = new HashMap<>(); env.put(RMIExporter.EXPORTER_ATTRIBUTE, new PermanentExporter()); - env.put(EnvHelp.CREDENTIALS_FILTER_PATTERN, String.class.getName() + ";!*"); + env.put(EnvHelp.CREDENTIAL_TYPES, new String[]{ + String[].class.getName(), String.class.getName() + }); // The local connector server need only be available via the // loopback connection. @@ -730,8 +728,7 @@ String loginConfigName, String passwordFileName, String accessFileName, - String bindAddress, - String jmxRmiFilter) + String bindAddress) throws IOException, MalformedURLException { /* Make sure we use non-guessable RMI object IDs. Otherwise @@ -746,11 +743,9 @@ PermanentExporter exporter = new PermanentExporter(); env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter); - env.put(EnvHelp.CREDENTIALS_FILTER_PATTERN, String.class.getName() + ";!*"); - - if(jmxRmiFilter != null && !jmxRmiFilter.isEmpty()) { - env.put(EnvHelp.SERIAL_FILTER_PATTERN, jmxRmiFilter); - } + env.put(EnvHelp.CREDENTIAL_TYPES, new String[]{ + String[].class.getName(), String.class.getName() + }); boolean useSocketFactory = bindAddress != null && !useSsl;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/misc/JavaObjectInputStreamAccess.java Tue Mar 06 20:35:02 2018 +0000 @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.misc; + +import java.io.ObjectInputStream; + +/** + * The interface to specify methods for accessing {@code ObjectInputStream} + * @author sjiang + */ +public interface JavaObjectInputStreamAccess { + /** + * Sets a descriptor validating. + * @param ois stream to have the descriptors validated + * @param validator validator used to validate a descriptor. + */ + public void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator); +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/misc/ObjectStreamClassValidator.java Tue Mar 06 20:35:02 2018 +0000 @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.misc; + +import java.io.ObjectStreamClass; + +/** + * A callback used by {@code ObjectInputStream} to do descriptor validation. + * + * @author sjiang + */ +public interface ObjectStreamClassValidator { + /** + * This method will be called by ObjectInputStream to + * check a descriptor just before creating an object described by this descriptor. + * The object will not be created if this method throws a {@code RuntimeException}. + * @param descriptor descriptor to be checked. + */ + public void validateDescriptor(ObjectStreamClass descriptor); +}
--- a/src/share/classes/sun/misc/SharedSecrets.java Tue Mar 06 20:30:34 2018 +0000 +++ b/src/share/classes/sun/misc/SharedSecrets.java Tue Mar 06 20:35:02 2018 +0000 @@ -59,6 +59,7 @@ private static JavaAWTAccess javaAWTAccess; private static JavaOISAccess javaOISAccess; private static JavaxCryptoSealedObjectAccess javaxCryptoSealedObjectAccess; + private static JavaObjectInputStreamAccess javaObjectInputStreamAccess; public static JavaUtilJarAccess javaUtilJarAccess() { if (javaUtilJarAccess == null) { @@ -201,6 +202,18 @@ return javaAWTAccess; } + + public static JavaObjectInputStreamAccess getJavaObjectInputStreamAccess() { + if (javaObjectInputStreamAccess == null) { + unsafe.ensureClassInitialized(ObjectInputStream.class); + } + return javaObjectInputStreamAccess; + } + + public static void setJavaObjectInputStreamAccess(JavaObjectInputStreamAccess access) { + javaObjectInputStreamAccess = access; + } + public static void setJavaxCryptoSealedObjectAccess(JavaxCryptoSealedObjectAccess jcsoa) { javaxCryptoSealedObjectAccess = jcsoa; }
--- a/src/share/classes/sun/rmi/server/MarshalInputStream.java Tue Mar 06 20:30:34 2018 +0000 +++ b/src/share/classes/sun/rmi/server/MarshalInputStream.java Tue Mar 06 20:35:02 2018 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,6 +34,8 @@ import java.security.AccessControlException; import java.security.Permission; import java.rmi.server.RMIClassLoader; +import sun.misc.ObjectStreamClassValidator; +import sun.misc.SharedSecrets; /** * MarshalInputStream is an extension of ObjectInputStream. When resolving @@ -51,6 +53,11 @@ * @author Peter Jones */ public class MarshalInputStream extends ObjectInputStream { + interface StreamChecker extends ObjectStreamClassValidator { + void checkProxyInterfaceNames(String[] ifaces); + } + + private volatile StreamChecker streamChecker = null; /** * Value of "java.rmi.server.useCodebaseOnly" property, @@ -237,6 +244,11 @@ protected Class<?> resolveProxyClass(String[] interfaces) throws IOException, ClassNotFoundException { + StreamChecker checker = streamChecker; + if (checker != null) { + checker.checkProxyInterfaceNames(interfaces); + } + /* * Always read annotation written by MarshalOutputStream. */ @@ -318,4 +330,28 @@ void useCodebaseOnly() { useCodebaseOnly = true; } + + synchronized void setStreamChecker(StreamChecker checker) { + streamChecker = checker; + SharedSecrets.getJavaObjectInputStreamAccess().setValidator(this, checker); + } + @Override + protected ObjectStreamClass readClassDescriptor() throws IOException, + ClassNotFoundException { + ObjectStreamClass descriptor = super.readClassDescriptor(); + + validateDesc(descriptor); + + return descriptor; + } + + private void validateDesc(ObjectStreamClass descriptor) { + StreamChecker checker; + synchronized (this) { + checker = streamChecker; + } + if (checker != null) { + checker.validateDescriptor(descriptor); + } + } }
--- a/src/share/classes/sun/rmi/server/UnicastServerRef.java Tue Mar 06 20:30:34 2018 +0000 +++ b/src/share/classes/sun/rmi/server/UnicastServerRef.java Tue Mar 06 20:35:02 2018 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,7 @@ import java.io.ObjectInput; import java.io.ObjectInputStream; import java.io.ObjectOutput; +import java.io.ObjectStreamClass; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.rmi.AccessException; @@ -331,15 +332,10 @@ logCall(obj, method); // unmarshal parameters - Class<?>[] types = method.getParameterTypes(); - Object[] params = new Object[types.length]; - + Object[] params = null; try { unmarshalCustomCallData(in); - // Unmarshal the parameters - for (int i = 0; i < types.length; i++) { - params[i] = unmarshalValue(types[i], in); - } + params = unmarshalParameters(obj, method, marshalStream); } catch (AccessException aex) { // For compatibility, AccessException is not wrapped in UnmarshalException @@ -609,4 +605,84 @@ } } + /** + * Unmarshal parameters for the given method of the given instance over + * the given marshalinputstream. Perform any necessary checks. + */ + private Object[] unmarshalParameters(Object obj, Method method, MarshalInputStream in) + throws IOException, ClassNotFoundException { + return (obj instanceof DeserializationChecker) ? + unmarshalParametersChecked((DeserializationChecker)obj, method, in) : + unmarshalParametersUnchecked(method, in); + } + + /** + * Unmarshal parameters for the given method of the given instance over + * the given marshalinputstream. Do not perform any additional checks. + */ + private Object[] unmarshalParametersUnchecked(Method method, ObjectInput in) + throws IOException, ClassNotFoundException { + Class<?>[] types = method.getParameterTypes(); + Object[] params = new Object[types.length]; + for (int i = 0; i < types.length; i++) { + params[i] = unmarshalValue(types[i], in); + } + return params; + } + + /** + * Unmarshal parameters for the given method of the given instance over + * the given marshalinputstream. Do perform all additional checks. + */ + private Object[] unmarshalParametersChecked( + DeserializationChecker checker, + Method method, MarshalInputStream in) + throws IOException, ClassNotFoundException { + int callID = methodCallIDCount.getAndIncrement(); + MyChecker myChecker = new MyChecker(checker, method, callID); + in.setStreamChecker(myChecker); + try { + Class<?>[] types = method.getParameterTypes(); + Object[] values = new Object[types.length]; + for (int i = 0; i < types.length; i++) { + myChecker.setIndex(i); + values[i] = unmarshalValue(types[i], in); + } + myChecker.end(callID); + return values; + } finally { + in.setStreamChecker(null); + } + } + + private static class MyChecker implements MarshalInputStream.StreamChecker { + private final DeserializationChecker descriptorCheck; + private final Method method; + private final int callID; + private int parameterIndex; + + MyChecker(DeserializationChecker descriptorCheck, Method method, int callID) { + this.descriptorCheck = descriptorCheck; + this.method = method; + this.callID = callID; + } + + @Override + public void validateDescriptor(ObjectStreamClass descriptor) { + descriptorCheck.check(method, descriptor, parameterIndex, callID); + } + + @Override + public void checkProxyInterfaceNames(String[] ifaces) { + descriptorCheck.checkProxyClass(method, ifaces, parameterIndex, callID); + } + + void setIndex(int parameterIndex) { + this.parameterIndex = parameterIndex; + } + + void end(int callId) { + descriptorCheck.end(callId); + } + } }
--- a/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java Tue Mar 06 20:30:34 2018 +0000 +++ b/src/share/classes/sun/rmi/transport/tcp/TCPTransport.java Tue Mar 06 20:35:02 2018 +0000 @@ -121,7 +121,7 @@ private static final boolean disableIncomingHttp = java.security.AccessController.doPrivileged( - new GetPropertyAction("java.rmi.server.disableIncomingHttp", "true")) + new GetPropertyAction("sun.rmi.server.disableIncomingHttp", "true")) .equalsIgnoreCase("true"); /** total connections handled */
--- a/src/share/lib/management/management.properties Tue Mar 06 20:30:34 2018 +0000 +++ b/src/share/lib/management/management.properties Tue Mar 06 20:35:02 2018 +0000 @@ -329,38 +329,3 @@ # The format of the value for that property is any string accepted # by java.net.InetAddress.getByName(String). # - -# ################ Filter for ObjectInputStream ############################# -# com.sun.management.jmxremote.serial.filter.pattern=<filter-string> -# A filter, if configured, is used by java.io.ObjectInputStream during -# deserialization of parameters sent to the JMX default agent to validate the -# contents of the stream. -# A filter is configured as a sequence of patterns, each pattern is either -# matched against the name of a class in the stream or defines a limit. -# Patterns are separated by ";" (semicolon). -# Whitespace is significant and is considered part of the pattern. -# -# If a pattern includes a "=", it sets a limit. -# If a limit appears more than once the last value is used. -# Limits are checked before classes regardless of the order in the sequence of patterns. -# If any of the limits are exceeded, the filter status is REJECTED. -# -# maxdepth=value - the maximum depth of a graph -# maxrefs=value - the maximum number of internal references -# maxbytes=value - the maximum number of bytes in the input stream -# maxarray=value - the maximum array length allowed -# -# Other patterns, from left to right, match the class or package name as -# returned from Class.getName. -# If the class is an array type, the class or package to be matched is the element type. -# Arrays of any number of dimensions are treated the same as the element type. -# For example, a pattern of "!example.Foo", rejects creation of any instance or -# array of example.Foo. -# -# If the pattern starts with "!", the status is REJECTED if the remaining pattern -# is matched; otherwise the status is ALLOWED if the pattern matches. -# If the pattern ends with ".**" it matches any class in the package and all subpackages. -# If the pattern ends with ".*" it matches any class in the package. -# If the pattern ends with "*", it matches any class with the pattern as a prefix. -# If the pattern is equal to the class name, it matches. -# Otherwise, the status is UNDECIDED.
--- a/test/javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java Tue Mar 06 20:30:34 2018 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,327 +0,0 @@ -/* - * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - - /* - * @test - * @bug 8159377 - * @library /lib/testlibrary - * @summary Tests ObjectFilter on default agent - * @author Harsha Wardhana B - * @build jdk.testlibrary.* DefaultAgentFilterTest - * @run main/othervm/timeout=600 -XX:+UsePerfData DefaultAgentFilterTest - */ -import java.io.EOFException; -import java.io.File; -import java.io.IOException; -import java.io.InvalidClassException; -import java.io.Serializable; -import java.lang.reflect.InvocationTargetException; -import java.net.BindException; -import java.rmi.UnmarshalException; -import java.rmi.registry.LocateRegistry; -import java.rmi.registry.Registry; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.concurrent.atomic.AtomicBoolean; -import javax.management.MBeanServerConnection; -import javax.management.ObjectName; -import javax.management.remote.JMXConnector; -import javax.management.remote.JMXConnectorFactory; -import javax.management.remote.JMXServiceURL; -import java.util.concurrent.TimeUnit; - -import jdk.testlibrary.ProcessTools; -import jdk.testlibrary.Utils; - -public class DefaultAgentFilterTest { - - public static class MyTestObject implements Serializable { - - String a; - int id; - } - - public interface TestMBean { - - public void op1(HashSet<Object> params); - - public void op2(String s, HashSet<String> params); - - public void op3(MyTestObject obj, String s, HashMap<String, String> param); - } - - public static class Test implements TestMBean { - - @Override - public void op1(HashSet<Object> params) { - System.out.println("Invoked op1"); - } - - @Override - public void op2(String s, HashSet<String> params) { - System.out.println("Invoked op2"); - } - - @Override - public void op3(MyTestObject obj, String s, HashMap<String, String> param) { - System.out.println("Invoked op3"); - } - } - - private static class TestAppRun implements AutoCloseable { - - private Process p; - private final ProcessBuilder pb; - private final String name; - private final AtomicBoolean started = new AtomicBoolean(false); - - public TestAppRun(ProcessBuilder pb, String name) { - this.pb = pb; - this.name = name; - } - - public synchronized void start() throws Exception { - if (started.compareAndSet(false, true)) { - try { - AtomicBoolean error = new AtomicBoolean(false); - AtomicBoolean bindError = new AtomicBoolean(false); - p = ProcessTools.startProcess( - TEST_APP_NAME + "{" + name + "}", - pb, - (line) -> { - if (line.toLowerCase().contains("exception") - || line.toLowerCase().contains("error")) { - error.set(true); - } - bindError.set(line.toLowerCase().contains("bindexception")); - return true; - }, 10, TimeUnit.SECONDS); - if (bindError.get()) { - throw new BindException("Process could not be started"); - } else if (error.get()) { - throw new RuntimeException(); - } - } catch (Exception ex) { - if (p != null) { - p.destroy(); - p.waitFor(); - } - throw ex; - } - } - } - - public synchronized void stop() - throws IOException, InterruptedException { - if (started.compareAndSet(true, false)) { - p.getOutputStream().write(0); - p.getOutputStream().flush(); - int ec = p.waitFor(); - if (ec != 0) { - StringBuilder msg = new StringBuilder(); - msg.append("Test application '").append(name); - msg.append("' failed with exit code: "); - msg.append(ec); - System.err.println(msg); - } - } - } - - @Override - public void close() throws Exception { - stop(); - } - } - - private static final String TEST_APP_NAME = "TestApp"; - - private static void testDefaultAgent(String propertyFile) throws Exception { - int port = Utils.getFreePort(); - String propFile = System.getProperty("test.src") + File.separator + propertyFile; - List<String> pbArgs = new ArrayList<>(Arrays.asList( - "-cp", - System.getProperty("test.class.path"), - "-XX:+UsePerfData" - )); - String[] args = new String[]{ - "-Dcom.sun.management.jmxremote.port=" + port, - "-Dcom.sun.management.jmxremote.authenticate=false", - "-Dcom.sun.management.jmxremote.ssl=false", - "-Dcom.sun.management.config.file=" + propFile - }; - pbArgs.addAll(Arrays.asList(args)); - pbArgs.add(TEST_APP_NAME); - - ProcessBuilder pb = ProcessTools.createJavaProcessBuilder( - pbArgs.toArray(new String[pbArgs.size()]) - ); - - try (TestAppRun s = new TestAppRun(pb, DefaultAgentFilterTest.class.getSimpleName())) { - s.start(); - JMXServiceURL url = testConnect(port); - testMBeanOperations(url); - } - } - - private static JMXServiceURL testConnect(int port) throws Exception { - EOFException lastException = null; - JMXServiceURL url = null; - // factor adjusted timeout (5 seconds) for the RMI to become available - long timeout = System.currentTimeMillis() + Utils.adjustTimeout(5000); - do { - lastException = null; - try { - Registry registry = LocateRegistry.getRegistry(port); - String[] relist = registry.list(); - for (int i = 0; i < relist.length; ++i) { - System.out.println("Got registry: " + relist[i]); - } - String jmxUrlStr = String.format( - "service:jmx:rmi:///jndi/rmi://localhost:%d/jmxrmi", - port); - url = new JMXServiceURL(jmxUrlStr); - - try (JMXConnector c = JMXConnectorFactory.connect(url, null)) { - MBeanServerConnection conn = c.getMBeanServerConnection(); - ObjectName name = new ObjectName("jtreg:type=Test"); - conn.createMBean(Test.class.getName(), name); - } - } catch (Exception ex) { - if (ex instanceof EOFException) { - lastException = (EOFException) ex; - System.out.println("Error establishing RMI connection. Retrying in 500ms."); - Thread.sleep(500); - } else { - throw ex; - } - } - } while (lastException != null && System.currentTimeMillis() < timeout); - if (lastException != null) { - throw lastException; - } - return url; - } - - public static void main(String[] args) throws Exception { - System.out.println("---" + DefaultAgentFilterTest.class.getName() + "-main: starting ..."); - - boolean retry = false; - do { - try { - // blacklist String - testDefaultAgent("mgmt1.properties"); - System.out.println("----\tTest FAILED !!"); - throw new RuntimeException("---" + DefaultAgentFilterTest.class.getName() + " - No exception reported"); - } catch (Exception ex) { - if (ex instanceof InvocationTargetException) { - if (ex.getCause() instanceof BindException - || ex.getCause() instanceof java.rmi.ConnectException) { - System.out.println("Failed to allocate ports. Retrying ..."); - retry = true; - } - } else if (ex instanceof InvalidClassException) { - System.out.println("----\tTest PASSED !!"); - } else if (ex instanceof UnmarshalException - && ((UnmarshalException) ex).getCause() instanceof InvalidClassException) { - System.out.println("----\tTest PASSED !!"); - } else { - System.out.println(ex); - System.out.println("----\tTest FAILED !!"); - throw ex; - } - } - } while (retry); - retry = false; - do { - try { - // blacklist non-existent class - testDefaultAgent("mgmt2.properties"); - System.out.println("----\tTest PASSED !!"); - } catch (Exception ex) { - if (ex instanceof InvocationTargetException) { - if (ex.getCause() instanceof BindException - || ex.getCause() instanceof java.rmi.ConnectException) { - System.out.println("Failed to allocate ports. Retrying ..."); - retry = true; - } - } else { - System.out.println(ex); - System.out.println("----\tTest FAILED !!"); - throw ex; - } - } - } while (retry); - - System.out.println("---" + DefaultAgentFilterTest.class.getName() + "-main: finished ..."); - } - - private static void testMBeanOperations(JMXServiceURL serverUrl) throws Exception { - Map<String, Object> clientEnv = new HashMap<>(1); - ObjectName name = new ObjectName("jtreg:type=Test"); - try (JMXConnector client = JMXConnectorFactory.connect(serverUrl, clientEnv)) { - MBeanServerConnection conn = client.getMBeanServerConnection(); - - HashSet<String> set = new HashSet<>(); - set.add("test1"); - set.add("test2"); - - String a = "A"; - - Object[] params1 = {set}; - String[] sig1 = {HashSet.class.getName()}; - conn.invoke(name, "op1", params1, sig1); - - Object[] params2 = {a, set}; - String[] sig2 = {String.class.getName(), HashSet.class.getName()}; - conn.invoke(name, "op2", params2, sig2); - - HashMap<String, String> map = new HashMap<>(); - map.put("a", "A"); - map.put("b", "B"); - - Object[] params3 = {new MyTestObject(), a, map}; - String[] sig3 = {MyTestObject.class.getName(), String.class.getName(), - HashMap.class.getName()}; - conn.invoke(name, "op3", params3, sig3); - } - } -} - -class TestApp { - - private static void doSomething() throws IOException { - int r = System.in.read(); - System.out.println("read: " + r); - } - - public static void main(String args[]) throws Exception { - System.out.println("main enter"); - System.out.flush(); - doSomething(); - System.out.println("main exit"); - } -}
--- a/test/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java Tue Mar 06 20:30:34 2018 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,146 +0,0 @@ -/* - * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - - /* - * @test - * @bug 8159377 - * @summary Tests ObjectInputFilter on RMIServer.newClient - * @author Harsha Wardhana B - * @run clean NewRMIClientFilterTest - * @run build NewRMIClientFilterTest - * @run main NewRMIClientFilterTest - */ -import java.io.InvalidClassException; -import java.io.Serializable; -import java.lang.management.ManagementFactory; -import java.util.HashMap; -import java.util.Map; -import javax.management.remote.JMXConnector; -import javax.management.remote.JMXConnectorFactory; -import javax.management.remote.JMXConnectorServer; -import javax.management.remote.JMXConnectorServerFactory; -import javax.management.remote.JMXServiceURL; -import com.sun.jmx.remote.util.EnvHelp; - -public class NewRMIClientFilterTest { - - public static void main(String[] args) throws Exception { - System.out.println("---NewRMIClientFilterTest-main: starting ..."); - String filter1 = java.lang.String.class.getName() + ";!*"; - String filter2 = java.lang.String.class.getName() + ";" + MyCredentials.class.getName() + ";!*"; - - JMXServiceURL url = new JMXServiceURL("rmi", null, 0); - JMXServiceURL serverUrl = null; - Map<String, Object> env = new HashMap<>(1); - JMXConnectorServer server = null; - - System.out.println("\n---NewRMIClientFilterTest-main: testing types = null"); - server = newServer(url, null); - serverUrl = server.getAddress(); - doTest(serverUrl, null); - doTest(serverUrl, new String[]{"toto", "titi"}); - doTest(serverUrl, new Object[]{new MyCredentials(), "toto"}); - server.stop(); - - System.out.println("\n---NewRMIClientFilterTest-main: testing types = String[]"); - env.put(EnvHelp.CREDENTIALS_FILTER_PATTERN, - filter1); - server = newServer(url, env); - serverUrl = server.getAddress(); - doTest(serverUrl, null); - doTest(serverUrl, new String[]{"toto", "titi"}); - try { - doTest(serverUrl, new MyCredentials()); - throw new Error("Bad client is not refused!"); - } catch (Exception e) { - isInvalidClassEx(e); - } finally { - server.stop(); - } - - System.out.println("\n---NewRMIClientFilterTest-main: testing user specific types = String, MyCredentials"); - env.put(EnvHelp.CREDENTIALS_FILTER_PATTERN, - filter2); - server = newServer(url, env); - serverUrl = server.getAddress(); - doTest(serverUrl, null); - doTest(serverUrl, new String[]{"toto", "titi"}); - doTest(serverUrl, new MyCredentials[]{new MyCredentials(), (MyCredentials) null}); - try { - doTest(serverUrl, new Object[]{"toto", new byte[3]}); - throw new Error("Bad client is not refused!"); - } catch (Exception e) { - isInvalidClassEx(e); - } finally { - server.stop(); - } - - System.out.println("---NewRMIClientFilterTest-main PASSED!!!"); - } - - private static void doTest(JMXServiceURL serverAddr, Object credentials) throws Exception { - System.out.println("---NewRMIClientFilterTest-test:\n\tserver address: " - + serverAddr + "\n\tcredentials: " + credentials); - - Map<String, Object> env = new HashMap<>(1); - env.put("jmx.remote.credentials", credentials); - JMXConnector client = null; - try { - client = JMXConnectorFactory.connect(serverAddr, env); - client.getMBeanServerConnection().getDefaultDomain(); - } finally { - try { - client.close(); - } catch (Exception e) { - } - } - System.out.println("---NewRMIClientFilterTest-test: PASSED!"); - } - - private static JMXConnectorServer newServer(JMXServiceURL url, Map<String, Object> env) - throws Exception { - JMXConnectorServer server = JMXConnectorServerFactory.newJMXConnectorServer( - url, - env, - ManagementFactory.getPlatformMBeanServer()); - - server.start(); - return server; - } - - private static class MyCredentials implements Serializable { - } - - private static void isInvalidClassEx(Exception e) { - Throwable cause = e; - while (cause != null) { - if (cause instanceof InvalidClassException) { - System.out.println("---NewRMIClientFilterTest-InvalidClassException expected: " + cause); - return; - } - cause = cause.getCause(); - } - e.printStackTrace(); - throw new RuntimeException("Did not get expected InvalidClassException!"); - } -}
--- a/test/javax/management/remote/mandatory/connection/mgmt1.properties Tue Mar 06 20:30:34 2018 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,34 +0,0 @@ -# ################ Filter for ObjectInputStream ############################# -com.sun.management.jmxremote.serial.filter.pattern=!DefaultAgentFilterTest$MyTestObject -# A filter, if configured, is used by java.io.ObjectInputStream during -# deserialization of parameters sent to the JMX default agent to validate the -# contents of the stream. -# A filter is configured as a sequence of patterns, each pattern is either -# matched against the name of a class in the stream or defines a limit. -# Patterns are separated by ";" (semicolon). -# Whitespace is significant and is considered part of the pattern. -# -# If a pattern includes a "=", it sets a limit. -# If a limit appears more than once the last value is used. -# Limits are checked before classes regardless of the order in the sequence of patterns. -# If any of the limits are exceeded, the filter status is REJECTED. -# -# maxdepth=value - the maximum depth of a graph -# maxrefs=value - the maximum number of internal references -# maxbytes=value - the maximum number of bytes in the input stream -# maxarray=value - the maximum array length allowed -# -# Other patterns, from left to right, match the class or package name as -# returned from Class.getName. -# If the class is an array type, the class or package to be matched is the element type. -# Arrays of any number of dimensions are treated the same as the element type. -# For example, a pattern of "!example.Foo", rejects creation of any instance or -# array of example.Foo. -# -# If the pattern starts with "!", the status is REJECTED if the remaining pattern -# is matched; otherwise the status is ALLOWED if the pattern matches. -# If the pattern ends with ".**" it matches any class in the package and all subpackages. -# If the pattern ends with ".*" it matches any class in the package. -# If the pattern ends with "*", it matches any class with the pattern as a prefix. -# If the pattern is equal to the class name, it matches. -# Otherwise, the status is UNDECIDED.
--- a/test/javax/management/remote/mandatory/connection/mgmt2.properties Tue Mar 06 20:30:34 2018 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,34 +0,0 @@ -# ################ Filter for ObjectInputStream ############################# -com.sun.management.jmxremote.serial.filter.pattern=!DefaultAgentFilterTest$ThisTypeIsNotUsed -# A filter, if configured, is used by java.io.ObjectInputStream during -# deserialization of parameters sent to the JMX default agent to validate the -# contents of the stream. -# A filter is configured as a sequence of patterns, each pattern is either -# matched against the name of a class in the stream or defines a limit. -# Patterns are separated by ";" (semicolon). -# Whitespace is significant and is considered part of the pattern. -# -# If a pattern includes a "=", it sets a limit. -# If a limit appears more than once the last value is used. -# Limits are checked before classes regardless of the order in the sequence of patterns. -# If any of the limits are exceeded, the filter status is REJECTED. -# -# maxdepth=value - the maximum depth of a graph -# maxrefs=value - the maximum number of internal references -# maxbytes=value - the maximum number of bytes in the input stream -# maxarray=value - the maximum array length allowed -# -# Other patterns, from left to right, match the class or package name as -# returned from Class.getName. -# If the class is an array type, the class or package to be matched is the element type. -# Arrays of any number of dimensions are treated the same as the element type. -# For example, a pattern of "!example.Foo", rejects creation of any instance or -# array of example.Foo. -# -# If the pattern starts with "!", the status is REJECTED if the remaining pattern -# is matched; otherwise the status is ALLOWED if the pattern matches. -# If the pattern ends with ".**" it matches any class in the package and all subpackages. -# If the pattern ends with ".*" it matches any class in the package. -# If the pattern ends with "*", it matches any class with the pattern as a prefix. -# If the pattern is equal to the class name, it matches. -# Otherwise, the status is UNDECIDED.
--- a/test/javax/management/remote/mandatory/connectorServer/RMIExporterTest.java Tue Mar 06 20:30:34 2018 +0000 +++ b/test/javax/management/remote/mandatory/connectorServer/RMIExporterTest.java Tue Mar 06 20:35:02 2018 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -46,7 +46,6 @@ import javax.management.remote.JMXConnectorServerFactory; import javax.management.remote.JMXServiceURL; import com.sun.jmx.remote.internal.RMIExporter; -import sun.misc.ObjectInputFilter; public class RMIExporterTest { @@ -60,8 +59,7 @@ public Remote exportObject(Remote obj, int port, RMIClientSocketFactory csf, - RMIServerSocketFactory ssf, - ObjectInputFilter unused) + RMIServerSocketFactory ssf) throws RemoteException { System.out.println("CustomRMIExporter::exportObject():: " + "Remote = " + obj);
--- a/test/sun/rmi/transport/proxy/EagerHttpFallback.java Tue Mar 06 20:30:34 2018 +0000 +++ b/test/sun/rmi/transport/proxy/EagerHttpFallback.java Tue Mar 06 20:35:02 2018 +0000 @@ -28,7 +28,7 @@ * * @library ../../../../java/rmi/testlibrary * @build TestLibrary - * @run main/othervm -Djava.rmi.server.disableIncomingHttp=false EagerHttpFallback + * @run main/othervm -Dsun.rmi.server.disableIncomingHttp=false EagerHttpFallback */ import java.rmi.*; @@ -46,8 +46,6 @@ "true"); LocateRegistry.createRegistry(FALLBACK_PORT); - System.err.println("1-DISABLED: " + System.getProperty("java.rmi.server.disableIncomingHttp")); - /* * The call below should trigger a ConnectException in the * RMIMasterSocketFactory when it attempts a direct connection to
--- a/test/sun/rmi/transport/tcp/DisableRMIOverHttp/DisableRMIOverHTTPTest.java Tue Mar 06 20:30:34 2018 +0000 +++ b/test/sun/rmi/transport/tcp/DisableRMIOverHttp/DisableRMIOverHTTPTest.java Tue Mar 06 20:35:02 2018 +0000 @@ -29,7 +29,7 @@ * @library ../../../../../java/rmi/testlibrary * @build TestIface TestImpl * @run main/othervm/timeout=60 DisableRMIOverHTTPTest - * @run main/othervm/timeout=60 -Djava.rmi.server.disableIncomingHttp=false DisableRMIOverHTTPTest + * @run main/othervm/timeout=60 -Dsun.rmi.server.disableIncomingHttp=false DisableRMIOverHTTPTest */ /* @@ -60,7 +60,7 @@ boolean incomingHttpDisabled = Boolean.valueOf( System.getProperty( - "java.rmi.server.disableIncomingHttp", "true") + "sun.rmi.server.disableIncomingHttp", "true") .equalsIgnoreCase("true")); // Set the socket factory.
--- a/test/sun/rmi/transport/tcp/blockAccept/BlockAcceptTest.java Tue Mar 06 20:30:34 2018 +0000 +++ b/test/sun/rmi/transport/tcp/blockAccept/BlockAcceptTest.java Tue Mar 06 20:35:02 2018 +0000 @@ -29,7 +29,7 @@ * * @library ../../../../../java/rmi/testlibrary * @build TestIface TestImpl TestImpl_Stub - * @run main/othervm/policy=security.policy/timeout=60 -Djava.rmi.server.disableIncomingHttp=false BlockAcceptTest + * @run main/othervm/policy=security.policy/timeout=60 -Dsun.rmi.server.disableIncomingHttp=false BlockAcceptTest */ /* This test attempts to stymie the RMI accept loop. The accept loop in