Merge
diff --git a/.hgtags-top-repo b/.hgtags-top-repo
index 2da0b7c..8b3697f 100644
--- a/.hgtags-top-repo
+++ b/.hgtags-top-repo
@@ -443,3 +443,4 @@
e6edc89f5b2dc6dacd6041305e942a3f04a25ce5 jdk-9.0.1+11
3a64fdb24a8c26e2d7d32864dad4425a9496b90d jdk-9.0.4+00
726bf8524f7d3780518ada8648488ad4a7bfe6a2 jdk-9.0.4+1
+8055b6778ac8fc6bb165082230951cc8f146f8fd jdk-9.0.4+2
diff --git a/corba/.hgtags b/corba/.hgtags
index e7f0c63..e7e1afc 100644
--- a/corba/.hgtags
+++ b/corba/.hgtags
@@ -439,3 +439,4 @@
f67e7e2c01929cfe7a1a3cb2f4b279c1d4fee120 jdk-9.0.1+11
0876f7e30c48b7cc0b3c15fcd3860522b1f4ae38 jdk-9.0.4+00
03683a1b2e25231ea6305c91cae4cf83d01738f0 jdk-9.0.4+1
+bcb2300e20962172f7b94ba422d3e634d4f2c62c jdk-9.0.4+2
diff --git a/hotspot/.hgtags b/hotspot/.hgtags
index 3e6b487..603b6d7 100644
--- a/hotspot/.hgtags
+++ b/hotspot/.hgtags
@@ -599,3 +599,4 @@
3546eb2ee2693043eb107d980ce5b72fe7f8f47a jdk-9.0.1+11
5be37d3ef648d06850aa164d8b22ac7539559e80 jdk-9.0.4+00
46290b7298be50f9a70d27465d50d1675732f0af jdk-9.0.4+1
+dab4c60adabfb8ea35cfcd96a7218994a84d652f jdk-9.0.4+2
diff --git a/jaxp/.hgtags b/jaxp/.hgtags
index eb53c65..37e1cd7 100644
--- a/jaxp/.hgtags
+++ b/jaxp/.hgtags
@@ -439,3 +439,4 @@
067a3eada8b593daa7c27c9d68e201822a530344 jdk-9.0.1+11
04e8b60cb228668ebcc456c0c810bf783ab62e6f jdk-9.0.4+00
67b943123ad883e5a59734ee20b9ab899dae823c jdk-9.0.4+1
+2cb55df963aed0adc48361012bbb7b78253d8017 jdk-9.0.4+2
diff --git a/jaxws/.hgtags b/jaxws/.hgtags
index 6795d11..7167396 100644
--- a/jaxws/.hgtags
+++ b/jaxws/.hgtags
@@ -442,3 +442,4 @@
b8e948250ebbb8ceb0deb2ff5d102bbe62cc0122 jdk-9.0.1+11
dd3fd1a7a076df906dfe76b74fd3385f6e4b7df3 jdk-9.0.4+00
211ec44cd237417fd72eaf36194e1afad7efc934 jdk-9.0.4+1
+db65cbca946753f9818f063f94b66c6c932d08a9 jdk-9.0.4+2
diff --git a/jdk/.hgtags b/jdk/.hgtags
index 2d983e2..c83e551 100644
--- a/jdk/.hgtags
+++ b/jdk/.hgtags
@@ -439,3 +439,4 @@
2bd4dd6cc82060b6d705de5f47077633ae7b7c82 jdk-9.0.1+11
fa3b1c07db0508e2bb1a6ab5e8b3a2be97544243 jdk-9.0.4+00
c66ff2442ffa563c48bd641d1f4273e00833014c jdk-9.0.4+1
+c03f6dda488064a24e53e372e5ad00b1d7505f6b jdk-9.0.4+2
diff --git a/jdk/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectorServer.java b/jdk/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectorServer.java
index 0cda570..a71bef5 100644
--- a/jdk/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectorServer.java
+++ b/jdk/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIConnectorServer.java
@@ -32,7 +32,6 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
-import java.io.ObjectInputFilter;
import java.io.ObjectOutputStream;
import java.net.MalformedURLException;
import java.rmi.server.RMIClientSocketFactory;
@@ -102,59 +101,19 @@
"jmx.remote.rmi.server.socket.factory";
/**
- * Name of the attribute that specifies an
- * {@link ObjectInputFilter} pattern string to filter classes acceptable
- * for {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
+ * Name of the attribute that specifies a list of class names acceptable
+ * as parameters to the {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
* remote method call.
* <p>
- * The filter pattern must be in same format as used in
- * {@link java.io.ObjectInputFilter.Config#createFilter}
+ * This list of classes should correspond to the transitive closure of the
+ * credentials class (or classes) used by the installed {@linkplain JMXAuthenticator}
+ * associated with the {@linkplain RMIServer} implementation.
* <p>
- * This list of classes allowed by filter should correspond to the
- * transitive closure of the credentials class (or classes) used by the
- * installed {@linkplain JMXAuthenticator} associated with the
- * {@linkplain RMIServer} implementation.
- * If the attribute is not set then any class is deemed acceptable.
- * @see ObjectInputFilter
+ * If the attribute is not set, or is null, then any class is
+ * deemed acceptable.
*/
- public static final String CREDENTIALS_FILTER_PATTERN =
- "jmx.remote.rmi.server.credentials.filter.pattern";
-
- /**
- * This attribute defines a pattern from which to create a
- * {@link java.io.ObjectInputFilter} that will be used when deserializing
- * objects sent to the {@code JMXConnectorServer} by any client.
- * <p>
- * The filter will be called for any class found in the serialized
- * stream sent to server by client, including all JMX defined classes
- * (such as {@link javax.management.ObjectName}), all method parameters,
- * and, if present in the stream, all classes transitively referred by
- * the serial form of any deserialized object.
- * The pattern must be in same format as used in
- * {@link java.io.ObjectInputFilter.Config#createFilter}.
- * It may define a white list of permitted classes, a black list of
- * rejected classes, a maximum depth for the deserialized objects,
- * etc.
- * <p>
- * To be functional, the filter should allow at least all the
- * concrete types in the transitive closure of all objects that
- * might get serialized when serializing all JMX classes referred
- * as parameters in the {@link
- * javax.management.remote.rmi.RMIConnection} interface,
- * plus all classes that a {@link javax.management.remote.rmi.RMIConnector client}
- * might need to transmit wrapped in {@linkplain java.rmi.MarshalledObject
- * marshalled objects} in order to interoperate with the MBeans registered
- * in the {@code MBeanServer}. That would potentially include all the
- * concrete {@linkplain javax.management.openmbean JMX OpenTypes} and the
- * classes they use in their serial form.
- * <p>
- * Care must be taken when defining such a filter, as defining
- * a white list too restrictive or a too wide a black list may
- * prevent legitimate clients from interoperating with the
- * {@code JMXConnectorServer}.
- */
- public static final String SERIAL_FILTER_PATTERN =
- "jmx.remote.rmi.server.serial.filter.pattern";
+ public static final String CREDENTIAL_TYPES =
+ "jmx.remote.rmi.server.credential.types";
/**
* <p>Makes an <code>RMIConnectorServer</code>.
diff --git a/jdk/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java b/jdk/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java
index e678769..c4af775 100644
--- a/jdk/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java
+++ b/jdk/src/java.management.rmi/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java
@@ -97,22 +97,18 @@
this.ssf = ssf;
this.env = (env == null) ? Collections.<String, Object>emptyMap() : env;
- // This attribute was represented by RMIConnectorServer.CREDENTIALS_TYPES.
- // This attribute is superceded by
- // RMIConnectorServer.CREDENTIALS_FILTER_PATTERN.
- // Retaining this for backward compatibility.
String[] credentialsTypes
- = (String[]) this.env.get("jmx.remote.rmi.server.credential.types");
+ = (String[]) this.env.get(RMIConnectorServer.CREDENTIAL_TYPES);
String credentialsFilter
- = (String) this.env.get(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN);
+ = (String) this.env.get(EnvHelp.CREDENTIALS_FILTER_PATTERN);
// It is impossible for both attributes to be specified
- if(credentialsTypes != null && credentialsFilter != null)
+ if(credentialsTypes != null && credentialsFilter != null) {
throw new IllegalArgumentException("Cannot specify both \""
- + "jmx.remote.rmi.server.credential.types" + "\" and \""
- + RMIConnectorServer.CREDENTIALS_FILTER_PATTERN + "\"");
- else if(credentialsFilter != null){
+ + RMIConnectorServer.CREDENTIAL_TYPES + "\" and \""
+ + EnvHelp.CREDENTIALS_FILTER_PATTERN + "\"");
+ } else if(credentialsFilter != null){
cFilter = ObjectInputFilter.Config.createFilter(credentialsFilter);
allowedTypes = null;
}
@@ -127,7 +123,7 @@
}
String userJmxFilter =
- (String) this.env.get(RMIConnectorServer.SERIAL_FILTER_PATTERN);
+ (String) this.env.get(EnvHelp.SERIAL_FILTER_PATTERN);
if(userJmxFilter != null && !userJmxFilter.isEmpty())
jmxRmiFilter = ObjectInputFilter.Config.createFilter(userJmxFilter);
else
diff --git a/jdk/src/java.management/share/classes/com/sun/jmx/remote/util/EnvHelp.java b/jdk/src/java.management/share/classes/com/sun/jmx/remote/util/EnvHelp.java
index 47ab569..c8ead8e 100644
--- a/jdk/src/java.management/share/classes/com/sun/jmx/remote/util/EnvHelp.java
+++ b/jdk/src/java.management/share/classes/com/sun/jmx/remote/util/EnvHelp.java
@@ -53,6 +53,61 @@
public class EnvHelp {
+ /**
+ * Name of the attribute that specifies an
+ * {@link ObjectInputFilter} pattern string to filter classes acceptable
+ * for {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
+ * remote method call.
+ * <p>
+ * The filter pattern must be in same format as used in
+ * {@link java.io.ObjectInputFilter.Config.createFilter}
+ * <p>
+ * This list of classes allowed by filter should correspond to the
+ * transitive closure of the credentials class (or classes) used by the
+ * installed {@linkplain JMXAuthenticator} associated with the
+ * {@linkplain RMIServer} implementation.
+ * If the attribute is not set then any class is deemed acceptable.
+ * @see ObjectInputFilter
+ */
+ public static final String CREDENTIALS_FILTER_PATTERN =
+ "jmx.remote.rmi.server.credentials.filter.pattern";
+
+ /**
+ * This attribute defines a pattern from which to create a
+ * {@link java.io.ObjectInputFilter} that will be used when deserializing
+ * objects sent to the {@code JMXConnectorServer} by any client.
+ * <p>
+ * The filter will be called for any class found in the serialized
+ * stream sent to server by client, including all JMX defined classes
+ * (such as {@link javax.management.ObjectName}), all method parameters,
+ * and, if present in the stream, all classes transitively referred by
+ * the serial form of any deserialized object.
+ * The pattern must be in same format as used in
+ * {@link java.io.ObjectInputFilter.Config.createFilter}.
+ * It may define a white list of permitted classes, a black list of
+ * rejected classes, a maximum depth for the deserialized objects,
+ * etc.
+ * <p>
+ * To be functional, the filter should allow at least all the
+ * concrete types in the transitive closure of all objects that
+ * might get serialized when serializing all JMX classes referred
+ * as parameters in the {@link
+ * javax.management.remote.rmi.RMIConnection} interface,
+ * plus all classes that a {@link javax.management.remote.rmi.RMIConnectorClient}
+ * might need to transmit wrapped in {@linkplain java.rmi.MarshalledObject
+ * marshalled objects} in order to interoperate with the MBeans registered
+ * in the {@code MBeanServer}. That would potentially include all the
+ * concrete {@linkplain javax.management.openmbean JMX OpenTypes} and the
+ * classes they use in their serial form.
+ * <p>
+ * Care must be taken when defining such a filter, as defining
+ * a white list too restrictive or a too wide a black list may
+ * prevent legitimate clients from interoperating with the
+ * {@code JMXConnectorServer}.
+ */
+ public static final String SERIAL_FILTER_PATTERN =
+ "jmx.remote.rmi.server.serial.filter.pattern";
+
/**
* Name of the attribute that specifies a default class loader
* object.
diff --git a/jdk/src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java b/jdk/src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java
index dae6b95..d161593 100644
--- a/jdk/src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java
+++ b/jdk/src/jdk.management.agent/share/classes/sun/management/jmxremote/ConnectorBootstrap.java
@@ -514,7 +514,8 @@
// This RMI server should not keep the VM alive
Map<String, Object> env = new HashMap<>();
env.put(RMIExporter.EXPORTER_ATTRIBUTE, new PermanentExporter());
- env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN, String.class.getName() + ";!*");
+ env.put("jmx.remote.rmi.server.credentials.filter.pattern",
+ String.class.getName() + ";!*");
// The local connector server need only be available via the
// loopback connection.
@@ -540,6 +541,10 @@
if (props == null) {
props = new Properties();
}
+ String jmxRmiFilter = props.getProperty(PropertyNames.SERIAL_FILTER_PATTERN);
+ if (jmxRmiFilter != null && !jmxRmiFilter.isEmpty()) {
+ env.put("jmx.remote.rmi.server.serial.filter.pattern", jmxRmiFilter);
+ }
String useLocalOnlyStr = props.getProperty(
PropertyNames.USE_LOCAL_ONLY, DefaultValues.USE_LOCAL_ONLY);
boolean useLocalOnly = Boolean.valueOf(useLocalOnlyStr).booleanValue();
@@ -746,10 +751,11 @@
PermanentExporter exporter = new PermanentExporter();
env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter);
- env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN, String.class.getName() + ";!*");
+ env.put("jmx.remote.rmi.server.credentials.filter.pattern",
+ String.class.getName() + ";!*");
if(jmxRmiFilter != null && !jmxRmiFilter.isEmpty()) {
- env.put(RMIConnectorServer.SERIAL_FILTER_PATTERN, jmxRmiFilter);
+ env.put("jmx.remote.rmi.server.serial.filter.pattern", jmxRmiFilter);
}
boolean useSocketFactory = bindAddress != null && !useSsl;
diff --git a/jdk/test/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java b/jdk/test/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java
index 78ae27b..51ff463 100644
--- a/jdk/test/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java
+++ b/jdk/test/javax/management/remote/mandatory/connection/NewRMIClientFilterTest.java
@@ -45,6 +45,15 @@
public class NewRMIClientFilterTest {
+ /**
+ * Name of the attribute that specifies an
+ * {@link ObjectInputFilter} pattern string to filter classes acceptable
+ * for {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
+ * remote method call.
+ */
+ static final String CREDENTIALS_FILTER_PATTERN =
+ "jmx.remote.rmi.server.credentials.filter.pattern";
+
public static void main(String[] args) throws Exception {
System.out.println("---NewRMIClientFilterTest-main: starting ...");
String filter1 = java.lang.String.class.getName() + ";!*";
@@ -64,8 +73,7 @@
server.stop();
System.out.println("\n---NewRMIClientFilterTest-main: testing types = String[]");
- env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN,
- filter1);
+ env.put(CREDENTIALS_FILTER_PATTERN, filter1);
server = newServer(url, env);
serverUrl = server.getAddress();
doTest(serverUrl, null);
@@ -80,8 +88,7 @@
}
System.out.println("\n---NewRMIClientFilterTest-main: testing user specific types = String, MyCredentials");
- env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN,
- filter2);
+ env.put(CREDENTIALS_FILTER_PATTERN, filter2);
server = newServer(url, env);
serverUrl = server.getAddress();
doTest(serverUrl, null);
diff --git a/langtools/.hgtags b/langtools/.hgtags
index c4a7e4a..f7f0b73 100644
--- a/langtools/.hgtags
+++ b/langtools/.hgtags
@@ -439,3 +439,4 @@
a70b2427c9a73309b3a828a5c69ac5fd717eb08e jdk-9.0.1+11
886cca9014ae318f270176e69b0b5bb6abb791c9 jdk-9.0.4+00
3252095f8f062edb3de403b612e1d322988e077c jdk-9.0.4+1
+e624954b65c37b334367a23216fe4e9a3437d629 jdk-9.0.4+2
diff --git a/nashorn/.hgtags b/nashorn/.hgtags
index d3c9f53..1b887c1 100644
--- a/nashorn/.hgtags
+++ b/nashorn/.hgtags
@@ -430,3 +430,4 @@
850264cdb6863f9dab53e5d707d49529fb45c575 jdk-9.0.1+11
8793d38f6b7a4864cea92cee11ac0cc15f6a997e jdk-9.0.4+00
9622aae5026e892f758373fa304e83ce309718fc jdk-9.0.4+1
+22fd41c5738df157bc17574701aa8c125c17229a jdk-9.0.4+2