On Wed, 19 Oct 2022 17:54:02 GMT, Kevin Walls <kev...@openjdk.org> wrote:
>> Set the management.properties
>> "com.sun.management.jmxremote.serial.filter.pattern" value by default, to
>> restrict types that can be deserialized.
>>
>> Use the example value from the Core Libraries guide (see section 2.
>> Serialization Filtering / Built-in Filters / Filters for JMX), plus Subject
>> which is needed when using authentication.
>>
>> The sun/management tests run OK with this change. The existing test
>> sun/management/jmxremote/startstop/JMXStartStopTest.java will fail if the
>> filter specified is made too restrictive.
>
> Kevin Walls has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Additional test with command-line filter setting.
Looks good
test/jdk/javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java
line 297:
> 295: // Use default filter, should fail with:
> java.io.InvalidClassException: filter status: REJECTED
> 296: testDefaultAgent(null /* no properties file */);
> 297: throw new RuntimeException("---" +
> DefaultAgentFilterTest.class.getName() + " - No exception reported");
Not that it matters much but traditionally we would throw AssertionError in
such cases...
-------------
Marked as reviewed by dfuchs (Reviewer).
PR: https://git.openjdk.org/jdk/pull/10507
