Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
7d7fd064
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
7d7fd064
编写于
3月 02, 2018
作者:
S
shshahma
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8198662: Incompatible internal API change in JDK8u161: signature of method exportObject()
Reviewed-by: dfuchs, robm, jwilhelm, rriggs
上级
f3951e57
变更
13
显示空白变更内容
内联
并排
Showing
13 changed file
with
341 addition
and
196 deletion
+341
-196
src/share/classes/com/sun/jmx/remote/internal/RMIExporter.java
...hare/classes/com/sun/jmx/remote/internal/RMIExporter.java
+2
-4
src/share/classes/com/sun/jmx/remote/util/EnvHelp.java
src/share/classes/com/sun/jmx/remote/util/EnvHelp.java
+1
-56
src/share/classes/java/io/ObjectInputStream.java
src/share/classes/java/io/ObjectInputStream.java
+22
-0
src/share/classes/javax/management/remote/rmi/RMIConnectorServer.java
...asses/javax/management/remote/rmi/RMIConnectorServer.java
+1
-2
src/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java
...lasses/javax/management/remote/rmi/RMIJRMPServerImpl.java
+81
-67
src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java
.../classes/sun/management/jmxremote/ConnectorBootstrap.java
+14
-19
src/share/classes/sun/misc/JavaObjectInputStreamAccess.java
src/share/classes/sun/misc/JavaObjectInputStreamAccess.java
+41
-0
src/share/classes/sun/misc/ObjectStreamClassValidator.java
src/share/classes/sun/misc/ObjectStreamClassValidator.java
+43
-0
src/share/classes/sun/misc/SharedSecrets.java
src/share/classes/sun/misc/SharedSecrets.java
+13
-0
src/share/classes/sun/rmi/server/MarshalInputStream.java
src/share/classes/sun/rmi/server/MarshalInputStream.java
+37
-1
src/share/classes/sun/rmi/server/UnicastServerRef.java
src/share/classes/sun/rmi/server/UnicastServerRef.java
+84
-8
src/share/lib/management/management.properties
src/share/lib/management/management.properties
+0
-35
test/javax/management/remote/mandatory/connectorServer/RMIExporterTest.java
...ent/remote/mandatory/connectorServer/RMIExporterTest.java
+2
-4
未找到文件。
src/share/classes/com/sun/jmx/remote/internal/RMIExporter.java
浏览文件 @
7d7fd064
/*
* Copyright (c) 2003,
2017,
Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -25,7 +25,6 @@
package
com.sun.jmx.remote.internal
;
import
sun.misc.ObjectInputFilter
;
import
java.rmi.NoSuchObjectException
;
import
java.rmi.Remote
;
import
java.rmi.RemoteException
;
...
...
@@ -52,8 +51,7 @@ public interface RMIExporter {
public
Remote
exportObject
(
Remote
obj
,
int
port
,
RMIClientSocketFactory
csf
,
RMIServerSocketFactory
ssf
,
ObjectInputFilter
filter
)
RMIServerSocketFactory
ssf
)
throws
RemoteException
;
public
boolean
unexportObject
(
Remote
obj
,
boolean
force
)
...
...
src/share/classes/com/sun/jmx/remote/util/EnvHelp.java
浏览文件 @
7d7fd064
/*
* Copyright (c) 2003, 201
7
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 201
6
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -69,61 +69,6 @@ public class EnvHelp {
public
static
final
String
CREDENTIAL_TYPES
=
"jmx.remote.rmi.server.credential.types"
;
/**
* Name of the attribute that specifies an
* {@link ObjectInputFilter} pattern string to filter classes acceptable
* for {@link RMIServer#newClient(java.lang.Object) RMIServer.newClient()}
* remote method call.
* <p>
* The filter pattern must be in same format as used in
* {@link java.io.ObjectInputFilter.Config.createFilter}
* <p>
* This list of classes allowed by filter should correspond to the
* transitive closure of the credentials class (or classes) used by the
* installed {@linkplain JMXAuthenticator} associated with the
* {@linkplain RMIServer} implementation.
* If the attribute is not set then any class is deemed acceptable.
* @see ObjectInputFilter
*/
public
static
final
String
CREDENTIALS_FILTER_PATTERN
=
"jmx.remote.rmi.server.credentials.filter.pattern"
;
/**
* This attribute defines a pattern from which to create a
* {@link java.io.ObjectInputFilter} that will be used when deserializing
* objects sent to the {@code JMXConnectorServer} by any client.
* <p>
* The filter will be called for any class found in the serialized
* stream sent to server by client, including all JMX defined classes
* (such as {@link javax.management.ObjectName}), all method parameters,
* and, if present in the stream, all classes transitively referred by
* the serial form of any deserialized object.
* The pattern must be in same format as used in
* {@link java.io.ObjectInputFilter.Config.createFilter}.
* It may define a white list of permitted classes, a black list of
* rejected classes, a maximum depth for the deserialized objects,
* etc.
* <p>
* To be functional, the filter should allow at least all the
* concrete types in the transitive closure of all objects that
* might get serialized when serializing all JMX classes referred
* as parameters in the {@link
* javax.management.remote.rmi.RMIConnection} interface,
* plus all classes that a {@link javax.management.remote.rmi.RMIConnectorClient}
* might need to transmit wrapped in {@linkplain java.rmi.MarshalledObject
* marshalled objects} in order to interoperate with the MBeans registered
* in the {@code MBeanServer}. That would potentially include all the
* concrete {@linkplain javax.management.openmbean JMX OpenTypes} and the
* classes they use in their serial form.
* <p>
* Care must be taken when defining such a filter, as defining
* a white list too restrictive or a too wide a black list may
* prevent legitimate clients from interoperating with the
* {@code JMXConnectorServer}.
*/
public
static
final
String
SERIAL_FILTER_PATTERN
=
"jmx.remote.rmi.server.serial.filter.pattern"
;
/**
* <p>Name of the attribute that specifies a default class loader
* object.
...
...
src/share/classes/java/io/ObjectInputStream.java
浏览文件 @
7d7fd064
...
...
@@ -45,6 +45,8 @@ import static java.io.ObjectStreamClass.processQueue;
import
sun.misc.SharedSecrets
;
import
sun.misc.ObjectInputFilter
;
import
sun.misc.ObjectStreamClassValidator
;
import
sun.misc.SharedSecrets
;
import
sun.reflect.misc.ReflectUtil
;
import
sun.misc.JavaOISAccess
;
import
sun.util.logging.PlatformLogger
;
...
...
@@ -1750,6 +1752,9 @@ public class ObjectInputStream
throw
new
StreamCorruptedException
(
String
.
format
(
"invalid type code: %02X"
,
tc
));
}
if
(
descriptor
!=
null
)
{
validateDescriptor
(
descriptor
);
}
return
descriptor
;
}
...
...
@@ -3895,4 +3900,21 @@ public class ObjectInputStream
throw
new
AssertionError
();
}
}
private
void
validateDescriptor
(
ObjectStreamClass
descriptor
)
{
ObjectStreamClassValidator
validating
=
validator
;
if
(
validating
!=
null
)
{
validating
.
validateDescriptor
(
descriptor
);
}
}
// controlled access to ObjectStreamClassValidator
private
volatile
ObjectStreamClassValidator
validator
;
private
static
void
setValidator
(
ObjectInputStream
ois
,
ObjectStreamClassValidator
validator
)
{
ois
.
validator
=
validator
;
}
static
{
SharedSecrets
.
setJavaObjectInputStreamAccess
(
ObjectInputStream:
:
setValidator
);
}
}
src/share/classes/javax/management/remote/rmi/RMIConnectorServer.java
浏览文件 @
7d7fd064
/*
* Copyright (c) 2002, 201
7
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -33,7 +33,6 @@ import com.sun.jmx.remote.util.EnvHelp;
import
java.io.ByteArrayOutputStream
;
import
java.io.IOException
;
import
sun.misc.ObjectInputFilter
;
import
java.io.ObjectOutputStream
;
import
java.net.MalformedURLException
;
import
java.rmi.server.RMIClientSocketFactory
;
...
...
src/share/classes/javax/management/remote/rmi/RMIJRMPServerImpl.java
浏览文件 @
7d7fd064
/*
* Copyright (c) 2002, 201
7
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 201
6
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -26,7 +26,6 @@
package
javax.management.remote.rmi
;
import
java.io.IOException
;
import
sun.misc.ObjectInputFilter
;
import
java.rmi.NoSuchObjectException
;
import
java.rmi.Remote
;
import
java.rmi.RemoteException
;
...
...
@@ -48,11 +47,6 @@ import sun.reflect.misc.ReflectUtil;
import
sun.rmi.server.DeserializationChecker
;
import
sun.rmi.server.UnicastServerRef
;
import
sun.rmi.server.UnicastServerRef2
;
import
java.util.Arrays
;
import
java.util.Set
;
import
java.util.stream.Collectors
;
import
sun.rmi.transport.LiveRef
;
/**
* <p>An {@link RMIServer} object that is exported through JRMP and that
...
...
@@ -65,6 +59,8 @@ import sun.rmi.transport.LiveRef;
*/
public
class
RMIJRMPServerImpl
extends
RMIServerImpl
{
private
final
ExportedWrapper
exportedWrapper
;
/**
* <p>Creates a new {@link RMIServer} object that will be exported
* on the given port using the given socket factories.</p>
...
...
@@ -105,37 +101,31 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
String
[]
credentialsTypes
=
(
String
[])
this
.
env
.
get
(
EnvHelp
.
CREDENTIAL_TYPES
);
String
credentialsFilter
=
(
String
)
this
.
env
.
get
(
EnvHelp
.
CREDENTIALS_FILTER_PATTERN
);
if
(
credentialsFilter
!=
null
){
cFilter
=
ObjectInputFilter
.
Config
.
createFilter
(
credentialsFilter
);
allowedTypes
=
null
;
List
<
String
>
types
=
null
;
if
(
credentialsTypes
!=
null
)
{
types
=
new
ArrayList
<>();
for
(
String
type
:
credentialsTypes
)
{
if
(
type
==
null
)
{
throw
new
IllegalArgumentException
(
"A credential type is null."
);
}
else
if
(
credentialsTypes
!=
null
)
{
allowedTypes
=
Arrays
.
stream
(
credentialsTypes
).
filter
(
s
->
s
!=
null
).
collect
(
Collectors
.
toSet
());
allowedTypes
.
stream
().
forEach
(
ReflectUtil:
:
checkPackageAccess
);
cFilter
=
this
::
newClientCheckInput
;
}
else
{
allowedTypes
=
null
;
cFilter
=
null
;
ReflectUtil
.
checkPackageAccess
(
type
);
types
.
add
(
type
);
}
String
userJmxFilter
=
(
String
)
this
.
env
.
get
(
EnvHelp
.
SERIAL_FILTER_PATTERN
);
if
(
userJmxFilter
!=
null
&&
!
userJmxFilter
.
isEmpty
())
jmxRmiFilter
=
ObjectInputFilter
.
Config
.
createFilter
(
userJmxFilter
);
else
jmxRmiFilter
=
null
;
}
exportedWrapper
=
types
!=
null
?
new
ExportedWrapper
(
this
,
types
)
:
null
;
}
protected
void
export
()
throws
IOException
{
export
(
this
,
cFilter
);
if
(
exportedWrapper
!=
null
)
{
export
(
exportedWrapper
);
}
else
{
export
(
this
);
}
}
private
void
export
(
Remote
obj
,
ObjectInputFilter
typeFilter
)
throws
RemoteException
{
private
void
export
(
Remote
obj
)
throws
RemoteException
{
final
RMIExporter
exporter
=
(
RMIExporter
)
env
.
get
(
RMIExporter
.
EXPORTER_ATTRIBUTE
);
final
boolean
daemon
=
EnvHelp
.
isServerDaemon
(
env
);
...
...
@@ -146,14 +136,16 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
" cannot be used to specify an exporter!"
);
}
if
(
exporter
!=
null
)
{
exporter
.
exportObject
(
obj
,
port
,
csf
,
ssf
,
typeFilter
);
}
else
{
if
(
daemon
)
{
if
(
csf
==
null
&&
ssf
==
null
)
{
new
UnicastServerRef
(
new
LiveRef
(
port
),
typeFilter
).
exportObject
(
obj
,
null
,
daemon
);
new
UnicastServerRef
(
port
).
exportObject
(
obj
,
null
,
true
);
}
else
{
new
UnicastServerRef2
(
port
,
csf
,
ssf
,
typeFilter
).
exportObject
(
obj
,
null
,
daemon
);
new
UnicastServerRef2
(
port
,
csf
,
ssf
).
exportObject
(
obj
,
null
,
true
);
}
}
else
if
(
exporter
!=
null
)
{
exporter
.
exportObject
(
obj
,
port
,
csf
,
ssf
);
}
else
{
UnicastRemoteObject
.
exportObject
(
obj
,
port
,
csf
,
ssf
);
}
}
...
...
@@ -180,8 +172,12 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
* RMIJRMPServerImpl has not been exported yet.
*/
public
Remote
toStub
()
throws
IOException
{
if
(
exportedWrapper
!=
null
)
{
return
RemoteObject
.
toStub
(
exportedWrapper
);
}
else
{
return
RemoteObject
.
toStub
(
this
);
}
}
/**
* <p>Creates a new client connection as an RMI object exported
...
...
@@ -210,7 +206,7 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
RMIConnection
client
=
new
RMIConnectionImpl
(
this
,
connectionId
,
getDefaultClassLoader
(),
subject
,
env
);
export
(
client
,
jmxRmiFilter
);
export
(
client
);
return
client
;
}
...
...
@@ -227,38 +223,56 @@ public class RMIJRMPServerImpl extends RMIServerImpl {
* server failed.
*/
protected
void
closeServer
()
throws
IOException
{
if
(
exportedWrapper
!=
null
)
{
unexport
(
exportedWrapper
,
true
);
}
else
{
unexport
(
this
,
true
);
}
/**
* Check that a type in the remote invocation of {@link RMIServerImpl#newClient}
* is one of the {@code allowedTypes}.
*
* @param clazz the class; may be null
* @param size the size for arrays, otherwise is 0
* @param nObjectRefs the current number of object references
* @param depth the current depth
* @param streamBytes the current number of bytes consumed
* @return {@code ObjectInputFilter.Status.ALLOWED} if the class is allowed,
* otherwise {@code ObjectInputFilter.Status.REJECTED}
*/
ObjectInputFilter
.
Status
newClientCheckInput
(
ObjectInputFilter
.
FilterInfo
filterInfo
)
{
ObjectInputFilter
.
Status
status
=
ObjectInputFilter
.
Status
.
UNDECIDED
;
if
(
allowedTypes
!=
null
&&
filterInfo
.
serialClass
()
!=
null
)
{
// If enabled, check type
String
type
=
filterInfo
.
serialClass
().
getName
();
if
(
allowedTypes
.
contains
(
type
))
status
=
ObjectInputFilter
.
Status
.
ALLOWED
;
else
status
=
ObjectInputFilter
.
Status
.
REJECTED
;
}
return
status
;
}
private
final
int
port
;
private
final
RMIClientSocketFactory
csf
;
private
final
RMIServerSocketFactory
ssf
;
private
final
Map
<
String
,
?>
env
;
private
final
Set
<
String
>
allowedTypes
;
private
final
ObjectInputFilter
jmxRmiFilter
;
private
final
ObjectInputFilter
cFilter
;
private
static
class
ExportedWrapper
implements
RMIServer
,
DeserializationChecker
{
private
final
RMIServer
impl
;
private
final
List
<
String
>
allowedTypes
;
private
ExportedWrapper
(
RMIServer
impl
,
List
<
String
>
credentialsTypes
)
{
this
.
impl
=
impl
;
allowedTypes
=
credentialsTypes
;
}
@Override
public
String
getVersion
()
throws
RemoteException
{
return
impl
.
getVersion
();
}
@Override
public
RMIConnection
newClient
(
Object
credentials
)
throws
IOException
{
return
impl
.
newClient
(
credentials
);
}
@Override
public
void
check
(
Method
method
,
ObjectStreamClass
descriptor
,
int
paramIndex
,
int
callID
)
{
String
type
=
descriptor
.
getName
();
if
(!
allowedTypes
.
contains
(
type
))
{
throw
new
ClassCastException
(
"Unsupported type: "
+
type
);
}
}
@Override
public
void
checkProxyClass
(
Method
method
,
String
[]
ifaces
,
int
paramIndex
,
int
callID
)
{
if
(
ifaces
!=
null
&&
ifaces
.
length
>
0
)
{
for
(
String
iface
:
ifaces
)
{
if
(!
allowedTypes
.
contains
(
iface
))
{
throw
new
ClassCastException
(
"Unsupported type: "
+
iface
);
}
}
}
}
}
}
src/share/classes/sun/management/jmxremote/ConnectorBootstrap.java
浏览文件 @
7d7fd064
/*
* Copyright (c) 2003, 201
7
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 201
6
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -30,7 +30,7 @@ import java.io.File;
import
java.io.FileInputStream
;
import
java.io.IOException
;
import
java.io.InputStream
;
import
sun.misc.ObjectInputFilter
;
import
java.io.Serializable
;
import
java.lang.management.ManagementFactory
;
import
java.net.InetAddress
;
import
java.net.MalformedURLException
;
...
...
@@ -43,6 +43,7 @@ import java.rmi.RemoteException;
import
java.rmi.registry.Registry
;
import
java.rmi.server.RMIClientSocketFactory
;
import
java.rmi.server.RMIServerSocketFactory
;
import
java.rmi.server.RMISocketFactory
;
import
java.rmi.server.RemoteObject
;
import
java.rmi.server.UnicastRemoteObject
;
import
java.security.KeyStore
;
...
...
@@ -82,7 +83,6 @@ import sun.management.FileSystem;
import
sun.rmi.server.UnicastRef
;
import
sun.rmi.server.UnicastServerRef
;
import
sun.rmi.server.UnicastServerRef2
;
import
sun.rmi.transport.LiveRef
;
/**
* This class initializes and starts the RMIConnectorServer for JSR 163
...
...
@@ -141,8 +141,6 @@ public final class ConnectorBootstrap {
"com.sun.management.jmxremote.ssl.need.client.auth"
;
public
static
final
String
SSL_CONFIG_FILE_NAME
=
"com.sun.management.jmxremote.ssl.config.file"
;
public
static
final
String
SERIAL_FILTER_PATTERN
=
"com.sun.management.jmxremote.serial.filter.pattern"
;
}
/**
...
...
@@ -183,8 +181,7 @@ public final class ConnectorBootstrap {
public
Remote
exportObject
(
Remote
obj
,
int
port
,
RMIClientSocketFactory
csf
,
RMIServerSocketFactory
ssf
,
ObjectInputFilter
filter
)
RMIServerSocketFactory
ssf
)
throws
RemoteException
{
synchronized
(
this
)
{
...
...
@@ -195,9 +192,9 @@ public final class ConnectorBootstrap {
final
UnicastServerRef
ref
;
if
(
csf
==
null
&&
ssf
==
null
)
{
ref
=
new
UnicastServerRef
(
new
LiveRef
(
port
),
filter
);
ref
=
new
UnicastServerRef
(
port
);
}
else
{
ref
=
new
UnicastServerRef2
(
port
,
csf
,
ssf
,
filter
);
ref
=
new
UnicastServerRef2
(
port
,
csf
,
ssf
);
}
return
ref
.
exportObject
(
obj
,
null
,
true
);
}
...
...
@@ -437,7 +434,6 @@ public final class ConnectorBootstrap {
final
String
bindAddress
=
props
.
getProperty
(
PropertyNames
.
HOST
);
final
String
jmxRmiFilter
=
props
.
getProperty
(
PropertyNames
.
SERIAL_FILTER_PATTERN
);
if
(
log
.
debugOn
())
{
log
.
debug
(
"startRemoteConnectorServer"
,
...
...
@@ -474,7 +470,7 @@ public final class ConnectorBootstrap {
sslConfigFileName
,
enabledCipherSuitesList
,
enabledProtocolsList
,
sslNeedClientAuth
,
useAuthentication
,
loginConfigName
,
passwordFileName
,
accessFileName
,
bindAddress
,
jmxRmiFilter
);
passwordFileName
,
accessFileName
,
bindAddress
);
cs
=
data
.
jmxConnectorServer
;
url
=
data
.
jmxRemoteURL
;
log
.
config
(
"startRemoteConnectorServer"
,
...
...
@@ -514,7 +510,9 @@ public final class ConnectorBootstrap {
// This RMI server should not keep the VM alive
Map
<
String
,
Object
>
env
=
new
HashMap
<>();
env
.
put
(
RMIExporter
.
EXPORTER_ATTRIBUTE
,
new
PermanentExporter
());
env
.
put
(
EnvHelp
.
CREDENTIALS_FILTER_PATTERN
,
String
.
class
.
getName
()
+
";!*"
);
env
.
put
(
EnvHelp
.
CREDENTIAL_TYPES
,
new
String
[]{
String
[].
class
.
getName
(),
String
.
class
.
getName
()
});
// The local connector server need only be available via the
// loopback connection.
...
...
@@ -730,8 +728,7 @@ public final class ConnectorBootstrap {
String
loginConfigName
,
String
passwordFileName
,
String
accessFileName
,
String
bindAddress
,
String
jmxRmiFilter
)
String
bindAddress
)
throws
IOException
,
MalformedURLException
{
/* Make sure we use non-guessable RMI object IDs. Otherwise
...
...
@@ -746,11 +743,9 @@ public final class ConnectorBootstrap {
PermanentExporter
exporter
=
new
PermanentExporter
();
env
.
put
(
RMIExporter
.
EXPORTER_ATTRIBUTE
,
exporter
);
env
.
put
(
EnvHelp
.
CREDENTIALS_FILTER_PATTERN
,
String
.
class
.
getName
()
+
";!*"
);
if
(
jmxRmiFilter
!=
null
&&
!
jmxRmiFilter
.
isEmpty
())
{
env
.
put
(
EnvHelp
.
SERIAL_FILTER_PATTERN
,
jmxRmiFilter
);
}
env
.
put
(
EnvHelp
.
CREDENTIAL_TYPES
,
new
String
[]{
String
[].
class
.
getName
(),
String
.
class
.
getName
()
});
boolean
useSocketFactory
=
bindAddress
!=
null
&&
!
useSsl
;
...
...
src/share/classes/sun/misc/JavaObjectInputStreamAccess.java
0 → 100644
浏览文件 @
7d7fd064
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package
sun.misc
;
import
java.io.ObjectInputStream
;
/**
* The interface to specify methods for accessing {@code ObjectInputStream}
* @author sjiang
*/
public
interface
JavaObjectInputStreamAccess
{
/**
* Sets a descriptor validating.
* @param ois stream to have the descriptors validated
* @param validator validator used to validate a descriptor.
*/
public
void
setValidator
(
ObjectInputStream
ois
,
ObjectStreamClassValidator
validator
);
}
src/share/classes/sun/misc/ObjectStreamClassValidator.java
0 → 100644
浏览文件 @
7d7fd064
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package
sun.misc
;
import
java.io.ObjectStreamClass
;
/**
* A callback used by {@code ObjectInputStream} to do descriptor validation.
*
* @author sjiang
*/
public
interface
ObjectStreamClassValidator
{
/**
* This method will be called by ObjectInputStream to
* check a descriptor just before creating an object described by this descriptor.
* The object will not be created if this method throws a {@code RuntimeException}.
* @param descriptor descriptor to be checked.
*/
public
void
validateDescriptor
(
ObjectStreamClass
descriptor
);
}
src/share/classes/sun/misc/SharedSecrets.java
浏览文件 @
7d7fd064
...
...
@@ -59,6 +59,7 @@ public class SharedSecrets {
private
static
JavaAWTAccess
javaAWTAccess
;
private
static
JavaOISAccess
javaOISAccess
;
private
static
JavaxCryptoSealedObjectAccess
javaxCryptoSealedObjectAccess
;
private
static
JavaObjectInputStreamAccess
javaObjectInputStreamAccess
;
public
static
JavaUtilJarAccess
javaUtilJarAccess
()
{
if
(
javaUtilJarAccess
==
null
)
{
...
...
@@ -201,6 +202,18 @@ public class SharedSecrets {
return
javaAWTAccess
;
}
public
static
JavaObjectInputStreamAccess
getJavaObjectInputStreamAccess
()
{
if
(
javaObjectInputStreamAccess
==
null
)
{
unsafe
.
ensureClassInitialized
(
ObjectInputStream
.
class
);
}
return
javaObjectInputStreamAccess
;
}
public
static
void
setJavaObjectInputStreamAccess
(
JavaObjectInputStreamAccess
access
)
{
javaObjectInputStreamAccess
=
access
;
}
public
static
void
setJavaxCryptoSealedObjectAccess
(
JavaxCryptoSealedObjectAccess
jcsoa
)
{
javaxCryptoSealedObjectAccess
=
jcsoa
;
}
...
...
src/share/classes/sun/rmi/server/MarshalInputStream.java
浏览文件 @
7d7fd064
/*
* Copyright (c) 1996, 201
7
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 201
6
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -34,6 +34,8 @@ import java.util.*;
import
java.security.AccessControlException
;
import
java.security.Permission
;
import
java.rmi.server.RMIClassLoader
;
import
sun.misc.ObjectStreamClassValidator
;
import
sun.misc.SharedSecrets
;
/**
* MarshalInputStream is an extension of ObjectInputStream. When resolving
...
...
@@ -51,6 +53,11 @@ import java.rmi.server.RMIClassLoader;
* @author Peter Jones
*/
public
class
MarshalInputStream
extends
ObjectInputStream
{
interface
StreamChecker
extends
ObjectStreamClassValidator
{
void
checkProxyInterfaceNames
(
String
[]
ifaces
);
}
private
volatile
StreamChecker
streamChecker
=
null
;
/**
* Value of "java.rmi.server.useCodebaseOnly" property,
...
...
@@ -237,6 +244,11 @@ public class MarshalInputStream extends ObjectInputStream {
protected
Class
<?>
resolveProxyClass
(
String
[]
interfaces
)
throws
IOException
,
ClassNotFoundException
{
StreamChecker
checker
=
streamChecker
;
if
(
checker
!=
null
)
{
checker
.
checkProxyInterfaceNames
(
interfaces
);
}
/*
* Always read annotation written by MarshalOutputStream.
*/
...
...
@@ -318,4 +330,28 @@ public class MarshalInputStream extends ObjectInputStream {
void
useCodebaseOnly
()
{
useCodebaseOnly
=
true
;
}
synchronized
void
setStreamChecker
(
StreamChecker
checker
)
{
streamChecker
=
checker
;
SharedSecrets
.
getJavaObjectInputStreamAccess
().
setValidator
(
this
,
checker
);
}
@Override
protected
ObjectStreamClass
readClassDescriptor
()
throws
IOException
,
ClassNotFoundException
{
ObjectStreamClass
descriptor
=
super
.
readClassDescriptor
();
validateDesc
(
descriptor
);
return
descriptor
;
}
private
void
validateDesc
(
ObjectStreamClass
descriptor
)
{
StreamChecker
checker
;
synchronized
(
this
)
{
checker
=
streamChecker
;
}
if
(
checker
!=
null
)
{
checker
.
validateDescriptor
(
descriptor
);
}
}
}
src/share/classes/sun/rmi/server/UnicastServerRef.java
浏览文件 @
7d7fd064
/*
* Copyright (c) 1996, 201
7
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 201
6
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -29,6 +29,7 @@ import java.io.IOException;
import
java.io.ObjectInput
;
import
java.io.ObjectInputStream
;
import
java.io.ObjectOutput
;
import
java.io.ObjectStreamClass
;
import
java.lang.reflect.InvocationTargetException
;
import
java.lang.reflect.Method
;
import
java.rmi.AccessException
;
...
...
@@ -331,15 +332,10 @@ public class UnicastServerRef extends UnicastRef
logCall
(
obj
,
method
);
// unmarshal parameters
Class
<?>[]
types
=
method
.
getParameterTypes
();
Object
[]
params
=
new
Object
[
types
.
length
];
Object
[]
params
=
null
;
try
{
unmarshalCustomCallData
(
in
);
// Unmarshal the parameters
for
(
int
i
=
0
;
i
<
types
.
length
;
i
++)
{
params
[
i
]
=
unmarshalValue
(
types
[
i
],
in
);
}
params
=
unmarshalParameters
(
obj
,
method
,
marshalStream
);
}
catch
(
AccessException
aex
)
{
// For compatibility, AccessException is not wrapped in UnmarshalException
...
...
@@ -609,4 +605,84 @@ public class UnicastServerRef extends UnicastRef
}
}
/**
* Unmarshal parameters for the given method of the given instance over
* the given marshalinputstream. Perform any necessary checks.
*/
private
Object
[]
unmarshalParameters
(
Object
obj
,
Method
method
,
MarshalInputStream
in
)
throws
IOException
,
ClassNotFoundException
{
return
(
obj
instanceof
DeserializationChecker
)
?
unmarshalParametersChecked
((
DeserializationChecker
)
obj
,
method
,
in
)
:
unmarshalParametersUnchecked
(
method
,
in
);
}
/**
* Unmarshal parameters for the given method of the given instance over
* the given marshalinputstream. Do not perform any additional checks.
*/
private
Object
[]
unmarshalParametersUnchecked
(
Method
method
,
ObjectInput
in
)
throws
IOException
,
ClassNotFoundException
{
Class
<?>[]
types
=
method
.
getParameterTypes
();
Object
[]
params
=
new
Object
[
types
.
length
];
for
(
int
i
=
0
;
i
<
types
.
length
;
i
++)
{
params
[
i
]
=
unmarshalValue
(
types
[
i
],
in
);
}
return
params
;
}
/**
* Unmarshal parameters for the given method of the given instance over
* the given marshalinputstream. Do perform all additional checks.
*/
private
Object
[]
unmarshalParametersChecked
(
DeserializationChecker
checker
,
Method
method
,
MarshalInputStream
in
)
throws
IOException
,
ClassNotFoundException
{
int
callID
=
methodCallIDCount
.
getAndIncrement
();
MyChecker
myChecker
=
new
MyChecker
(
checker
,
method
,
callID
);
in
.
setStreamChecker
(
myChecker
);
try
{
Class
<?>[]
types
=
method
.
getParameterTypes
();
Object
[]
values
=
new
Object
[
types
.
length
];
for
(
int
i
=
0
;
i
<
types
.
length
;
i
++)
{
myChecker
.
setIndex
(
i
);
values
[
i
]
=
unmarshalValue
(
types
[
i
],
in
);
}
myChecker
.
end
(
callID
);
return
values
;
}
finally
{
in
.
setStreamChecker
(
null
);
}
}
private
static
class
MyChecker
implements
MarshalInputStream
.
StreamChecker
{
private
final
DeserializationChecker
descriptorCheck
;
private
final
Method
method
;
private
final
int
callID
;
private
int
parameterIndex
;
MyChecker
(
DeserializationChecker
descriptorCheck
,
Method
method
,
int
callID
)
{
this
.
descriptorCheck
=
descriptorCheck
;
this
.
method
=
method
;
this
.
callID
=
callID
;
}
@Override
public
void
validateDescriptor
(
ObjectStreamClass
descriptor
)
{
descriptorCheck
.
check
(
method
,
descriptor
,
parameterIndex
,
callID
);
}
@Override
public
void
checkProxyInterfaceNames
(
String
[]
ifaces
)
{
descriptorCheck
.
checkProxyClass
(
method
,
ifaces
,
parameterIndex
,
callID
);
}
void
setIndex
(
int
parameterIndex
)
{
this
.
parameterIndex
=
parameterIndex
;
}
void
end
(
int
callId
)
{
descriptorCheck
.
end
(
callId
);
}
}
}
src/share/lib/management/management.properties
浏览文件 @
7d7fd064
...
...
@@ -329,38 +329,3 @@
# The format of the value for that property is any string accepted
# by java.net.InetAddress.getByName(String).
#
# ################ Filter for ObjectInputStream #############################
# com.sun.management.jmxremote.serial.filter.pattern=<filter-string>
# A filter, if configured, is used by java.io.ObjectInputStream during
# deserialization of parameters sent to the JMX default agent to validate the
# contents of the stream.
# A filter is configured as a sequence of patterns, each pattern is either
# matched against the name of a class in the stream or defines a limit.
# Patterns are separated by ";" (semicolon).
# Whitespace is significant and is considered part of the pattern.
#
# If a pattern includes a "=", it sets a limit.
# If a limit appears more than once the last value is used.
# Limits are checked before classes regardless of the order in the sequence of patterns.
# If any of the limits are exceeded, the filter status is REJECTED.
#
# maxdepth=value - the maximum depth of a graph
# maxrefs=value - the maximum number of internal references
# maxbytes=value - the maximum number of bytes in the input stream
# maxarray=value - the maximum array length allowed
#
# Other patterns, from left to right, match the class or package name as
# returned from Class.getName.
# If the class is an array type, the class or package to be matched is the element type.
# Arrays of any number of dimensions are treated the same as the element type.
# For example, a pattern of "!example.Foo", rejects creation of any instance or
# array of example.Foo.
#
# If the pattern starts with "!", the status is REJECTED if the remaining pattern
# is matched; otherwise the status is ALLOWED if the pattern matches.
# If the pattern ends with ".**" it matches any class in the package and all subpackages.
# If the pattern ends with ".*" it matches any class in the package.
# If the pattern ends with "*", it matches any class with the pattern as a prefix.
# If the pattern is equal to the class name, it matches.
# Otherwise, the status is UNDECIDED.
test/javax/management/remote/mandatory/connectorServer/RMIExporterTest.java
浏览文件 @
7d7fd064
/*
* Copyright (c) 2004,
2017,
Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -46,7 +46,6 @@ import javax.management.remote.JMXConnectorServer;
import
javax.management.remote.JMXConnectorServerFactory
;
import
javax.management.remote.JMXServiceURL
;
import
com.sun.jmx.remote.internal.RMIExporter
;
import
sun.misc.ObjectInputFilter
;
public
class
RMIExporterTest
{
...
...
@@ -60,8 +59,7 @@ public class RMIExporterTest {
public
Remote
exportObject
(
Remote
obj
,
int
port
,
RMIClientSocketFactory
csf
,
RMIServerSocketFactory
ssf
,
ObjectInputFilter
unused
)
RMIServerSocketFactory
ssf
)
throws
RemoteException
{
System
.
out
.
println
(
"CustomRMIExporter::exportObject():: "
+
"Remote = "
+
obj
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录