Summary
Use of the Security Manager and policy file in jstatd is to be discontinued. This is to prepare for the Security Manager no longer being available (JEP411).
Problem
The Security Manager is deprecated for removal (JEP411), all code which depends on it needs to be updated.
Solution
jstatd should no longer create a Security Manager, and as RMI is used it should use an ObjectInputFilter to permit only the essential classes.
jstatd is still labelled as experimental.
Specification
Documentation (man page) changes:
Remove the mention of installing a Security Manager, and all mention of a policy file, from the text and example commands.
In the Security section of the documentation, add:
As RMI is in use, the jstatd server uses an ObjectInputFilter to allow only
essential classes to be deserialized.
The main part of the code change is in the attached file jstatd_8272317_change.txt and the updated man page is attached as file jstatd.man.txt
Full code changes are in the PR, which includes minor makefile and test updates. https://github.com/openjdk/jdk/pull/6919/
- csr of
-
JDK-8272317 jstatd has dependency on Security Manager which needs to be removed
- Resolved