The FlightRecorderMXBean allows users to interact with JFR remotely. One operation is to get event settings, for example, enablement and thresholds, so a client can't configure JFR from another machine. The information is stored in the class EventTypeInfo and it has a method call getSettingDescriptors() where user can find out which settings an event has.
Problem is that the deserialization from CompositeData to EventTypeInfo is incorrect. The attribute the deserization method EventTypeInfo::from(CompsoiteData) looks for is "settings", but it should be settingDescriptors.
This has gone unnoticed because JMC looks up attributes reflectively and the engineers that implemented remote configuration took the attribute they saw (settingDescriptors). The bug also managed to avoid unit tests, because the test jdk.jfr.jmx.info.TestEventTypeInfo used the Platform MBeanServer directly, where objects are returned without serialization over CompositeData, instead of setting up a remote MBeanServerConnection.
The bug was found when it was noticed that the method EventTypeInfo::from(Compositedata) lacked test coverage.
Looking at the Javadoc spec., it says the attribute name should be settings. Given that the method doesn't work today, I think it is reasonable to change the spec. to be 'settingDescriptors', but also accept "settings" in the unlikely case some code depends on it. Changing the method name of getSettingDescriptors() to getSettings() will be much more disruptive to JMC and programmatic use.
A similar problem exists for the attribute category, which should be categoryNames
Problem is that the deserialization from CompositeData to EventTypeInfo is incorrect. The attribute the deserization method EventTypeInfo::from(CompsoiteData) looks for is "settings", but it should be settingDescriptors.
This has gone unnoticed because JMC looks up attributes reflectively and the engineers that implemented remote configuration took the attribute they saw (settingDescriptors). The bug also managed to avoid unit tests, because the test jdk.jfr.jmx.info.TestEventTypeInfo used the Platform MBeanServer directly, where objects are returned without serialization over CompositeData, instead of setting up a remote MBeanServerConnection.
The bug was found when it was noticed that the method EventTypeInfo::from(Compositedata) lacked test coverage.
Looking at the Javadoc spec., it says the attribute name should be settings. Given that the method doesn't work today, I think it is reasonable to change the spec. to be 'settingDescriptors', but also accept "settings" in the unlikely case some code depends on it. Changing the method name of getSettingDescriptors() to getSettings() will be much more disruptive to JMC and programmatic use.
A similar problem exists for the attribute category, which should be categoryNames
- csr for
-
JDK-8308877 JFR: Deserialization of EventTypeInfo uses incorrect attribute names
-
- Closed
-