JDK-8279891 : jstatd has dependency on Security Manager which needs to be removed
  • Type: CSR
  • Component: core-svc
  • Sub-Component: tools
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 19
  • Submitted: 2022-01-11
  • Updated: 2022-01-19
  • Resolved: 2022-01-19
Related Reports
CSR :  
JDK-8272317 - jstatd has dependency on Security Manager which needs to be removed
Description
Summary
-------

Use of the Security Manager and policy file in jstatd is to be discontinued.  This is to prepare for the Security Manager no longer being available (JEP411).


Problem
-------

The Security Manager is deprecated for removal (JEP411), all code which depends on it needs to be updated.


Solution
--------

jstatd should no longer create a Security Manager, and as RMI is used it should use an ObjectInputFilter to permit only the essential classes.

jstatd is still labelled as experimental.

Specification
-------------

Documentation (man page) changes:

Remove the mention of installing a Security Manager, and all mention of a policy file, from the text and example commands.

In the Security section of the documentation, add:

    As RMI is in use, the jstatd server uses an ObjectInputFilter to allow only
    essential classes to be deserialized.


The main part of the code change is in the attached file jstatd_8272317_change.txt and the updated man page is attached as file jstatd.man.txt

Full code changes are in the PR, which includes minor makefile and test updates.
https://github.com/openjdk/jdk/pull/6919/
Comments
Moving to Approved.
19-01-2022