Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6366543

A valid MBean is rejected as NotCompliant when some security is in use

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Duplicate
    • Affects Version/s: 6
    • Fix Version/s: 6
    • Component/s: core-svc
    • Labels:

      Description

      As of Mustang b64.
      Attached code allows you to reproduce easily.
      The scenario is about an MBeanServer where we register two standard MBeans.
      The first MBean (UnDescribed) does not make use of the DescriptorKey annotation.
      The second MBean (Described) has exactly the same management interface and makes use of the DescriptorKey annotation.

      We run that code once without any security in the picture; all goes pretty well.

      % java6 -classpath lib/defect.jar sqe.Defect

      We register an MBean where DescriptorKey is not used at all

      OK - The MBean defaultDomain:class=UnDescribed is registered = true

      We register an MBean with exactly the same management interface as above and where DescriptorKey is used.

      OK - The MBean defaultDomain:class=UnDescribed is registered = true

      Now we run that code with a security manager and a policy file.
      As you see below, the first MBean is still registered fine (then the security settings are fine) but the second MBean is rejected as NotCompliant.

      % java6 -classpath lib/defect.jar -Dtests.codeBase=lib/defect.jar -Djava.security.manager -Djava.security.policy==java.policy.codeBase sqe.Defect

      We register an MBean where DescriptorKey is not used at all

      OK - The MBean defaultDomain:class=UnDescribed is registered = true

      We register an MBean with exactly the same management interface as above and where DescriptorKey is used.

      ARRGH ...
      javax.management.NotCompliantMBeanException: Not compliant
      at com.sun.jmx.mbeanserver.Introspector.makeDynamicMBean(Introspector.java:194)
      at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerObject(DefaultMBeanServerInterceptor.java:915)
      at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerMBean(DefaultMBeanServerInterceptor.java:312)
      at com.sun.jmx.mbeanserver.JmxMBeanServer.registerMBean(JmxMBeanServer.java:482)
      at sqe.Defect.run(Defect.java:41)
      at sqe.Defect.main(Defect.java:23)

      Extra security checking should not make an MBean NotCompliant.
      Perhaps the use of DescriptorKey implies extra permissions into the policy file but then it might be documented somewhere.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dfuchs Daniel Fuchs
                Reporter:
                yjoan Yves Joan (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: