[karaf] 01/02: Revert "[KARAF-7312] Add JMX credentials filter pattern support on the RMI"

Mon, 10 Jan 2022 12:28:23 -0800 

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch karaf-4.2.x
in repository https://gitbox.apache.org/repos/asf/karaf.git

commit c4ad84ad2708c5faa88cc3098e0b37a1a4307a28
Author: Jean-Baptiste Onofré <jbono...@apache.org>
AuthorDate: Mon Jan 10 21:27:32 2022 +0100

    Revert "[KARAF-7312] Add JMX credentials filter pattern support on the RMI"
    
    This reverts commit 72f446e5a0ffda2929f113acfc76493ab478264a.
---
 assemblies/features/standard/src/main/feature/feature.xml           | 5 -----
 .../main/java/org/apache/karaf/management/internal/Activator.java   | 6 ------
 2 files changed, 11 deletions(-)

diff --git a/assemblies/features/standard/src/main/feature/feature.xml 
b/assemblies/features/standard/src/main/feature/feature.xml
index c9d6ff3..e7ea86c 100644
--- a/assemblies/features/standard/src/main/feature/feature.xml
+++ b/assemblies/features/standard/src/main/feature/feature.xml
@@ -1369,11 +1369,6 @@ jmxmpObjectName = connector:name=jmxmp
 # Locate an existing MBean server if possible (usefull when Karaf is embedded)
 #
 #locateExistingMBeanServerIfPossible = true
-
-#
-# Enforce credentials filter pattern to avoid deserialization
-#
-#jmx.remote.rmi.server.credentials.filter.pattern=java.lang.String;!*
         </config>
         <feature>jaas</feature>
         <bundle dependency="true" 
start-level="20">mvn:org.apache.aries/org.apache.aries.util/${aries.util.version}</bundle>
diff --git 
a/management/server/src/main/java/org/apache/karaf/management/internal/Activator.java
 
b/management/server/src/main/java/org/apache/karaf/management/internal/Activator.java
index 2b5861b..c4f1a21 100644
--- 
a/management/server/src/main/java/org/apache/karaf/management/internal/Activator.java
+++ 
b/management/server/src/main/java/org/apache/karaf/management/internal/Activator.java
@@ -21,7 +21,6 @@ import java.util.Map;
 
 import javax.management.MBeanServer;
 import javax.management.ObjectName;
-import javax.management.remote.rmi.RMIConnectorServer;
 
 import org.apache.karaf.jaas.config.KeystoreInstance;
 import org.apache.karaf.jaas.config.KeystoreManager;
@@ -110,10 +109,6 @@ public class Activator extends BaseActivator implements 
ManagedService {
         originalRmiServerHostname = 
System.getProperty("java.rmi.server.hostname");
         System.setProperty("java.rmi.server.hostname", rmiServerHost);
 
-        // https://issues.apache.org/jira/browse/KARAF-7312
-        // security enforcement using credentials filter pattern, passed via 
environment map
-        String credentialsFilterPattern = 
getString(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN, String.class.getName() 
+ ";!*");
-
         String jmxRealm = getString("jmxRealm", "karaf");
         String serviceUrl = getString("serviceUrl",
                 "service:jmx:rmi://" + rmiServerHost + ":" + rmiServerPort + 
"/jndi/rmi://" + rmiRegistryHost + ":" + rmiRegistryPort + "/karaf-" + 
System.getProperty("karaf.name"));
@@ -175,7 +170,6 @@ public class Activator extends BaseActivator implements 
ManagedService {
         jmxmpEnvironment.put("jmx.remote.sasl.callback.handler", 
jaasAuthenticator);
         Map<String, Object> environment = new HashMap<>();
         environment.put("jmx.remote.authenticator", jaasAuthenticator);
-        environment.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN, 
credentialsFilterPattern);
         try {
             connectorServerFactory.setEnvironment(environment);
             connectorServerFactory.setJmxmpEnvironment(jmxmpEnvironment);

Reply via email to