@@ -26,26 +26,11 @@ The filter should (ideally) only allow java.lang.String and disallow all other c
2626
2727<p >The key-value pair can be set as following:</p >
2828
29- <code >
30- String stringsOnlyFilter = "java.lang.String;!*"; // Deny everything but java.lang.String
31-
32- Map< String, Object> env = new HashMap< String, Object> ;
33- env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN, stringsOnlyFilter);
34- </code >
29+ <sample src =" example_filter_java_10.java"
3530
3631<p >For applications using Java 6u113 to 9:</p >
3732
38- <code >
39- // This is deprecated in Java 10+ !
40- Map< String, Object> env = new HashMap< String, Object> ;
41- env.put (
42- "jmx.remote.rmi.server.credential.types",
43- new String[]{
44- String[].class.getName(),
45- String.class.getName()
46- }
47- );
48- </code >
33+ <sample src =" example_filter_java_9.java"
4934
5035<p >Please note that the JMX-RMI service is vulnerable in the default configuration.
5136For this reason an initialization with a <code >null</code > environment is also vulnerable.</p >
@@ -56,11 +41,11 @@ For this reason an initialization with a <code>null</code> environment is also v
5641
5742<p >The first example shows how an JMX server is initialized securely with the <code >JMXConnectorServerFactory.newJMXConnectorServer()</code > call.</p >
5843
59- <sample src =" CorrectJmxInitialisation .java"
44+ <sample src =" CorrectJMXConnectorServerFactoryEnvironmentInitialisation .java"
6045
6146<p >The second example shows how a JMX Server is initialized securely if the <code >RMIConnectorServer</code > class is used.</p >
6247
63- <sample src =" CorrectRmiInitialisation .java"
48+ <sample src =" CorrectRMIConnectorServerEnvironmentInitalisation .java"
6449
6550</example >
6651
0 commit comments