Built-in Filters
The Java Remote Method Invocation (RMI) Registry, the RMI Distributed Garbage Collector, and Java Management Extensions (JMX) all have filters that are included in the JDK. You should specify your own filters for the RMI Registry and the RMI Distributed Garbage Collector to add additional protection.
Filters for RMI Registry
Note:
Use these built-in filters as starting points only. Edit thesun.rmi.registry.registryFilter
system property to configure reject-lists and/or
extend the allow-list to add additional protection
for the RMI Registry. To protect the whole
application, add the patterns to the
jdk.serialFilter
global system
property to increase protection for other
serialization users that do not have their own
custom filters.
The RMI Registry has a built-in allow-list filter that allows objects to be bound in
the registry. It includes instances of the java.rmi.Remote
,
java.lang.Number
, java.lang.reflect.Proxy
,
java.rmi.server.UnicastRef
,
java.rmi.server.UID
,
java.rmi.server.RMIClientSocketFactory
, and
java.rmi.server.RMIServerSocketFactory
classes.
maxarray=1000000;maxdepth=20
Supersede the built-in filter by defining a filter using the sun.rmi.registry.registryFilter
system property with a pattern. If the filter that you define either accepts classes passed to the filter, or rejects classes or sizes, the built-in filter is not invoked. If your filter does not accept or reject anything, the built-filter is invoked.
Filters for RMI Distributed Garbage Collector
Note:
Use these built-in filters as starting points only. Edit thesun.rmi.transport.dgcFilter
system property to configure reject-lists and/or
extend the allow-list to add additional protection
for Distributed Garbage Collector. To protect the
whole application, add the patterns to the
jdk.serialFilter
global system
property to increase protection for other
serialization users that do not have their own
custom filters.
The RMI Distributed Garbage Collector has a built-in allow-list filter that accepts
a limited set of classes. It includes instances of
the java.rmi.server.ObjID
,
java.rmi.server.UID
,
java.rmi.dgc.VMID
, and
java.rmi.dgc.Lease
classes.
The built-in filter includes size limits:
maxarray=1000000;maxdepth=20
Supersede the built-in filter by defining a filter using the sun.rmi.transport.dgcFilter
system property with a pattern. If the filter accepts classes passed to the filter, or rejects classes or sizes, the built-in filter is not invoked. If the superseding filter does not accept or reject anything, the built-filter is invoked.
Filters for JMX
Note:
Use these built-in filters as starting points only. Edit thecom.sun.management.jmxremote.serial.filter.pattern
management
property to configure reject-lists and/or extend the allow-list to add additional
protection for JMX. To protect the whole application, add the patterns to the
jdk.serialFilter
global system property to increase protection
for other serialization users that do not have their own custom filters.
JMX has a built-in filter to limit a set of classes allowed to be sent as
a deserializing parameters over RMI to the server. The filter's pattern must include
the types that are allowed to be sent as parameters over RMI to the server and all
types that they depend on, plus javax.management.ObjectName
and
java.rmi.MarshalledObject
types. The default filter covers any
type that Open MBeans and MXBeans might use. Applications that register their own
MBeans in the platform MBean server may need to extend the filter to support any
additional types that their MBeans accept as parameters. Specify the filter's
pattern with the com.sun.management.jmxremote.serial.filter.pattern
management property in the $JAVA_HOME/conf/management/management.properties
file. You
can override the value of this property with the java
command-line
option -Dcom.sun.management.jmxremote.serial.filter.pattern=<pattern>
.