Merge pull request #1209 from smillidge/PAYARA-1214

PAYARA-1214 restrict acceptable JMX credential types

nucleus/common/mbeanserver/src/main/java/org/glassfish/admin/mbeanserver/JMXMPConnectorStarter.java

@@ -37,10 +37,10 @@
  * only if the new code is made subject to such option by the copyright
  * holder.
  */
+// Portions Copyright [2016] [Payara Foundation and/or its affiliates]
 
 package org.glassfish.admin.mbeanserver;
 
-import org.glassfish.grizzly.config.dom.Ssl;
 import org.glassfish.hk2.api.ServiceLocator;
 
 import javax.management.MBeanServer;
@@ -120,6 +120,10 @@ private JMXConnectorServer startJMXMPConnectorServer(final int port)
         final Map<String, Object> env = new HashMap<String, Object>();
         env.put("jmx.remote.protocol.provider.pkgs", "com.sun.jmx.remote.protocol");
         env.put("jmx.remote.protocol.provider.class.loader", this.getClass().getClassLoader());
+        env.put("jmx.remote.rmi.server.credential.types", new String[] {
+                    String[].class.getName(),
+                    String.class.getName() });        
+
         JMXAuthenticator authenticator = getAccessController();
         if (authenticator != null)
         {