8318707: Remove the Java Management Extension (JMX) Management Applet (m-let) feature

Reviewed-by: sspitsyn, dfuchs

Author: kevinjwalls

src/java.management/share/classes/com/sun/jmx/defaults/JmxProperties.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,24 +44,14 @@ private JmxProperties() {
     //------------------------
 
     /**
-     * References the property that specifies the directory where
-     * the native libraries will be stored before the MLet Service
-     * loads them into memory.
+     * References the property that optionally specifies the class name
+     * of an alternative MBeanServerBuilder.
      * <p>
-     * Property Name: <B>jmx.mlet.library.dir</B>
+     * Property Name: <B>javax.management.builder.initial</B>
      */
     public static final String JMX_INITIAL_BUILDER =
             "javax.management.builder.initial";
 
-    /**
-     * References the property that specifies the directory where
-     * the native libraries will be stored before the MLet Service
-     * loads them into memory.
-     * <p>
-     * Property Name: <B>jmx.mlet.library.dir</B>
-     */
-    public static final String MLET_LIB_DIR = "jmx.mlet.library.dir";
-
     /**
      * References the property that specifies the full name of the JMX
      * specification implemented by this product.
@@ -122,18 +112,6 @@ private JmxProperties() {
     public static final Logger MBEANSERVER_LOGGER =
             System.getLogger(MBEANSERVER_LOGGER_NAME);
 
-    /**
-     * Logger name for MLet service information.
-     */
-    public static final String MLET_LOGGER_NAME =
-            "javax.management.mlet";
-
-    /**
-     * Logger for MLet service information.
-     */
-    public static final Logger MLET_LOGGER =
-            System.getLogger(MLET_LOGGER_NAME);
-
     /**
      * Logger name for Monitor information.
      */

src/java.management/share/classes/com/sun/jmx/defaults/ServiceName.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,14 +44,6 @@ private ServiceName() {
     public static final String DELEGATE =
         "JMImplementation:type=MBeanServerDelegate" ;
 
-    /**
-     * The default key properties for registering the class loader of the
-     * MLet service.
-     * <BR>
-     * The value is <CODE>type=MLet</CODE>.
-     */
-    public static final String MLET = "type=MLet";
-
     /**
      * The default domain.
      * <BR>

src/java.management/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -206,18 +206,6 @@ private Class<?> loadClass(final LoaderEntry list[],
                 if (MBEANSERVER_LOGGER.isLoggable(Level.TRACE)) {
                     MBEANSERVER_LOGGER.log(Level.TRACE, "Trying loader = " + cl);
                 }
-                /* We used to have a special case for "instanceof
-                   MLet" here, where we invoked the method
-                   loadClass(className, null) to prevent infinite
-                   recursion.  But the rule whereby the MLet only
-                   consults loaders that precede it in the CLR (via
-                   loadClassBefore) means that the recursion can't
-                   happen, and the test here caused some legitimate
-                   classloading to fail.  For example, if you have
-                   dependencies C->D->E with loaders {E D C} in the
-                   CLR in that order, you would expect to be able to
-                   load C.  The problem is that while resolving D, CLR
-                   delegation is disabled, so it can't find E.  */
                 return Class.forName(className, false, cl);
             } catch (ClassNotFoundException e) {
                 // OK: continue with next class

src/java.management/share/classes/com/sun/jmx/remote/security/MBeanServerAccessController.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -75,12 +75,11 @@
  * inappropriate.</p>
  *
  * <p>If there is no SecurityManager, then the access controller will refuse
- * to create an MBean that is a ClassLoader, which includes MLets, or to
- * execute the method addURL on an MBean that is an MLet. This prevents
+ * to create an MBean that is a ClassLoader.  This prevents
  * people from opening security holes unintentionally. Otherwise, it
  * would not be obvious that granting write access grants the ability to
  * download and execute arbitrary code in the target MBean server. Advanced
- * users who do want the ability to use MLets are presumably advanced enough
+ * users who do want an MBean which is a ClassLoader are presumably advanced enough
  * to handle policy files and security managers.</p>
  */
 public abstract class MBeanServerAccessController
@@ -468,7 +467,6 @@ public Object invoke(ObjectName name, String operationName,
         MBeanException,
         ReflectionException {
         checkWrite();
-        checkMLetMethods(name, operationName);
         return getMBeanServer().invoke(name, operationName, params, signature);
     }
 
@@ -620,49 +618,6 @@ private void checkClassLoader(Object object) {
                                         "manager is installed.");
     }
 
-    private void checkMLetMethods(ObjectName name, String operation)
-    throws InstanceNotFoundException {
-        // Check if security manager installed
-        @SuppressWarnings("removal")
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            return;
-        }
-        // Check for addURL and getMBeansFromURL methods
-        if (!operation.equals("addURL") &&
-                !operation.equals("getMBeansFromURL")) {
-            return;
-        }
-        // Check if MBean is instance of MLet
-        if (!getMBeanServer().isInstanceOf(name,
-                "javax.management.loading.MLet")) {
-            return;
-        }
-        // Throw security exception
-        if (operation.equals("addURL")) { // addURL
-            throw new SecurityException("Access denied! MLet method addURL " +
-                    "cannot be invoked unless a security manager is installed.");
-        } else { // getMBeansFromURL
-            // Whether or not calling getMBeansFromURL is allowed is controlled
-            // by the value of the "jmx.remote.x.mlet.allow.getMBeansFromURL"
-            // system property. If the value of this property is true, calling
-            // the MLet's getMBeansFromURL method is allowed. The default value
-            // for this property is false.
-            final String propName = "jmx.remote.x.mlet.allow.getMBeansFromURL";
-            GetPropertyAction propAction = new GetPropertyAction(propName);
-            @SuppressWarnings("removal")
-            String propValue = AccessController.doPrivileged(propAction);
-            boolean allowGetMBeansFromURL = "true".equalsIgnoreCase(propValue);
-            if (!allowGetMBeansFromURL) {
-                throw new SecurityException("Access denied! MLet method " +
-                        "getMBeansFromURL cannot be invoked unless a " +
-                        "security manager is installed or the system property " +
-                        "-Djmx.remote.x.mlet.allow.getMBeansFromURL=true " +
-                        "is specified.");
-            }
-        }
-    }
-
     //------------------
     // PRIVATE VARIABLES
     //------------------