From d4a95c2e37c375756f9829c7ec43a4785b99e2e2 Mon Sep 17 00:00:00 2001
From: Valery Kharseko <vharseko@3a-systems.ru>
Date: Thu, 11 Jun 2026 13:53:56 +0000
Subject: [PATCH] Fix JMX RMI connector startup failure introduced by CVE-2026-46495 hardening (#651)

---
 opendj-server-legacy/src/test/java/org/opends/server/protocols/jmx/RmiAuthenticatorTest.java |   22 ++++------------------
 1 files changed, 4 insertions(+), 18 deletions(-)

diff --git a/opendj-server-legacy/src/test/java/org/opends/server/protocols/jmx/RmiAuthenticatorTest.java b/opendj-server-legacy/src/test/java/org/opends/server/protocols/jmx/RmiAuthenticatorTest.java
index 6c7b5eb..7dce751 100644
--- a/opendj-server-legacy/src/test/java/org/opends/server/protocols/jmx/RmiAuthenticatorTest.java
+++ b/opendj-server-legacy/src/test/java/org/opends/server/protocols/jmx/RmiAuthenticatorTest.java
@@ -67,29 +67,15 @@
     Map<String, Object> env = new HashMap<>();
     RmiConnector.configureJmxDeserializationProtection(env);
 
-    assertEquals(env.get(RmiConnector.JMX_REMOTE_RMI_SERVER_CREDENTIAL_TYPES),
-        new String[] { String.class.getName(), String[].class.getName() });
     assertEquals(env.get(RmiConnector.JMX_REMOTE_RMI_SERVER_CREDENTIALS_FILTER_PATTERN),
         "maxdepth=3;maxarray=2;java.lang.String;!*");
     // The connector-wide filter must NOT be set, so legitimate JMX traffic
     // (MBean operations, notifications) is not affected by the allowlist.
     assertNull(env.get("jmx.remote.rmi.server.serial.filter.pattern"));
-  }
-
-  /** Verifies that each environment receives its own credential type array. */
-  @Test
-  public void credentialTypesAreDefensivelyCopied()
-  {
-    Map<String, Object> env = new HashMap<>();
-    RmiConnector.configureJmxDeserializationProtection(env);
-    String[] credentialTypes =
-        (String[]) env.get(RmiConnector.JMX_REMOTE_RMI_SERVER_CREDENTIAL_TYPES);
-    credentialTypes[0] = Date.class.getName();
-
-    Map<String, Object> env2 = new HashMap<>();
-    RmiConnector.configureJmxDeserializationProtection(env2);
-    assertEquals(((String[]) env2.get(RmiConnector.JMX_REMOTE_RMI_SERVER_CREDENTIAL_TYPES))[0],
-        String.class.getName());
+    // "jmx.remote.rmi.server.credential.types" is mutually exclusive with the
+    // credentials filter pattern: setting both prevents the connector from
+    // starting, so only the filter pattern must be configured.
+    assertNull(env.get("jmx.remote.rmi.server.credential.types"));
   }
 
   /** Verifies the configured filter allows only the expected credential payload. */

--
Gitblit v1.10.0