File tomcat-8.0.32-CVE-2016-8735.patch of Package tomcat.4188

Index: java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java	(date 1454441552000)
+++ java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java	(revision )
@@ -264,6 +264,10 @@
                 serverCsf = new RmiClientLocalhostSocketFactory(serverCsf);
             }
 
+            env.put("jmx.remote.rmi.server.credential.types", new String[] {
+                    String[].class.getName(),
+                    String.class.getName() });
+
             // Populate the env properties used to create the server
             if (serverCsf != null) {
                 env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, serverCsf);
@@ -328,7 +332,7 @@
             cs = new RMIConnectorServer(serviceUrl, theEnv, server,
                     ManagementFactory.getPlatformMBeanServer());
             cs.start();
-            registry.bind("jmxrmi", server);
+            registry.bind("jmxrmi", server.toStub());
             log.info(sm.getString("jmxRemoteLifecycleListener.start",
                     Integer.toString(theRmiRegistryPort),
                     Integer.toString(theRmiServerPort), serverName));