Roger,
On 14/09/16 10:46, Chris Hegarty wrote:
On 08/09/16 20:09, Roger Riggs wrote:
...
This looks very good Roger, just a few comments:
1) The pattern separator in the java.security file should be ';'
Right?
925 #jdk.serialFilter=pattern,pattern
^^^
Strike this, it seems to have been fixed in the most recent version.
2) A question on the excepted usage. During the initialization of
OIS the process-wide filter is cached in an instance field,
'serialFilter'. A subsequent change to the process-wide filter
will not affect the OIS instance. I think this is ok, just
checking the expected usage, as the example in the OIF class
description reads the process-wide filter ever time. Maybe
the example should be changed slightly to no promote this type
of usage? Maybe just remove the call to getSerialFilter?
3) Are third-party OIS implementations required, or expected, to
"callback" to the filter? The spec, of course, would appear to
allow it, but not require it? Just wondering if this is required,
or not, as it is not clear to me.
One more additional comment:
4) Since filtering is not controlled by the Security Manager,
does it make sense for its configuration to live in the
java.security file?
-Chris.
-Chris.
SpecDiff:
http://cr.openjdk.java.net/~rriggs/filter-diffs/overview-summary.html
Javadoc (subset)
http://cr.openjdk.java.net/~rriggs/filter-javadoc/java/io/ObjectInputStream.html
http://cr.openjdk.java.net/~rriggs/filter-javadoc/java/io/ObjectInputFilter.html
http://cr.openjdk.java.net/~rriggs/filter-javadoc/java/io/SerializablePermission.html
Thanks, Roger