The effects of invalid values of `jdk.serialFilter` and 
`jdk.serialFilterFactory` properties are 
incompletely specified. The behavior for invalid values of the properties is 
different and
use an unconventional exception type, `ExceptionInInitializerError` and leave 
the `OIF.Config` class
uninitialized. 

The exceptions in the `ObjectInputFilter.Config` class initialization caused by 
invalid values of the two properties, 
either by system properties supplied on the command line or security properties 
are logged.
The `Config` class marks either or both the filter and filter factory values as 
unusable
and remembers the exception message.

Subsequent calls to the methods that get or set the filter or filter factory or 
create 
an `ObjectInputStream` throw `java.lang.IllegalStateException` with the 
remembered exception message.
Constructing an `ObjectInputStream` calls both `Config.getSerialFilter` and 
`Config.getSerialFilterFactory`.
The nature of the invalid property is reported as an `IllegalStateException` on 
first use.

This PR supercedes https://github.com/openjdk/jdk/pull/6508 Document that 
setting an invalid property jdk.serialFilter disables deserialization

-------------

Commit messages:
 - 8278087: Redesign exceptions thrown for invalid jdk.serialFilter and 
jdk.serialFilterFactory.

Changes: https://git.openjdk.java.net/jdk/pull/6645/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=6645&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8278087
  Stats: 218 lines in 4 files changed: 137 ins; 15 del; 66 mod
  Patch: https://git.openjdk.java.net/jdk/pull/6645.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/6645/head:pull/6645

PR: https://git.openjdk.java.net/jdk/pull/6645

Reply via email to