On 8/20/18 11:06 PM, Weijun Wang wrote:
That said, I think "before it is returned" is useful. How about this?
* In this example, an {@link ObjectInputFilter} is used during
* deserialization of the original object before it is returned. If {@link
#getObject()} is
* called, the {@link ObjectInputFilter.Config#getSerialFilter()
* system filter} is used instead.
Better, but I might be a bit more specific about the purpose of the
filter. How about:
"In this example, an {@link ObjectInputFilter} is passed in to {@link
#getObject(ObjectInputFilter)} and used during deserialization to
validate the contents of the object before it is returned. If {@link
#getObject()} is called, the {@link
ObjectInputFilter.Config#getSerialFilter()
system filter} is used instead.
Also, I think the specification of the getObject() method should be
updated to say that the system filter is used to validate the
deserialized object. I realize that this was a previous side-effect of
adding the system filter and not part of this change, but this did
change the behavior of this method, so I think it should be added to the
specification while you are making changes. The CSR will also need to be
updated with this change.
--Sean
