Explicit Serialization API and Security
David M. Lloyd
david.lloyd at redhat.com
Mon Jan 12 15:26:43 UTC 2015
On 01/12/2015 05:51 AM, Chris Hegarty wrote:
>
> On 08/01/15 22:03, David M. Lloyd wrote:
>
>>> ....
>>>> private static void validate(GetField fields) {
>>>> if (fields.getInt("lo") > fields.getInt("hi")) { ... }
>>>> }
>
>> ...
>> In fact you cannot validate invariants across multiple objects at all
>> using this method *or* readObject() (existing or enhanced) unless the
>> object in question is an enum, Class, or String (and a few other special
>> cases) because you can't rely on initialization order during
>> deserialization. That's the very reason why OIS#registerValidation()
>> even exists - inter-object validation is not possible until after the
>> root-most readObject has completed, which is the time when validations
>> are executed. Robust validation of a given object class may require two
>> stages - "near" validation and "spanning" validation - to fully
>> validate. However the readObject() approach and its proposed variations
>> (including the static validate() version) can still be useful for
>> fail-fast and non-complex validations; you just have to understand that
>> (just as today) any Object you examine might not be fully initialized
>> yet.
>
>
> If I may, I'd like to build a little on this proposal:
>
> 1) Specify that validate is called down the hierarchy, from
> j.l.Object.
>
> 2) Provide access to persistent supertype's fields, so they can
> participate in the validation.
>
> public static abstract class GetField {
> ....
>
> /**
> * Returns the persistent fields of the supertype, read from
> * the stream, or null if the the supertype is not Serializable.
> */
> public abstract GetField superTypeFields();
> }
Maybe limited to accessible fields?
--
- DML
More information about the core-libs-dev
mailing list