RFR 9: 8165261: RMI API to export an object with a serialization filter
Daniel Fuchs
daniel.fuchs at oracle.com
Tue Sep 13 10:14:14 UTC 2016
Hi Roger,
On 12/09/16 21:42, Roger Riggs wrote:
> Please review an update to enable serialization filtering for exported
> RMI objects.
>
> Webrev:
> http://cr.openjdk.java.net/~rriggs/webrev-rmi-filter-8165261/
>
> Issue:
> https://bugs.openjdk.java.net/browse/JDK-8165261
>
> Thanks, Roger
>
In UnicastRemoteObject.java:
142 * <p>
143 * Exported remote objects receive method invocations from the stubs
144 * as described in the RMI specification. Each invocation's
operation and
145 * parameters are unmarshaled using a custom {@link
java.io.ObjectInputStream}.
146 * If an {@link ObjectInputFilter} is provided and is not {@code
null} when the object
147 * is exported, it is used to filter the parameters as they are
unmarshaled from the stream.
148 * The filter is used for all invocations and all parameters
regardless of
149 * the method being invoked or the parameter values.
150 * If no filter is provided or is {@code null} for the exported
object then the
151 * {@code ObjectInputStream} default filter, if any, is used. The
default filter is
152 * configured with {@link
ObjectInputFilter.Config#setSerialFilter(ObjectInputFilter)
153 * ObjectInputFilter.Config.setSerialFilter}.
Maybe this paragraph should say what happens when the filter
rejects a parameter - or at least hints that there are more
details to be found on the subject in ObjectInputFilter?
381 * @param filter an ObjectInputFilter applied when
deserializing invocation arguments;
382 * may be null
and:
408 * @param filter an ObjectInputFilter applied when
deserializing invocation arguments;
409 * may be null
=> {@link ObjectInputFilter} ... may be {@code null}
Otherwise looks good to me!
-- daniel
More information about the core-libs-dev
mailing list