RFR 9: 8165261: RMI API to export an object with a serialization filter

Roger Riggs Roger.Riggs at Oracle.com
Tue Sep 13 19:10:01 UTC 2016 

Hi Daniel,

Thanks for the review and comments...
Webrev updated in place.

On 9/13/2016 6:14 AM, Daniel Fuchs wrote:
> Hi Roger,
>
> On 12/09/16 21:42, Roger Riggs wrote:
>> Please review an update to enable serialization filtering for exported
>> RMI objects.
>>
>> Webrev:
>>    http://cr.openjdk.java.net/~rriggs/webrev-rmi-filter-8165261/
>>
>> Issue:
>>   https://bugs.openjdk.java.net/browse/JDK-8165261
>>
>> Thanks, Roger
>>
>
> In UnicastRemoteObject.java:
>
>  142  * <p>
>  143  * Exported remote objects receive method invocations from the stubs
>  144  * as described in the RMI specification. Each invocation's 
> operation and
>  145  * parameters are unmarshaled using a custom {@link 
> java.io.ObjectInputStream}.
>  146  * If an {@link ObjectInputFilter} is provided and is not {@code 
> null} when the object
>  147  * is exported, it is used to filter the parameters as they are 
> unmarshaled from the stream.
>  148  * The filter is used for all invocations and all parameters 
> regardless of
>  149  * the method being invoked or the parameter values.
>  150  * If no filter is provided or is {@code null} for the exported 
> object then the
>  151  * {@code ObjectInputStream} default filter, if any, is used. The 
> default filter is
>  152  * configured with {@link 
> ObjectInputFilter.Config#setSerialFilter(ObjectInputFilter)
>  153  * ObjectInputFilter.Config.setSerialFilter}.
>
> Maybe this paragraph should say what happens when the filter
> rejects a parameter - or at least hints that there are more
> details to be found on the subject in ObjectInputFilter?
It will be reported as any other IOException from ObjectInputStream; I 
added:

  * If the filter rejects any of the parameters, the {@code 
InvalidClassException}
  * thrown by {@code ObjectInputStream} is reported as the cause of an
  * {@link UnmarshalException}.

>
>
>  381      * @param filter an ObjectInputFilter applied when 
> deserializing invocation arguments;
>  382      *               may be null
> and:
>  408      * @param filter an ObjectInputFilter applied when 
> deserializing invocation arguments;
>  409      *               may be null
>
>
>  => {@link ObjectInputFilter} ... may be {@code null}
fixed.

Thanks, Roger
>
> Otherwise looks good to me!
>
> -- daniel
>

More information about the core-libs-dev mailing list