RFR: 8278087: Deserialization filter and filter factory property error reporting under specified

Roger Riggs rriggs at openjdk.java.net
Mon Dec 6 16:08:15 UTC 2021 

On Mon, 6 Dec 2021 04:27:30 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:

>> The effects of invalid values of `jdk.serialFilter` and `jdk.serialFilterFactory` properties are 
>> incompletely specified. The behavior for invalid values of the properties is different and
>> use an unconventional exception type, `ExceptionInInitializerError` and leave the `OIF.Config` class
>> uninitialized. 
>> 
>> The exceptions in the `ObjectInputFilter.Config` class initialization caused by invalid values of the two properties, 
>> either by system properties supplied on the command line or security properties are logged.
>> The `Config` class marks either or both the filter and filter factory values as unusable
>> and remembers the exception message.
>> 
>> Subsequent calls to the methods that get or set the filter or filter factory or create 
>> an `ObjectInputStream` throw `java.lang.IllegalStateException` with the remembered exception message.
>> Constructing an `ObjectInputStream` calls both `Config.getSerialFilter` and `Config.getSerialFilterFactory`.
>> The nature of the invalid property is reported as an `IllegalStateException` on first use.
>> 
>> This PR supercedes https://github.com/openjdk/jdk/pull/6508 Document that setting an invalid property jdk.serialFilter disables deserialization
>
> src/java.base/share/classes/java/io/ObjectInputFilter.java line 527:
> 
>> 525:      * The filter is created as if {@link #createFilter(String) createFilter} is called,
>> 526:      * if the filter string is invalid the initialization fails and subsequent attempts to
>> 527:      * {@linkplain Config#getSerialFilter() get the filter}, {@link Config#setSerialFilter set a filter},
> 
>> {@link Config#setSerialFilter set a filter}
> 
> Should this instead be "{@link Config#setSerialFilter(ObjectInputFilter)  set a filter}" i.e. include the param as part of the `@link`, like in other places?

I intended to use @linkplain, using prose with a link is more readable then a sentence broken up with full method references.

-------------

PR: https://git.openjdk.java.net/jdk/pull/6645

More information about the core-libs-dev mailing list