RFR: 8278087: Deserialization filter and filter factory property error reporting under specified [v2]

Roger Riggs rriggs at openjdk.java.net
Mon Dec 6 16:59:41 UTC 2021 

> The effects of invalid values of `jdk.serialFilter` and `jdk.serialFilterFactory` properties are 
> incompletely specified. The behavior for invalid values of the properties is different and
> use an unconventional exception type, `ExceptionInInitializerError` and leave the `OIF.Config` class
> uninitialized. 
> 
> The exceptions in the `ObjectInputFilter.Config` class initialization caused by invalid values of the two properties, 
> either by system properties supplied on the command line or security properties are logged.
> The `Config` class marks either or both the filter and filter factory values as unusable
> and remembers the exception message.
> 
> Subsequent calls to the methods that get or set the filter or filter factory or create 
> an `ObjectInputStream` throw `java.lang.IllegalStateException` with the remembered exception message.
> Constructing an `ObjectInputStream` calls both `Config.getSerialFilter` and `Config.getSerialFilterFactory`.
> The nature of the invalid property is reported as an `IllegalStateException` on first use.
> 
> This PR supercedes https://github.com/openjdk/jdk/pull/6508 Document that setting an invalid property jdk.serialFilter disables deserialization

Roger Riggs has updated the pull request incrementally with one additional commit since the last revision:

  Address review comments to consistently identify security property names
  and use the correct bug number in the test.

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/6645/files
  - new: https://git.openjdk.java.net/jdk/pull/6645/files/4dec7f48..52ab7b5b

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=6645&range=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=6645&range=00-01

  Stats: 13 lines in 2 files changed: 3 ins; 4 del; 6 mod
  Patch: https://git.openjdk.java.net/jdk/pull/6645.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/6645/head:pull/6645

PR: https://git.openjdk.java.net/jdk/pull/6645

More information about the core-libs-dev mailing list