[jdk17] RFR: JDK-8268826: Cleanup Override in Context-Specific Deserialization Filters [v4]
Roger Riggs
rriggs at openjdk.java.net
Thu Jun 24 14:16:27 UTC 2021
On Thu, 24 Jun 2021 09:11:12 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> Roger Riggs has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Improve exception cases and messages when the jdk.serialFilterFactory
>> is misconfigured and test those faults.
>> Fix typo in java.security-extra-factory test config
>
> src/java.base/share/classes/java/io/ObjectInputFilter.java line 643:
>
>> 641: } catch (RuntimeException re) {
>> 642: configLog.log(ERROR,
>> 643: "Error configuring filter: {0}", re);
>
> You should either remove "{0}" from the string, or cast re to `Object` - as there is an overridden log method that takes a Throwable. If you want to display the exception stack trace, just call:
>
>
> configLog.log(ERROR, "Error configuring filter", re);
>
>
> If you don't want to display the stack trace, call:
>
>
> configLog.log(ERROR, "Error configuring filter: {0}", (Object)re);
Hard to spot that mis-use.
Also observed that if the jdk.serialFilter is ill formed (IAE), it gets logged but should also rethrow
the exception to prevent continuing without an expected filter.
-------------
PR: https://git.openjdk.java.net/jdk17/pull/85
More information about the core-libs-dev
mailing list