RFR: 8264859: Implement Context-Specific Deserialization Filters [v3]
Roger Riggs
rriggs at openjdk.java.net
Fri May 21 17:27:58 UTC 2021
On Fri, 21 May 2021 16:25:58 GMT, Chris Hegarty <chegar at openjdk.org> wrote:
>> Roger Riggs has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Simplify factory interface to BinaryOperator<ObjectInputFilter> and cleanup the example
>
> src/java.base/share/classes/java/io/ObjectInputFilter.java line 559:
>
>> 557: * Returns the static JVM-wide deserialization filter or {@code null} if not configured.
>> 558: *
>> 559: * @return the static JVM-wide deserialization filter or {@code null} if not configured
>
> Is "static" significant here? Can it be dropped? I fine myself questioning if the "static JVM-wide" and "JVM-wide" are two different filters. If we do this then we have just two terms: 1) the "JVM-wide deserialization filter" and 2) the "JVM-wide deserialization filter factory".
>
> Additionally, can you please check all occurrence of these, to ensure that they are used consistently in all parts of the spec. I think I see serial/serialization (without the "de" ) used in a few places.
The static is intended to distinguish that single filter from the others. The static vs current distinction is part of JEP 290 from which this evolved. The migration to "de-serialization" from the previous "serialization" is as yet incomplete.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3996
More information about the core-libs-dev
mailing list