[12] RFR 8193859: Allow user provided ObjectInputFilter in SealedObject and SignedObject
Sean Mullan
sean.mullan at oracle.com
Mon Aug 20 18:06:52 UTC 2018
The SealedObjectFilter and SignedObjectFilter tests are almost the same,
maybe they should be combined? Also, can you add a test to check that a
SecurityException is thrown when an SM is enabled and the
SerializablePermission("serialFilter") has not been granted?
- SignedObject
69 * called, the {@link ObjectInputFilter.Config#getSerialFilter()
70 * system filter} is used instead.
"used instead" sounds like the getSerialFilter method returns the
object. Suggest being more specific and saying something like:
"the {@link ObjectInputFilter.Config#getSerialFilter()
system filter} is called to validate the object before it is returned."
- SealedObject
92 * is called, the {@link ObjectInputFilter.Config#getSerialFilter()
93 * system filter} is used instead.
Same comment as above on the wording.
--Sean
On 8/17/18 10:56 AM, Weijun Wang wrote:
> Please take a review at the updated webrev at
>
> http://cr.openjdk.java.net/~weijun/8193859/webrev.01
>
> Changes only in doc, including
>
> 1) The "2018-8-15 updates" in the CSR [1]
>
> 2) formatting
>
> Thanks
> Max
>
> [1] https://bugs.openjdk.java.net/browse/JDK-8193887
>
>> On Aug 14, 2018, at 11:19 PM, Roger Riggs <Roger.Riggs at Oracle.com> wrote:
>>
>> Hi,
>>
>> On 8/14/2018 10:59 AM, Weijun Wang wrote:
>>>
>>> s/initial process-wide filter/system filter/?
>>
>> yes
>>
>> Roger
>>
>>>
>>> --Max
>>>
>>>> [1] 8202675 Replace process-wide terminology in serial filtering to be consistent
>>>>
>>>> Regards, Roger
>>>>
>>>
>>
>
More information about the security-dev
mailing list