[12] RFR 8193859: Allow user provided ObjectInputFilter in SealedObject and SignedObject

[Weijun Wang]

> On Aug 21, 2018, at 2:06 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> The SealedObjectFilter and SignedObjectFilter tests are almost the same, maybe they should be combined?

I had thought about it but SignedObjectFilter.java is in jdk_security2 and SealedObjectFilter.java is in jdk_security1. I'm afraid that someone only run one of them might  miss the chance to catch possible errors.

> Also, can you add a test to check that a SecurityException is thrown when an SM is enabled and the SerializablePermission("serialFilter") has not been granted?

OK.

> 
> - SignedObject
> 
>  69  * called, the {@link ObjectInputFilter.Config#getSerialFilter()
>  70  * system filter} is used instead.
> 
> "used instead" sounds like the getSerialFilter method returns the object. Suggest being more specific and saying something like:
> 
> "the {@link ObjectInputFilter.Config#getSerialFilter()
> system filter} is called to validate the object before it is returned."
> 
> - SealedObject
> 
>  92  * is called, the {@link ObjectInputFilter.Config#getSerialFilter()
>  93  * system filter} is used instead.
> 
> Same comment as above on the wording.

I'll make the change as you suggested.

Thanks
Max

> 
> --Sean
> 
> On 8/17/18 10:56 AM, Weijun Wang wrote:
>> Please take a review at the updated webrev at
>>    http://cr.openjdk.java.net/~weijun/8193859/webrev.01
>> Changes only in doc, including
>> 1) The "2018-8-15 updates" in the CSR [1]
>> 2) formatting
>> Thanks
>> Max
>> [1] https://bugs.openjdk.java.net/browse/JDK-8193887
>>> On Aug 14, 2018, at 11:19 PM, Roger Riggs <Roger.Riggs at Oracle.com> wrote:
>>> 
>>> Hi,
>>> 
>>> On 8/14/2018 10:59 AM, Weijun Wang wrote:
>>>> 
>>>> s/initial process-wide filter/system filter/?
>>> 
>>> yes
>>> 
>>> Roger
>>> 
>>>> 
>>>> --Max
>>>> 
>>>>> [1]    8202675  Replace process-wide terminology in serial filtering to be consistent
>>>>> 
>>>>> Regards, Roger
>>>>> 
>>>> 
>>>