[12] RFR 8193859: Allow user provided ObjectInputFilter in SealedObject and SignedObject

[Sean Mullan]

One thing I am curious about. Is there a reason why 
getObject(ObjectInputFilter) requires a permission check?

In this case, the caller is the one creating the filter and passing it 
in, so the caller can only cause harm to themselves, and the 
ObjectInputStream is a local variable which is not returned. This method 
also does not mutate the contents of the SignedObject (or SealedObject) 
... so I don't see the risk here. I think you can just wrap 
ObjectInputStream.setObjectInputFilter in doPrivileged.

--Sean

On 8/22/18 2:37 AM, Weijun Wang wrote:
> Updated webrev at
> 
>     http://cr.openjdk.java.net/~weijun/8193859/webrev.02/
> 
> Changes:
> 
> 1) More spec change
> 
>     - describing the filter in class spec
> 
>     - mentioning the system filter in existing getObject() methods
> 
>     - add "@throws InvalidClassException" to all getObject() methods
> 
> 2) More test cases
> 
>     - check SecurityException when a security manager is set
> 
>     - set the system filter to see how existing getObject() works
> 
> The 2 tests are very similar but they belong to jdk_security1 and jdk_security2. Therefore I haven't combined them.
> 
> Thanks
> Max
> 
>> On Aug 17, 2018, at 10:56 PM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>
>> Please take a review at the updated webrev at
>>
>>    http://cr.openjdk.java.net/~weijun/8193859/webrev.01
>>
>> Changes only in doc, including
>>
>> 1) The "2018-8-15 updates" in the CSR [1]
>>
>> 2) formatting
>>
>> Thanks
>> Max
>>
>> [1] https://bugs.openjdk.java.net/browse/JDK-8193887
>>
>>> On Aug 14, 2018, at 11:19 PM, Roger Riggs <Roger.Riggs at Oracle.com> wrote:
>>>
>>> Hi,
>>>
>>> On 8/14/2018 10:59 AM, Weijun Wang wrote:
>>>>
>>>> s/initial process-wide filter/system filter/?
>>>
>>> yes
>>>
>>> Roger
>>>
>>>>
>>>> --Max
>>>>
>>>>> [1]    8202675  Replace process-wide terminology in serial filtering to be consistent
>>>>>
>>>>> Regards, Roger
>>>>>
>>>>
>>>
>>
>