JDK 14 RFR of JDK-8231368: Suppress warnings on non-serializable non-transient instance fields in java.security.jgss
Joe Darcy
joe.darcy at oracle.com
Tue Oct 8 17:11:18 UTC 2019
Hi Sean,
Returning to this review....
On 9/26/2019 12:35 PM, Sean Mullan wrote:
> - Krb5Context.java
>
> 1394 @SuppressWarnings("serial") // Not statically typed as
> Serializable
> 1395 private final EncryptionKey key;
>
> EncryptionKey is Serializable (it derives from java.security.Key which
> is Serializable). I was wondering why we needed to suppress the
> warning here.
Taking a closer look, the field in question is of type
sun.security.krb5.EncryptionKey
which is *not* declared to be Serializable:
public class EncryptionKey
implements Cloneable {
In contrast, the javax.security.auth.kerberos.EncryptionKey class is
declared to be Serializable. Therefore, the @SuppressWarnings on the
field in the initial patch is needed.
If the patch looks good, I'll get this pushed.
Thanks,
-Joe
>
> --Sean
>
> On 9/23/19 8:15 PM, Joe Darcy wrote:
>> Hello,
>>
>> Another module, another review request as part of making serial
>> warnings more robust:
>>
>> JDK-8231368: Suppress warnings on non-serializable non-transient
>> instance fields in java.security.jgss
>> http://cr.openjdk.java.net/~darcy/8231368.0/
>>
>> (Related earlier review
>> https://mail.openjdk.java.net/pipermail/security-dev/2019-September/020672.html.)
>>
>>
>> In this latest review, I included a comment in KRBError.java that its
>> writeObject method uses a different encoding scheme.
>>
>> Thanks,
>>
>> -Joe
>>
More information about the security-dev
mailing list