JDK 14 RFR of JDK-8231262: Suppress warnings on non-serializable instance fields in security libs serializable classes
Sean Mullan
sean.mullan at oracle.com
Mon Sep 23 19:19:46 UTC 2019
Hi Joe,
It's a little odd to suppress the warnings in the X509CertImpl class
since it is a subclass of java.security.cert.Certificate which
implements the writeReplace method so these fields are not serialized.
Also for other classes like X509Key which are internal it is a little
odd to suppress the warnings for fields like bitStringKey that are not
Serializable and are never serialized. It is probably better to mark
them as transient, but I'm not really sure it is worth making those
changes for otherwise stable code. I guess when I look at some of the
warnings, I might think there is an issue when there really isn't.
I suppose these are not things you can easily detect at compile time,
but I am wondering what you think.
--Sean
On 9/19/19 1:32 PM, Joe Darcy wrote:
> Hello,
>
> Ahead of augmenting javac's serial lint checks under JDK-8160675, it
> would be helpful to mark fields in security libs classes where the class
> is serializable, but a non-transient instance field does *not* have a
> serialiable type. Such classes may have difficulties being serialized at
> runtime:
>
> JDK-8231262 : Suppress warnings on non-serializable instance fields
> in security libs serializable classes
> http://cr.openjdk.java.net/~darcy/8231262.0/
>
> The review thread of the of the analogous core libs change, JDK-8231202:
> "Suppress warnings on non-serializable non-transient instance fields in
> serializable classes", is out on core-libs:
>
> http://mail.openjdk.java.net/pipermail/core-libs-dev/2019-September/062456.html
>
>
> Thanks,
>
> -Joe
>
More information about the security-dev
mailing list