JDK 14 RFR of JDK-8231262: Suppress warnings on non-serializable instance fields in security libs serializable classes

Sean Mullan sean.mullan at oracle.com
Thu Sep 26 20:55:30 UTC 2019


On 9/26/19 4:20 PM, Sean Mullan wrote:
>> Would you prefer I revise the patch where there are multiple 
>> SuppressWarnings("serial") on fields to put a single one on the class 
>> instead?
> 
> Yes, but only in the cases where we are clearly using some form of 
> alternate serialization like ASN.1 encoding. I need to double-check the 
> review again (it's a bit more time consuming because I have to look at 
> the code in more detail), but the two that I spotted so far are:
> 
> src/java.base/share/classes/sun/security/x509/X509CertImpl.java
> src/java.security.jgss/share/classes/sun/security/krb5/internal/KRBError.java 
> (from the JDK-8231368 review)

Ok, I double-checked everything. The only other class in the webrev that 
uses an alternate serial form is:

sun/security/x509/X509Key.java

but since that only has one field that is not Serializable, it probably 
is ok to leave as-is.

--Sean


More information about the security-dev mailing list