Re: RFR 9: 8165261: RMI API to export an object with a serialization filter

Tue, 13 Sep 2016 12:11:53 -0700 

Hi Daniel,

Thanks for the review and comments...
Webrev updated in place.

On 9/13/2016 6:14 AM, Daniel Fuchs wrote:

Hi Roger,

On 12/09/16 21:42, Roger Riggs wrote:

Please review an update to enable serialization filtering for exported
RMI objects.

Webrev:
   http://cr.openjdk.java.net/~rriggs/webrev-rmi-filter-8165261/

Issue:
  https://bugs.openjdk.java.net/browse/JDK-8165261

Thanks, Roger



In UnicastRemoteObject.java:

 142  * <p>
 143  * Exported remote objects receive method invocations from the stubs
144 * as described in the RMI specification. Each invocation's operation and 145 * parameters are unmarshaled using a custom {@link java.io.ObjectInputStream}. 146 * If an {@link ObjectInputFilter} is provided and is not {@code null} when the object 147 * is exported, it is used to filter the parameters as they are unmarshaled from the stream. 148 * The filter is used for all invocations and all parameters regardless of 
 149  * the method being invoked or the parameter values.
150 * If no filter is provided or is {@code null} for the exported object then the 151 * {@code ObjectInputStream} default filter, if any, is used. The default filter is 152 * configured with {@link ObjectInputFilter.Config#setSerialFilter(ObjectInputFilter) 
 153  * ObjectInputFilter.Config.setSerialFilter}.

Maybe this paragraph should say what happens when the filter
rejects a parameter - or at least hints that there are more
details to be found on the subject in ObjectInputFilter?
It will be reported as any other IOException from ObjectInputStream; I added:
* If the filter rejects any of the parameters, the {@code InvalidClassException} 
 * thrown by {@code ObjectInputStream} is reported as the cause of an
 * {@link UnmarshalException}.
381 * @param filter an ObjectInputFilter applied when deserializing invocation arguments; 
 382      *               may be null
and:
408 * @param filter an ObjectInputFilter applied when deserializing invocation arguments; 
 409      *               may be null


 => {@link ObjectInputFilter} ... may be {@code null}

fixed.

Thanks, Roger


Otherwise looks good to me!

-- daniel

Reply via email to