Re: [14] RFR (doc) 8237651 Clarify initialization of jdk.serialFilter

Tue, 28 Jan 2020 07:02:28 -0800 

Hi Sean,

On 1/27/20 3:17 PM, Sean Mullan wrote:

Hi Roger,
Does setting jdk.serialFilter with Security.setProperty() work, or must it only be pre-configured in the java.security file?
Assuming the System property is not defined, then setting the Security property with Security.setProperty before the ObjectInputFilter.Config class is initialized will affect the filter defined. 

Thanks, Roger




--Sean

On 1/24/20 2:51 PM, Roger Riggs wrote:
Please review a doc change in the description of the initialization of the jdk.serialFilter from 
a system property to generalize it beyond only command line invocation.
diff a/src/java.base/share/classes/java/io/ObjectInputFilter.java b/src/java.base/share/classes/java/io/ObjectInputFilter.java 
--- a/src/java.base/share/classes/java/io/ObjectInputFilter.java
+++ b/src/java.base/share/classes/java/io/ObjectInputFilter.java
@@ -204,15 +204,14 @@
      * When setting the filter, it should be stateless and idempotent,
      * reporting the same result when passed the same arguments.
      * <p>
      * The filter is configured during the initialization of the {@code ObjectInputFilter.Config}       * class. For example, by calling {@link #getSerialFilter() Config.getSerialFilter}. -     * If the system property {@systemProperty jdk.serialFilter} is defined on the command line, 
-     * it is used to configure the filter.
-     * If the system property is not defined on the command line, and the -     * {@link java.security.Security} property {@code jdk.serialFilter} is defined 
-     * then it is used to configure the filter.
+     * If the Java virtual machine is started with the system property
+     * {@systemProperty jdk.serialFilter}, its value is used to configure the filter. +     * If the system property is not defined, and the {@link java.security.Security} property +     * {@code jdk.serialFilter} is defined then it is used to configure the filter.       * Otherwise, the filter is not configured during initialization and       * can be set with {@link #setSerialFilter(ObjectInputFilter) Config.setSerialFilter}.       * Setting the {@code jdk.serialFilter} with {@link System#setProperty(String, String) 
      * System.setProperty} <em>does not set the filter</em>.

Thanks, Roger

Issue:
   https://bugs.openjdk.java.net/browse/JDK-8237651

Webrev:
    http://cr.openjdk.java.net/~rriggs/webrev-filter-8237651/

Reply via email to