On Fri, 21 May 2021 17:09:00 GMT, Roger Riggs <rri...@openjdk.org> wrote:
>> src/java.base/share/classes/java/io/ObjectInputFilter.java line 365: >> >>> 363: * A utility class to set and get the JVM-wide deserialization >>> filter factory, >>> 364: * the static JVM-wide filter, or to create a filter from a >>> pattern string. >>> 365: * If a JVM-wide filter factory or static JVM-wide filter is set, >>> it will determine the filter >> >> This concerns me, "A JVM-wide filter factory". I was going to suggest that >> it should be "The ..", but then realised that there can only ever be one >> present at a time, but in the lifetime of a JVM there can be two (since >> getSerialFilterFactory if invoked before setSerialFilterFactory will >> subsequently return a different JVM-wide factory). Is this intentional? It >> would great if this could be "The ..", so that setXXX can only be invoked >> successfully if getXXX has not been. This may seen somewhat insignificant, >> but the fact that the JVM-wide factory can change make the model harder >> understand. > > It is reasonable to require that the factory be set before any OIS is > constructed. > Similar to the restriction that the filter on a stream cannot be changed > after the first call to readObject. > So an IllegalStateException added to Config.setSerialFilterFactory. Ok, great. So setSerialFilterFactory cannot be successfully invoked after any of i) getSerialFilterFactory, or ii) an OIS is constructed. I don't yet see this in the code. ------------- PR: https://git.openjdk.java.net/jdk/pull/3996
