On Tue, 8 Jun 2021 11:41:28 GMT, Daniel Fuchs <[email protected]> wrote:
>> Roger Riggs has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Clarified javadoc for rejectUndecidedClass.
>> Added javadoc to describe throwing of ExceptionInInitializerError if the
>> class
>> named by system property jdk.serialFilterFactory is not valid.
>> Added description of jdk.serialFilterFactory to java.security file.
>
> src/java.base/share/classes/java/io/ObjectInputFilter.java line 550:
>
>> 548: * be accessible via the {@linkplain
>> ClassLoader#getSystemClassLoader() application class loader}.
>> 549: * If the filter factory constructor is not invoked successfully,
>> an {@link ExceptionInInitializerError}
>> 550: * is thrown.
>
> Should you also say that later attempts to create an `ObjectInputStream` or
> to call `ObjectInputStream::setObjectInputFilter` will result in an
> `IllegalStateException`?
Yes, and setObjectInputFilter should throw ISE if the initialization from the
system property has failed.
```
* If the filter factory constructor is not invoked successfully, an {@link
ExceptionInInitializerError}
* is thrown and subsequent use of the filter factory for deserialization
fails with
* {@link IllegalStateException}.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3996
