> The effects of invalid values of `jdk.serialFilter` and > `jdk.serialFilterFactory` properties are > incompletely specified. The behavior for invalid values of the properties is > different and > use an unconventional exception type, `ExceptionInInitializerError` and leave > the `OIF.Config` class > uninitialized. > > The exceptions in the `ObjectInputFilter.Config` class initialization caused > by invalid values of the two properties, > either by system properties supplied on the command line or security > properties are logged. > The `Config` class marks either or both the filter and filter factory values > as unusable > and remembers the exception message. > > Subsequent calls to the methods that get or set the filter or filter factory > or create > an `ObjectInputStream` throw `java.lang.IllegalStateException` with the > remembered exception message. > Constructing an `ObjectInputStream` calls both `Config.getSerialFilter` and > `Config.getSerialFilterFactory`. > The nature of the invalid property is reported as an `IllegalStateException` > on first use. > > This PR supercedes https://github.com/openjdk/jdk/pull/6508 Document that > setting an invalid property jdk.serialFilter disables deserialization
Roger Riggs has updated the pull request incrementally with one additional commit since the last revision: Address review comments to consistently identify security property names and use the correct bug number in the test. ------------- Changes: - all: https://git.openjdk.java.net/jdk/pull/6645/files - new: https://git.openjdk.java.net/jdk/pull/6645/files/4dec7f48..52ab7b5b Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=6645&range=01 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=6645&range=00-01 Stats: 13 lines in 2 files changed: 3 ins; 4 del; 6 mod Patch: https://git.openjdk.java.net/jdk/pull/6645.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/6645/head:pull/6645 PR: https://git.openjdk.java.net/jdk/pull/6645
