Hi Chris,
Thanks for taking another look.
On 10/3/2016 4:53 AM, Chris Hegarty wrote:
Roger,
On 14/09/16 10:46, Chris Hegarty wrote:
One more additional comment:
4) Since filtering is not controlled by the Security Manager,
does it make sense for its configuration to live in the
Roger,
On 14/09/16 10:46, Chris Hegarty wrote:
On 08/09/16 20:09, Roger Riggs wrote:
...
This looks very good Roger, just a few comments:
1) The pattern separator in the java.security file should be ';'
Right?
925 #jdk.serialFilter=pattern,pattern
Hi Brian,
ok, I'll take a look at making the information available about the
object being created and
from the stream easy to extend.
Thanks, Roger
On 9/16/2016 11:09 AM, Brian Goetz wrote:
Sorry for being late to this party.
I like the approach, but I have some concerns about the
Sorry for being late to this party.
I like the approach, but I have some concerns about the evolvability of this
API. The filter already receives a handful of parameters; it seems quite
unlikely that a use case will not emerge where the filter needs more
information in the future (say, the
Hi Chris,
Thanks for the review and comments...
On 9/14/2016 5:46 AM, Chris Hegarty wrote:
On 08/09/16 20:09, Roger Riggs wrote:
Please review updates to the Serialization filtering API and
implementation:
- The ObjectInputFilter pattern based filters support matching on
module names as
On 08/09/16 20:09, Roger Riggs wrote:
Please review updates to the Serialization filtering API and
implementation:
- The ObjectInputFilter pattern based filters support matching on
module names as well as package and class names.
- Rename of system property and java.security property for
Hi Daniel,
Thanks for the suggestion, fixed.
Roger
On 9/13/2016 4:57 AM, Daniel Fuchs wrote:
Hi Roger,
Looks good!
One nit: In ObjectInputFilter.java, links to Status.
should probably use @link instead of @linkplain - e.g
{@linkplain Status#REJECTED REJECTED} or {@linkplain
Hi Roger,
Looks good!
One nit: In ObjectInputFilter.java, links to Status.
should probably use @link instead of @linkplain - e.g
{@linkplain Status#REJECTED REJECTED} or {@linkplain Status#REJECTED
Status.REJECTED} should probably be @link to make the constants
appear in code font.
No
Hi Daniel,
Thanks for the review and suggestions:
Updated in place:
Webrev:
http://cr.openjdk.java.net/~rriggs/webrev-serial-filter-jdk9-8155760/
SpecDiff:
http://cr.openjdk.java.net/~rriggs/filter-diffs/overview-summary.html
Javadoc (subset)
Hi Roger,
ObjectInputStream.java: some cosmetic comments:
317 * {@link ObjectInputFilter.Config#getSerialFilter() the
process-wide filter}.
352 * {@link ObjectInputFilter.Config#getSerialFilter() the
process-wide filter}.
=> should be @linkplain
1185 * The filter, when not
Hi Andrej,
Thanks for the review and comments..
On 9/9/2016 2:32 AM, Andrej Golovnin wrote:
Hi Roger,
src/java.base/share/classes/java/io/ObjectInputStream.java
259 private static class Logging {
The class can be final.
But there is no advantage or limitation since it is an private
Hi Roger,
src/java.base/share/classes/java/io/ObjectInputStream.java
259 private static class Logging {
The class can be final.
1265 ? Logger.Level.DEBUG
There is one space too much before "Logger".
2611 /** total bytes read from the stream */
12 matches
Mail list logo