Re: [12] RFR 8193859: Allow user provided ObjectInputFilter in SealedObject and SignedObject

Mon, 13 Aug 2018 21:30:02 -0700 

Sorry for the late reply.

> On Aug 7, 2018, at 10:57 PM, Roger Riggs <roger.ri...@oracle.com> wrote:
> 
> Hi Max,
> 
> It may be useful to include in the descriptions a reminder that if no 
> ObjectInputFilter
> is supplied the global filter is used.  Details in ObjectInputStream.

The new getObject() methods with an ObjectInputFilter does not allow it to be 
null, so it looks strange to mention this in the method spec.

I'm thinking about these changes in the example part of the class spec:

  *     Signature.getInstance(algorithm, provider);
  * if (so.verify(publickey, verificationEngine))
  *     try {
- *         Object myobj = so.getObject();
+ *         ObjectInputFilter myfilter = ...;
+ *         Object myobj = so.getObject(myfilter);
  *     } catch (java.lang.ClassNotFoundException e) {};
  * }</pre>
  *
+ * In this example, the {@link ObjectInputFilter} object is used during
+ * deserialization to check the contents of the stream. If {@link #getObject()}
+ * is called, the {@link ObjectInputFilter.Config#getSerialFilter()
+ * initial process-wide filter} is used.

I copied the words from ObjectInputStream::getObjectInputFilter. Is this a 
formal name of the "global filter"?

> 
> Typically, the @throws clauses that are not full sentences do not include a 
> final period "."
> For consistency with the existing javadoc, omit the "."
> For example, SealedObject.java:191, 239, 240, 330
> SignedObject.java: 128, 130, 229, 252, 253
> 
> While you are editing SealedObject.java: 143-145, please indent the 
> continuation lines of @throws.

OK.

> 
> Are there any caveats on what the serial filter needs to allow when used in 
> SealedObject or SignedObject?

I'll think about this. In reality, a user first get a SignedObject from an 
ObjectInputStream and then call getObject() to read it. I should probably point 
out a user can check the content of SignedObject themselves while retrieving 
the SignedObject itself and the new method only takes care about deserializing 
the internal object only.

Thanks
Max

> 
> Thanks, Roger
> 
> 
> On 8/7/18 2:31 AM, Weijun Wang wrote:
>> Please review the code change at
>> 
>>    webrev: http://cr.openjdk.java.net/~weijun/8193859/webrev.00/
>> 
>> where
>> 
>>       JBS: https://bugs.openjdk.java.net/browse/JDK-8193859
>>       CSR: https://bugs.openjdk.java.net/browse/JDK-8193887
>> 
>> Thanks
>> Max
>> 
>> 
>

Reply via email to