Hi Max,
On 8/21/18 11:19 AM, Weijun Wang wrote:
Also, I think the specification of the getObject() method should be updated to
say that the system filter is used to validate the deserialized object. I
realize that this was a previous side-effect of adding the system filter and
not part of this change, but this did change the behavior of this method, so I
think it should be added to the specification while you are making changes. The
CSR will also need to be updated with this change.
I can.
In fact, I have always wanted to add a new @throws if the filter rejects the
stream. The problem is that even ObjectInputStream::readObject does not clearly
list one.
*Roger*: According to ObjectInputStream::setObjectInputFilter it's InvalidClassException.
Can I say "@throws InvalidClassException if the (system) filter returns REJECTED
while deserializing the original object"?
yes, that's accurate. The same @throws would apply to the other methods
also. (Except for the mention of "system").
Roger
