Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8169645

j.i.ObjectInputFilter.Config spec is ambiguous regarding overriding the filter via System properties

    Details

      Description

      The spec states:
      "The filter is configured using the Security property jdk.serialFilter and can be overridden by the System property jdk.serialFilter."

      The spec doesn't mention nothing regarding impossibility of overriding after Config::getInputFilter was call.

      Thus I can expect that Config::getSerialFilter will return different results after overriding and the following code will print "false", it prints "true".

      Security.setProperty("jdk.serialFilter", FILTER1_STR);
      ObjectInputFilter filter1 = Config.getSerialFilter();
      System.setProperty("jdk.serialFilter", FILTER2_STR);
      ObjectInputFilter filter2 = Config.getSerialFilter();
      System.out.println(filter1 == filter2);

        Attachments

          Activity

            People

            • Assignee:
              rriggs Roger Riggs
              Reporter:
              evotchen Elena Votchennikova (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: