Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8169645

j.i.ObjectInputFilter.Config spec is ambiguous regarding overriding the filter via System properties

    XMLWordPrintable

    Details

      Description

      The spec states:
      "The filter is configured using the Security property jdk.serialFilter and can be overridden by the System property jdk.serialFilter."

      The spec doesn't mention nothing regarding impossibility of overriding after Config::getInputFilter was call.

      Thus I can expect that Config::getSerialFilter will return different results after overriding and the following code will print "false", it prints "true".

      Security.setProperty("jdk.serialFilter", FILTER1_STR);
      ObjectInputFilter filter1 = Config.getSerialFilter();
      System.setProperty("jdk.serialFilter", FILTER2_STR);
      ObjectInputFilter filter2 = Config.getSerialFilter();
      System.out.println(filter1 == filter2);

        Attachments

          Activity

            People

            Assignee:
            rriggs Roger Riggs
            Reporter:
            evotchen Elena Votchennikova (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: