SerialKiller icon indicating copy to clipboard operation
SerialKiller copied to clipboard

Published 20 hours ago verified publisher icon ikkisoft

Integrate with JEP-290 infrastructure

Open philippn opened this issue 6 years ago • 3 comments

Hi there, I like the idea of this library very much (thanks!), I would like to request the following feature to make it even more useful: Please add a implementation of https://docs.oracle.com/javase/9/docs/api/java/io/ObjectInputFilter.html

This way, one could use SerialKiller without having to change every ObjectInputStream call (which is kind of error-prone, because you can easily miss one).

Thanks in advance!

philippn avatar Mar 14 '18 11:03 philippn

Thanks!

The library is currently supporting Java8, while ObjectInputFilter is available on Java9 only.

It's a great idea, but we would need to implement a mechanism to decide the strategy based on the specific JVM version. Feasible, but there is definitely some work involved.

ikkisoft avatar Mar 15 '18 09:03 ikkisoft

In fact, the JEP-290 feature has been backported to Java 8u121 and even to Java 7 and 6 (Oracle deemed it that important). See https://blogs.oracle.com/java-platform-group/filter-incoming-serialization-data-a-little-of-jdk-9-goodness-available-now-in-current-release-families

To test whether the feature is available, it would probably suffice to perform a Class.forName() with the ObjectInputFilter class name.

philippn avatar Mar 16 '18 00:03 philippn

Interesting. I didn't know and I will take a look.

ikkisoft avatar Mar 16 '18 09:03 ikkisoft