Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrate with JEP-290 infrastructure #19

Open
philippn opened this issue Mar 14, 2018 · 3 comments
Open

Integrate with JEP-290 infrastructure #19

philippn opened this issue Mar 14, 2018 · 3 comments

Comments

@philippn
Copy link

Hi there,
I like the idea of this library very much (thanks!), I would like to request the following feature to make it even more useful: Please add a implementation of https://docs.oracle.com/javase/9/docs/api/java/io/ObjectInputFilter.html

This way, one could use SerialKiller without having to change every ObjectInputStream call (which is kind of error-prone, because you can easily miss one).

Thanks in advance!

@ikkisoft
Copy link
Owner

Thanks!

The library is currently supporting Java8, while ObjectInputFilter is available on Java9 only.

It's a great idea, but we would need to implement a mechanism to decide the strategy based on the specific JVM version. Feasible, but there is definitely some work involved.

@philippn
Copy link
Author

philippn commented Mar 16, 2018

In fact, the JEP-290 feature has been backported to Java 8u121 and even to Java 7 and 6 (Oracle deemed it that important). See https://blogs.oracle.com/java-platform-group/filter-incoming-serialization-data-a-little-of-jdk-9-goodness-available-now-in-current-release-families

To test whether the feature is available, it would probably suffice to perform a Class.forName() with the ObjectInputFilter class name.

@ikkisoft
Copy link
Owner

Interesting. I didn't know and I will take a look.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants