equal
deleted
inserted
replaced
893 # A filter is configured as a sequence of patterns, each pattern is either |
893 # A filter is configured as a sequence of patterns, each pattern is either |
894 # matched against the name of a class in the stream or defines a limit. |
894 # matched against the name of a class in the stream or defines a limit. |
895 # Patterns are separated by ";" (semicolon). |
895 # Patterns are separated by ";" (semicolon). |
896 # Whitespace is significant and is considered part of the pattern. |
896 # Whitespace is significant and is considered part of the pattern. |
897 # |
897 # |
|
898 # If the system property jdk.serialFilter is also specified, it supersedes |
|
899 # the security property value defined here. |
|
900 # |
898 # If a pattern includes a "=", it sets a limit. |
901 # If a pattern includes a "=", it sets a limit. |
899 # If a limit appears more than once the last value is used. |
902 # If a limit appears more than once the last value is used. |
900 # Limits are checked before classes regardless of the order in the |
903 # Limits are checked before classes regardless of the order in the |
901 # sequence of patterns. |
904 # sequence of patterns. |
902 # If any of the limits are exceeded, the filter status is REJECTED. |
905 # If any of the limits are exceeded, the filter status is REJECTED. |
1003 # |
1006 # |
1004 # Note: This property is currently used by the JDK Reference implementation. |
1007 # Note: This property is currently used by the JDK Reference implementation. |
1005 # It is not guaranteed to be examined and used by other implementations. |
1008 # It is not guaranteed to be examined and used by other implementations. |
1006 # |
1009 # |
1007 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name |
1010 #com.sun.CORBA.ORBIorTypeCheckRegistryFilter=binary_class_name;binary_class_name |
|
1011 |
|
1012 # |
|
1013 # JCEKS Encrypted Key Serial Filter |
|
1014 # |
|
1015 # This filter, if configured, is used by the JCEKS KeyStore during the |
|
1016 # deserialization of the encrypted Key object stored inside a key entry. |
|
1017 # If not configured or the filter result is UNDECIDED (i.e. none of the patterns |
|
1018 # matches), the filter configured by jdk.serialFilter will be consulted. |
|
1019 # |
|
1020 # If the system property jceks.key.serialFilter is also specified, it supersedes |
|
1021 # the security property value defined here. |
|
1022 # |
|
1023 # The filter pattern uses the same format as jdk.serialFilter. The default |
|
1024 # pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type, |
|
1025 # and javax.crypto.spec.SecretKeySpec and rejects all the others. |
|
1026 jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep;\ |
|
1027 java.base/java.security.KeyRep$Type;java.base/javax.crypto.spec.SecretKeySpec;!* |