Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
jtsk_1.2
-
None
-
None
-
4696460
Description
Bugtraq ID 4696460
EN.1.5 states that MarshalledObject.equals is used for match operations, but does not make explicit that the declared types of fields, and the actual types of objects stored in those fields (including any objects nested within them) must be designed to produce consistent serial forms to make match operations reliable. Consistent serial forms means that a given instance always serializes the same, and a given instance that is serialized, deserialized, and then reserialized produces the same form as the initial serialization. A particular example where this has broken down is in the Service UI spec, where a field is declared to be of type java.util.Set, but existing Set implementations are not specified to (and in fact are not implemented to) produce consistent serial forms. Anyone designing an entry class needs to think hard about what fields might be used for matching, and worry about consistent serial forms.
In the case of the Lookup spec LU.2.2 is the relevant section which contains a discussion on Entries and Entry matching. The bug could be addressed by adding a note on the importance of consistent serial forms, or by replacing the entry discussion with a reference to the Entry spec (which once 4696449 is fixed will talk about constant
serial forms).
Attachments
Issue Links
- is related to
-
-
- Open
-