JDK-6223531 : Specification for SerializablePermission is incomplete
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.io:serialization
  • Affected Version: 5.0
  • Priority: P4
  • Status: Open
  • Resolution: Unresolved
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2005-01-31
  • Updated: 2013-05-01
Related Reports
Relates :  
JDK-4274163 - java.lang.RuntimePermission throws undocumented IllegalArgumentException
Description
1. Class level specification for SerializablePermission states:

"
The following table lists all the possible SerializablePermission target names
"

but never specifies what happends if one gives target name that is not present in table to constructor. Behavior in this case should be clarified. Currently JDK allows such target names and getName() returns name give to constructor.

2. Specification for "public SerializablePermission(String name, String actions)" states:

"
The name is the symbolic name of the SerializablePermission, and the actions String is currently unused and should be null. 
...
actions - currently unused and must be set to null
"

Behavior in case of action being non-null should be specified.

3. Behavior of method getActions for this class is unclear. Specification should state something like "currently getActions always returns empty String".
###@###.### 2005-1-31 15:37:36 GMT
Comments
EVALUATION It appears as if at least the @throws portion of this CR is being taken care of (for Mustang) as part of CR 4274163.
02-05-2006
EVALUATION The specification for java.io.SerializablePermission is modelled after the specifications for other subclasses of java.security.BasicPermission, like java.lang.RuntimePermission; it appears that RuntimePermission has similar issues, as well as some of the other subclasses. It would be nice if there were a concerted effort to address the issues consistently; are there bugs filed for similar issues with other subclasses of BasicPermission? 1&2. The constructors should have the same @throws for NullPointerException and IllegalArgumentException as the superclass's constructors have, and they should specify that they pass the name to the corresponding superclass constructor. And like the superclass's constructor that has an "actions" parameter, SerializablePermisison's constructor should clarify that "actions" is ignored. 3. SerializablePermission does not override BasicPermission.getActions, which is specified to return the empty string. ###@###.### 2005-2-02 01:33:36 GMT On rmi/serialization meeting we decided to decommit this bug till next release. ###@###.### 2005-07-12 10:05:24 GMT
02-02-2005