mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DIRMINA-822) Deserialising classes that do not implement Serializable fails
Date Fri, 11 Mar 2011 22:28:59 GMT

    [ https://issues.apache.org/jira/browse/DIRMINA-822?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13005877#comment-13005877
] 

Emmanuel Lecharny commented on DIRMINA-822:
-------------------------------------------

Yeah, lookupAny is a Java 6 method, and the lookup( Class, boolean ) is package protected...
Seems like a dead end here.

What I don't get is that if the class is not Serializable, it would not be part of the received
message, isn't it ?

I have modified the current code this way  :

                        case 1: // Non-primitive types
                            String className = readUTF();
                            Class<?> clazz = Class.forName(className, true,
                                    classLoader);
                            ObjectStreamClass osClass = ObjectStreamClass.lookup(clazz);
                            
                            if (osClass == null) {
                                throw new ClassNotFoundException("The '" + className + "'
class " +
                                    "can't be read, it's not implementing the Serializable
interface");
                            }
                            
                            return osClass;

The idea is to throw an exception instead of simply return 'null', helping the user to understand
why he has an issue. Is that enough ? 

> Deserialising classes that do not implement Serializable fails
> --------------------------------------------------------------
>
>                 Key: DIRMINA-822
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-822
>             Project: MINA
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.0.2
>            Reporter: Ulrich Kreher
>
> AbstractIoBuffer uses ObjectStreamClass.lookup(Class) which returns null for classes
that do not implement Serializable. This in turn leads to a NullPointerException a few lines
below in resolveClass(ObjectStreamClass) where the ObjectStreamClass-parameter is null.
> Deserialising a non-serialisable class is completely legal, instances of such a class
will already fail to serialise so they will never get to deserialisation.
> Using ObjectStreamClass.lookupAny(Class) will solve this issue, but it is not available
before Java 6.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message