You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2011/03/11 23:28:59 UTC

[jira] Commented: (DIRMINA-822) Deserialising classes that do not implement Serializable fails

    [ https://issues.apache.org/jira/browse/DIRMINA-822?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13005877#comment-13005877 ] 

Emmanuel Lecharny commented on DIRMINA-822:
-------------------------------------------

Yeah, lookupAny is a Java 6 method, and the lookup( Class, boolean ) is package protected... Seems like a dead end here.

What I don't get is that if the class is not Serializable, it would not be part of the received message, isn't it ?

I have modified the current code this way  :

                        case 1: // Non-primitive types
                            String className = readUTF();
                            Class<?> clazz = Class.forName(className, true,
                                    classLoader);
                            ObjectStreamClass osClass = ObjectStreamClass.lookup(clazz);
                            
                            if (osClass == null) {
                                throw new ClassNotFoundException("The '" + className + "' class " +
                                    "can't be read, it's not implementing the Serializable interface");
                            }
                            
                            return osClass;

The idea is to throw an exception instead of simply return 'null', helping the user to understand why he has an issue. Is that enough ? 

> Deserialising classes that do not implement Serializable fails
> --------------------------------------------------------------
>
>                 Key: DIRMINA-822
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-822
>             Project: MINA
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.0.2
>            Reporter: Ulrich Kreher
>
> AbstractIoBuffer uses ObjectStreamClass.lookup(Class) which returns null for classes that do not implement Serializable. This in turn leads to a NullPointerException a few lines below in resolveClass(ObjectStreamClass) where the ObjectStreamClass-parameter is null.
> Deserialising a non-serialisable class is completely legal, instances of such a class will already fail to serialise so they will never get to deserialisation.
> Using ObjectStreamClass.lookupAny(Class) will solve this issue, but it is not available before Java 6.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira