[
https://issues.apache.org/jira/browse/DIRMINA-822?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13005877#comment-13005877
]
Emmanuel Lecharny commented on DIRMINA-822:
-------------------------------------------
Yeah, lookupAny is a Java 6 method, and the lookup( Class, boolean ) is package
protected... Seems like a dead end here.
What I don't get is that if the class is not Serializable, it would not be part
of the received message, isn't it ?
I have modified the current code this way :
case 1: // Non-primitive types
String className = readUTF();
Class<?> clazz = Class.forName(className, true,
classLoader);
ObjectStreamClass osClass =
ObjectStreamClass.lookup(clazz);
if (osClass == null) {
throw new ClassNotFoundException("The '" +
className + "' class " +
"can't be read, it's not implementing the
Serializable interface");
}
return osClass;
The idea is to throw an exception instead of simply return 'null', helping the
user to understand why he has an issue. Is that enough ?
> Deserialising classes that do not implement Serializable fails
> --------------------------------------------------------------
>
> Key: DIRMINA-822
> URL: https://issues.apache.org/jira/browse/DIRMINA-822
> Project: MINA
> Issue Type: Bug
> Components: Core
> Affects Versions: 2.0.2
> Reporter: Ulrich Kreher
>
> AbstractIoBuffer uses ObjectStreamClass.lookup(Class) which returns null for
> classes that do not implement Serializable. This in turn leads to a
> NullPointerException a few lines below in resolveClass(ObjectStreamClass)
> where the ObjectStreamClass-parameter is null.
> Deserialising a non-serialisable class is completely legal, instances of such
> a class will already fail to serialise so they will never get to
> deserialisation.
> Using ObjectStreamClass.lookupAny(Class) will solve this issue, but it is not
> available before Java 6.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
