Jonathon Nicholas Sanders created COMMONSSITE-155:
-----------------------------------------------------
Summary: ValidatingObjectInputStream
Key: COMMONSSITE-155
URL: https://issues.apache.org/jira/browse/COMMONSSITE-155
Project: Apache Commons All
Issue Type: Bug
Environment: Java 8, Ubuntu 16.04 LTS, Eclipse Neon, Apache Commons IO
2.11.0
Reporter: Jonathon Nicholas Sanders
I have been using ValidatingObjectInputStream and found a bug.
It appears when you have an ArrayList of String it fails to validate the
String.class ( [Ljava.lang.String; ) because somehow some extra data in the
full class name causes an error. Currently I have no work around, I could edit
the source, and see if I can hunt down the bug myself, but I don't think my
project manager would care for that option if it takes me too much time, the
other is also not ideal and that is avoid using ArrayList<String>.... but the
again, this could be an issue for any ArrayList of Classes.
I am using Oracle Java 8 on Ubuntu 16.04 LTS, here is my stacktrace. I have
removed references to my classes for the sake of confidentiality.
Apr 08, 2022 3:07:33 PM gov.jdaccs.views.__ openConfiguration
SEVERE: Class name not accepted: [Ljava.lang.String;
java.io.InvalidClassException: Class name not accepted: [Ljava.lang.String;
at
org.apache.commons.io.serialization.ValidatingObjectInputStream.invalidClassNameFound(ValidatingObjectInputStream.java:95)
at
org.apache.commons.io.serialization.ValidatingObjectInputStream.validateClassName(ValidatingObjectInputStream.java:82)
at
org.apache.commons.io.serialization.ValidatingObjectInputStream.resolveClass(ValidatingObjectInputStream.java:100)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1859)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1745)
at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1921)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1561)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2278)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2202)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:427)
at java.util.ArrayList.readObject(ArrayList.java:797)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1158)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2169)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2278)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2202)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2278)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2202)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:427)
at gov.jdaccs.config.__.readConfiguration(__.java:74)
at gov.jdaccs.views.__.openConfiguration(__.java:511)
at gov.jdaccs.views.__.loadDefaults(__.java:757)
at gov.jdaccs.views.__.createNewConfiguration(__.java:2508)
at gov.jdaccs.views.__.<init>(__.java:262)
at gov.jdaccs.views.__.main(_.java:2534)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
