[jira] [Commented] (IO-766) ValidatingObjectInputStream

Wed, 13 Apr 2022 10:31:04 -0700 


    [ 
https://issues.apache.org/jira/browse/IO-766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17521844#comment-17521844
 ] 

Gary D. Gregory commented on IO-766:
------------------------------------

Hi [~jnsandersUSAF] 

I still don't see why this is an issue in {{ValidatingObjectInputStream}}. What 
am I missing?

Your code says:

{code:java}
...
                        ois = new ValidatingObjectInputStream(new 
FileInputStream(filename));
                        ois.accept(TestClass.class);
                        Object obj = ois.readObject();
...
{code}
Then the library tells you that an array of String is rejected which is exactly 
what you asked. If you want the type array of String to be accepted, you have 
to tell the accept method.



> ValidatingObjectInputStream
> ---------------------------
>
>                 Key: IO-766
>                 URL: https://issues.apache.org/jira/browse/IO-766
>             Project: Commons IO
>          Issue Type: Bug
>         Environment: Java 8, Ubuntu 16.04 LTS, Eclipse Neon, Apache Commons 
> IO 2.11.0
>            Reporter: Jonathon Nicholas Sanders
>            Priority: Major
>         Attachments: .checksum.md5, Unit Test Case_20220413.zip
>
>
> I have been using ValidatingObjectInputStream and found a bug.
>  
> It appears when you have an ArrayList of String it fails to validate the 
> String.class ( [Ljava.lang.String; ) because somehow some extra data in the 
> full class name causes an error. Currently I have no work around, I could 
> edit the source, and see if I can hunt down the bug myself, but I don't think 
> my project manager would care for that option if it takes me too much time, 
> the other is also not ideal and that is avoid using ArrayList<String>.... but 
> the again, this could be an issue for any ArrayList of Classes.
>  
> I am using Oracle Java 8 on Ubuntu 16.04 LTS, here is my stacktrace. I have 
> removed references to my classes for the sake of confidentiality.
>  
> Apr 08, 2022 3:07:33 PM gov.jdaccs.views.__ openConfiguration
> SEVERE: Class name not accepted: [Ljava.lang.String;
> java.io.InvalidClassException: Class name not accepted: [Ljava.lang.String;
> at 
> org.apache.commons.io.serialization.ValidatingObjectInputStream.invalidClassNameFound(ValidatingObjectInputStream.java:95)
> at 
> org.apache.commons.io.serialization.ValidatingObjectInputStream.validateClassName(ValidatingObjectInputStream.java:82)
> at 
> org.apache.commons.io.serialization.ValidatingObjectInputStream.resolveClass(ValidatingObjectInputStream.java:100)
> at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1859)
> at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1745)
> at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1921)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1561)
> at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2278)
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2202)
> at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
> at java.io.ObjectInputStream.readObject(ObjectInputStream.java:427)
> at java.util.ArrayList.readObject(ArrayList.java:797)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1158)
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2169)
> at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
> at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2278)
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2202)
> at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
> at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2278)
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2202)
> at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2060)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
> at java.io.ObjectInputStream.readObject(ObjectInputStream.java:427)
> at gov.jdaccs.config.__.readConfiguration(__.java:74)
> at gov.jdaccs.views.__.openConfiguration(__.java:511)
> at gov.jdaccs.views.__.loadDefaults(__.java:757)
> at gov.jdaccs.views.__.createNewConfiguration(__.java:2508)
> at gov.jdaccs.views.__.<init>(__.java:262)
> at gov.jdaccs.views.__.main(_.java:2534)



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to