uuuyuqi opened a new issue, #104: URL: https://github.com/apache/dubbo-hessian-lite/issues/104
### Problem Description / 问题描述 When using hessian-lite in a class-isolated environment (such as Pandora container), deserializing a `Locale` type parameter fails with NullPointerException. 在类隔离环境(如 Pandora 容器)中使用 hessian-lite 时,反序列化 `Locale` 类型的参数会失败,抛出 NullPointerException。 ### Root Cause Analysis / 原因分析 **Serialization flow / 序列化流程:** 1. When serializing `Locale`, [`SerializerFactory.getSerializer()`](https://github.com/apache/dubbo-hessian-lite/blob/master/src/main/java/com/alibaba/com/caucho/hessian/io/SerializerFactory.java#L384-L385) returns `LocaleSerializer` 2. [`LocaleSerializer.writeObject()`](https://github.com/apache/dubbo-hessian-lite/blob/master/src/main/java/com/alibaba/com/caucho/hessian/io/LocaleSerializer.java#L65-L74) converts `Locale` to `LocaleHandle` and writes it to the stream with type `com.alibaba.com.caucho.hessian.io.LocaleHandle` **Deserialization flow (normal) / 反序列化流程(正常情况):** 1. The receiver reads type `com.alibaba.com.caucho.hessian.io.LocaleHandle` from the stream 2. [`SerializerFactory.getDeserializer(String type)`](https://github.com/apache/dubbo-hessian-lite/blob/master/src/main/java/com/alibaba/com/caucho/hessian/io/SerializerFactory.java#L647-L698) calls [`loadSerializedClass()`](https://github.com/apache/dubbo-hessian-lite/blob/master/src/main/java/com/alibaba/com/caucho/hessian/io/SerializerFactory.java#L248-L252) to load the `LocaleHandle` class 3. `JavaDeserializer` deserializes `LocaleHandle`, then calls [`LocaleHandle.readResolve()`](https://github.com/apache/dubbo-hessian-lite/blob/master/src/main/java/com/alibaba/com/caucho/hessian/io/LocaleHandle.java#L63-L89) to convert back to `Locale` **Deserialization flow (in class-isolated environment) / 反序列化流程(类隔离环境):** 1. The receiver reads type `com.alibaba.com.caucho.hessian.io.LocaleHandle` from the stream 2. **[`loadSerializedClass()`](https://github.com/apache/dubbo-hessian-lite/blob/master/src/main/java/com/alibaba/com/caucho/hessian/io/SerializerFactory.java#L248-L252) FAILS** because the business class loader cannot load `LocaleHandle` - it exists in the isolated framework class loader (e.g., Pandora's module class loader) 3. According to [`getObjectDeserializer(String type)` line 596-601](https://github.com/apache/dubbo-hessian-lite/blob/master/src/main/java/com/alibaba/com/caucho/hessian/io/SerializerFactory.java#L596-L601), it falls back to `MapDeserializer` 4. Then according to [`getObjectDeserializer(String type, Class cl)` line 568-585](https://github.com/apache/dubbo-hessian-lite/blob/master/src/main/java/com/alibaba/com/caucho/hessian/io/SerializerFactory.java#L568-L585), it further falls back to `JavaDeserializer` for the expected type (`Locale.class`) 5. **`JavaDeserializer` fails** when trying to instantiate `Locale` because `Locale`'s constructors don't accept null parameters: - [`JavaDeserializer.instantiate()`](https://github.com/apache/dubbo-hessian-lite/blob/master/src/main/java/com/alibaba/com/caucho/hessian/io/JavaDeserializer.java#L309-L319) uses `_constructor.newInstance(_constructorArgs)` where `_constructorArgs` contains `null` values - `Locale(String language, String country, String variant)` throws NPE when language is null ### Error Stack / 错误堆栈 ``` java.lang.NullPointerException at java.util.Locale.<init>(Locale.java:648) at java.util.Locale.<init>(Locale.java:674) ... invoked by JavaDeserializer via reflection ``` ### Environment / 环境 - hessian-lite version: 3.2.x - Class isolation framework: Pandora (Alibaba's class isolation container, similar to OSGi) - The `LocaleHandle` class is loaded by the framework's module class loader, not the business class loader ### Steps to Reproduce / 复现步骤 1. Deploy hessian-lite in a class-isolated environment (Pandora/OSGi) 2. Make an RPC call with `Locale` parameter 3. Observe NPE during deserialization ### Related Code / 相关代码 - [LocaleSerializer.java](https://github.com/apache/dubbo-hessian-lite/blob/master/src/main/java/com/alibaba/com/caucho/hessian/io/LocaleSerializer.java) - [LocaleHandle.java](https://github.com/apache/dubbo-hessian-lite/blob/master/src/main/java/com/alibaba/com/caucho/hessian/io/LocaleHandle.java) - [SerializerFactory.java](https://github.com/apache/dubbo-hessian-lite/blob/master/src/main/java/com/alibaba/com/caucho/hessian/io/SerializerFactory.java) - [JavaDeserializer.java](https://github.com/apache/dubbo-hessian-lite/blob/master/src/main/java/com/alibaba/com/caucho/hessian/io/JavaDeserializer.java) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
