3

I have an ObjectInputStream and want to load classes with a custom ClassLoader.

Thus is created a subclass of ObjectInputStream that overrides the resolveClass() function.

Now my problem is that i want to change the ClassLoader during execution. But sometimes resolveClass() does not seem to be executed when I do readObject()on this stream. Then the class is loaded with the wrong ClassLoader.

Any idea why resolveClass() is not executed and how to solve this issue?

ejoerns
  • 965
  • 2
  • 11
  • 22
  • 1
    It is hard to answer something without any piece of significant parts of your code – Andremoniy Jan 17 '13 at 18:48
  • `resolveClass()` is a standard function in ObjectInputStream and the only thing I do with the stream is execute `readObject()`. – ejoerns Jan 17 '13 at 18:56
  • how are you changing `ClassLoader` and how it is related with `ObjectInputStream` and deserialization? – Andremoniy Jan 17 '13 at 18:58

2 Answers2

2

resolveClass() will be called once per class descriptor in the stream. I have no idea what would happen if you wrote multiple descriptors for the same full qualified class name - probably unspecified. The correct solution would be to use multiple streams (could be nested within one another).

Tom Hawtin - tackline
  • 145,806
  • 30
  • 211
  • 305
  • Is it true that it also depends on the classloader of the sent object whether the call is done or not? – ejoerns Jan 18 '13 at 01:07
  • It is possible to add an annotation (not a Java language annotation, just some bytes) to the stream and use that to determine class loader. RMI for example does this unless disabled with the `"java.rmi.server.useCodebaseOnly" system property (do set it!, the right one, not the incorrect string I put in the Java Secure Coding Guidelines). I can't off the top of my head remember what the sequence of calls is, or whether it's documented. It'll be in the code. – Tom Hawtin - tackline Jan 18 '13 at 01:37
0

From Java API doc for ObjectInputStream.resolveClass():

This method will be invoked only once for each unique class in the stream.

Possible quick&dirty fix:

Always call reset() on the ObjectOutputStream after sending. This will reset the streams as if they were new and make them forget about having sent/received a class already.

ejoerns
  • 965
  • 2
  • 11
  • 22