Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Make Java runtime ignore serialVersionUIDs?

Tags:

I have to work with a large number of compiled Java classes which didn't explicitly specify a serialVersionUID. Because their UIDs were arbitrarily generated by the compiler, many of the classes which need to be serialized and deserialized end up causing exceptions, even though the actual class definitions match up. (This is all expected behavior, of course.)

It is impractical for me to go back and fix all of this 3rd-party code.

Therefore, my question is: Is there any way to make the Java runtime ignore differences in serialVersionUIDs, and only fail to deserialize when there are actual differences in structure?

like image 998
kpozin Avatar asked Nov 29 '09 19:11

kpozin


People also ask

How do you stop serialization in Java?

To avoid Java serialization you need to implement writeObject() and readObject() method in your Class and need to throw NotSerializableException from those method.

Why is SerialVersionUID used in Java?

The SerialVersionUID can be used during deserialization to verify that the sender and receiver of a serialized object have loaded classes for that object that are compatible w.r.t serialization. If the deserialization object is different than serialization, then it can throw an InvalidClassException.

What is the SerialVersionUID in Java?

The serialVersionUID attribute is an identifier that is used to serialize/deserialize an object of a Serializable class.

What is private static final long SerialVersionUID 1l?

The serialVersionUID is a universal version identifier for a Serializable class. Deserialization uses this number to ensure that a loaded class corresponds exactly to a serialized object. If no match is found, then an InvalidClassException is thrown. Follow this answer to receive notifications.


1 Answers

If you have access to the code base, you could use the SerialVer task for Ant to insert and to modify the serialVersionUID in the source code of a serializable class and fix the problem once for all.

If you can't, or if this is not an option (e.g. if you have already serialized some objects that you need to deserialize), one solution would be to extend ObjectInputStream. Augment its behavior to compare the serialVersionUID of the stream descriptor with the serialVersionUID of the class in the local JVM that this descriptor represents and to use the local class descriptor in case of mismatch. Then, just use this custom class for the deserialization. Something like this (credits to this message):

import java.io.IOException; import java.io.InputStream; import java.io.InvalidClassException; import java.io.ObjectInputStream; import java.io.ObjectStreamClass; import org.slf4j.Logger; import org.slf4j.LoggerFactory;   public class DecompressibleInputStream extends ObjectInputStream {      private static Logger logger = LoggerFactory.getLogger(DecompressibleInputStream.class);          public DecompressibleInputStream(InputStream in) throws IOException {         super(in);     }          @Override     protected ObjectStreamClass readClassDescriptor() throws IOException, ClassNotFoundException {         ObjectStreamClass resultClassDescriptor = super.readClassDescriptor(); // initially streams descriptor         Class localClass; // the class in the local JVM that this descriptor represents.         try {             localClass = Class.forName(resultClassDescriptor.getName());          } catch (ClassNotFoundException e) {             logger.error("No local class for " + resultClassDescriptor.getName(), e);             return resultClassDescriptor;         }         ObjectStreamClass localClassDescriptor = ObjectStreamClass.lookup(localClass);         if (localClassDescriptor != null) { // only if class implements serializable             final long localSUID = localClassDescriptor.getSerialVersionUID();             final long streamSUID = resultClassDescriptor.getSerialVersionUID();             if (streamSUID != localSUID) { // check for serialVersionUID mismatch.                 final StringBuffer s = new StringBuffer("Overriding serialized class version mismatch: ");                 s.append("local serialVersionUID = ").append(localSUID);                 s.append(" stream serialVersionUID = ").append(streamSUID);                 Exception e = new InvalidClassException(s.toString());                 logger.error("Potentially Fatal Deserialization Operation.", e);                 resultClassDescriptor = localClassDescriptor; // Use local class descriptor for deserialization             }         }         return resultClassDescriptor;     } } 
like image 89
Pascal Thivent Avatar answered Jun 18 '23 13:06

Pascal Thivent