ObjectInputStream and Class Loading
Hello,
I have a serializable object that I have to pass as an argument to a session bean. It therefore is serialised/deserialised with a default object inputstream, which uses the bootstrap class loader as default. However, the object contains objects of which the classes cannot be loaded by the bootstrap class loader, in fact the class definitions are in a .jar file. I thus would need to be able to deserialise these objects with a custom class loader at the receiver's end. The receiver has the .jar file and the object that is to be deserialised is a trusted object.
I could manually control the deserialization of the object by defining the following method:
privatevoid readObject(ObjectInputStream in)throws IOException, ClassNotFoundException{
...
}
I could also deserialize objects from a self created ObjectInputStream with a class loader of choice with the following class:
publicclass CustomObjectInputStreamextends ObjectInputStream{
private ClassLoader classLoader;
public CustomObjectInputStream(InputStream in, ClassLoader classLoader)throws IOException{
super(in);
this.classLoader = classLoader;
}
protected Class<?> resolveClass(ObjectStreamClass desc)throws ClassNotFoundException{
return Class.forName(desc.getName(), false, classLoader);
}
}
However I have no control over the type of ObjectInputstream passed as argument to the readObject method, which uses the bootstrap class loader.
I give 5 duke stars to who can explain me a working solution.
