Serialization problem

W

wex

I am persisting a serialized object to a db. I have been able to
write and read it without problem until I recently did some
refractoring of my code and moved the class with gets serialized into
another package. Now I get a ClassNotFoundException. The class is
exactly the same just in another package. I didn't realize the
serialized object cared about it's package location. This is rather
annoying, does anyone know if there is a way around this problem.
Maybe another way to read and write it that doesn't make it so
sensitive? Below is my code to read and write the object.


//READ THE SERIALIZED OBJECT
byte[] buf = rs.getBytes("SERIALIZEDOBJECT");
if (buf != null)
{
ObjectInputStream objectIn = new ObjectInputStream(new
ByteArrayInputStream(buf));
this.serializeddata
=(mbs.data.serializeddata.SerializedDataObject)objectIn.readObject();
}

//write the serialized object
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream oout = new ObjectOutputStream(baos);
oout.writeObject(this.serializeddata);
oout.close();
statement.setObject(3, baos.toByteArray(), Types.OTHER);
 
J

Jim Sculley

wex said:
I am persisting a serialized object to a db. I have been able to
write and read it without problem until I recently did some
refractoring of my code and moved the class with gets serialized into
another package. Now I get a ClassNotFoundException. The class is
exactly the same just in another package. I didn't realize the
serialized object cared about it's package location.
Click to expand...

How else would it know if a serialized 'String' object was a
java.lang.String or a com.someothervendor.String?
This is rather
annoying, does anyone know if there is a way around this problem.
Click to expand...

Don't serialize something, change what the thing actually is and then
expect to be able to deserialize it.
Maybe another way to read and write it that doesn't make it so
sensitive?
Click to expand...

XML? At least then it would be editable. Of course, you might get by
with a hex editor replacing the package name bytes in the serialized
file. I don't know if this would cause security or bytecode
verification problems though.

Jim S.
 
L

Liz

wex said:
I am persisting a serialized object to a db. I have been able to
write and read it without problem until I recently did some
refractoring of my code and moved the class with gets serialized into
another package. Now I get a ClassNotFoundException. The class is
exactly the same just in another package. I didn't realize the
serialized object cared about it's package location. This is rather
annoying, does anyone know if there is a way around this problem.
Maybe another way to read and write it that doesn't make it so
sensitive? Below is my code to read and write the object.


//READ THE SERIALIZED OBJECT
byte[] buf = rs.getBytes("SERIALIZEDOBJECT");
if (buf != null)
{
ObjectInputStream objectIn = new ObjectInputStream(new
ByteArrayInputStream(buf));
this.serializeddata
=(mbs.data.serializeddata.SerializedDataObject)objectIn.readObject();
}

//write the serialized object
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream oout = new ObjectOutputStream(baos);
oout.writeObject(this.serializeddata);
oout.close();
statement.setObject(3, baos.toByteArray(), Types.OTHER);
Click to expand...

Did you try sprinkling "public" around?
 
W

wex

Liz said:
wex said:
I am persisting a serialized object to a db. I have been able to
write and read it without problem until I recently did some
refractoring of my code and moved the class with gets serialized into
another package. Now I get a ClassNotFoundException. The class is
exactly the same just in another package. I didn't realize the
serialized object cared about it's package location. This is rather
annoying, does anyone know if there is a way around this problem.
Maybe another way to read and write it that doesn't make it so
sensitive? Below is my code to read and write the object.


//READ THE SERIALIZED OBJECT
byte[] buf = rs.getBytes("SERIALIZEDOBJECT");
if (buf != null)
{
ObjectInputStream objectIn = new ObjectInputStream(new
ByteArrayInputStream(buf));
this.serializeddata
=(mbs.data.serializeddata.SerializedDataObject)objectIn.readObject();
}

//write the serialized object
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream oout = new ObjectOutputStream(baos);
oout.writeObject(this.serializeddata);
oout.close();
statement.setObject(3, baos.toByteArray(), Types.OTHER);
Click to expand...

Did you try sprinkling "public" around?
Click to expand...

What do you mean by sprinkle public around? The class is a public
class, what else has to be public?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

weird serialization issue with long 2
Serialization Issue 11
Bytebuffer to byte array and Object streams 4
Different Serialization Technique In .NET 0
Generic clone for deep copying - is this any good? 4
Saving a serialized object into a derby database 0
DeepCopy problems with dissolved proxy 0
Need help with JDBC code walk 3

Members online

No members online now.
Total: 73 (members: 1, guests: 72)
Robots: 409

Forum statistics

Threads
473,982
Messages
2,570,189
Members
46,735
Latest member
HikmatRamazanov

Latest Threads

Top