使Java运行时忽略serialVersionUIDs？ [英] Make Java runtime ignore serialVersionUIDs?

问题描述

我必须处理大量已编译的Java类，这些类没有明确指定serialVersionUID。因为它们的UID是由编译器任意生成的，所以许多需要序列化和反序列化的类最终导致异常，即使实际的类定义匹配。 （当然，这是所有预期的行为。）

I have to work with a large number of compiled Java classes which didn't explicitly specify a serialVersionUID. Because their UIDs were arbitrarily generated by the compiler, many of the classes which need to be serialized and deserialized end up causing exceptions, even though the actual class definitions match up. (This is all expected behavior, of course.)

我回去修复所有这些第三方代码是不切实际的。

It is impractical for me to go back and fix all of this 3rd-party code.

因此，我的问题是：是否有任何方法可以使serialVersionUID中的Java运行时忽略差异，并且只有在结构存在实际差异时才能反序列化？

Therefore, my question is: Is there any way to make the Java runtime ignore differences in serialVersionUIDs, and only fail to deserialize when there are actual differences in structure?

推荐答案

如果您有权访问代码库，则可以使用 Ant的SerialVer任务在可序列化类的源代码中插入和修改 serialVersionUID 并修复问题一次对于所有人。

If you have access to the code base, you could use the SerialVer task for Ant to insert and to modify the serialVersionUID in the source code of a serializable class and fix the problem once for all.

如果你不能，或者这不是一个选项（例如，如果你已经序列化了一些需要反序列化的对象），那么一个解决方案就是是扩展 ObjectInputStream 。增加其行为以将流描述符的 serialVersionUID 与本地JVM中该类的 serialVersionUID 进行比较表示不匹配时使用本地类描述符。然后，只需使用此自定义类进行反序列化。这样的事情（信用到此消息）：

If you can't, or if this is not an option (e.g. if you have already serialized some objects that you need to deserialize), one solution would be to extend ObjectInputStream. Augment its behavior to compare the serialVersionUID of the stream descriptor with the serialVersionUID of the class in the local JVM that this descriptor represents and to use the local class descriptor in case of mismatch. Then, just use this custom class for the deserialization. Something like this (credits to this message):

import java.io.IOException;
import java.io.InputStream;
import java.io.InvalidClassException;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;


public class DecompressibleInputStream extends ObjectInputStream {

    private static Logger logger = LoggerFactory.getLogger(DecompressibleInputStream.class);

    public DecompressibleInputStream(InputStream in) throws IOException {
        super(in);
    }

    protected ObjectStreamClass readClassDescriptor() throws IOException, ClassNotFoundException {
        ObjectStreamClass resultClassDescriptor = super.readClassDescriptor(); // initially streams descriptor
        Class localClass; // the class in the local JVM that this descriptor represents.
        try {
            localClass = Class.forName(resultClassDescriptor.getName()); 
        } catch (ClassNotFoundException e) {
            logger.error("No local class for " + resultClassDescriptor.getName(), e);
            return resultClassDescriptor;
        }
        ObjectStreamClass localClassDescriptor = ObjectStreamClass.lookup(localClass);
        if (localClassDescriptor != null) { // only if class implements serializable
            final long localSUID = localClassDescriptor.getSerialVersionUID();
            final long streamSUID = resultClassDescriptor.getSerialVersionUID();
            if (streamSUID != localSUID) { // check for serialVersionUID mismatch.
                final StringBuffer s = new StringBuffer("Overriding serialized class version mismatch: ");
                s.append("local serialVersionUID = ").append(localSUID);
                s.append(" stream serialVersionUID = ").append(streamSUID);
                Exception e = new InvalidClassException(s.toString());
                logger.error("Potentially Fatal Deserialization Operation.", e);
                resultClassDescriptor = localClassDescriptor; // Use local class descriptor for deserialization
            }
        }
        return resultClassDescriptor;
    }
}

这篇关于使Java运行时忽略serialVersionUIDs？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！