diff -r 000000000000 -r 5198affdb915 emul/compact/src/main/java/java/io/ObjectInputStream.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/emul/compact/src/main/java/java/io/ObjectInputStream.java Mon Jan 28 18:12:47 2013 +0100 @@ -0,0 +1,3508 @@ +/* + * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package java.io; + +import java.io.ObjectStreamClass.WeakClassKey; +import java.lang.ref.ReferenceQueue; +import java.lang.reflect.Array; +import java.lang.reflect.Modifier; +import java.lang.reflect.Proxy; +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; +import java.util.Arrays; +import java.util.HashMap; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.ConcurrentMap; +import java.util.concurrent.atomic.AtomicBoolean; +import static java.io.ObjectStreamClass.processQueue; + +/** + * An ObjectInputStream deserializes primitive data and objects previously + * written using an ObjectOutputStream. + * + *
ObjectOutputStream and ObjectInputStream can provide an application with + * persistent storage for graphs of objects when used with a FileOutputStream + * and FileInputStream respectively. ObjectInputStream is used to recover + * those objects previously serialized. Other uses include passing objects + * between hosts using a socket stream or for marshaling and unmarshaling + * arguments and parameters in a remote communication system. + * + *
ObjectInputStream ensures that the types of all objects in the graph + * created from the stream match the classes present in the Java Virtual + * Machine. Classes are loaded as required using the standard mechanisms. + * + *
Only objects that support the java.io.Serializable or + * java.io.Externalizable interface can be read from streams. + * + *
The method readObject
is used to read an object from the
+ * stream. Java's safe casting should be used to get the desired type. In
+ * Java, strings and arrays are objects and are treated as objects during
+ * serialization. When read they need to be cast to the expected type.
+ *
+ *
Primitive data types can be read from the stream using the appropriate + * method on DataInput. + * + *
The default deserialization mechanism for objects restores the contents + * of each field to the value and type it had when it was written. Fields + * declared as transient or static are ignored by the deserialization process. + * References to other objects cause those objects to be read from the stream + * as necessary. Graphs of objects are restored correctly using a reference + * sharing mechanism. New objects are always allocated when deserializing, + * which prevents existing objects from being overwritten. + * + *
Reading an object is analogous to running the constructors of a new + * object. Memory is allocated for the object and initialized to zero (NULL). + * No-arg constructors are invoked for the non-serializable classes and then + * the fields of the serializable classes are restored from the stream starting + * with the serializable class closest to java.lang.object and finishing with + * the object's most specific class. + * + *
For example to read from a stream as written by the example in
+ * ObjectOutputStream:
+ *
+ *
+ * FileInputStream fis = new FileInputStream("t.tmp"); + * ObjectInputStream ois = new ObjectInputStream(fis); + * + * int i = ois.readInt(); + * String today = (String) ois.readObject(); + * Date date = (Date) ois.readObject(); + * + * ois.close(); + *+ * + *
Classes control how they are serialized by implementing either the + * java.io.Serializable or java.io.Externalizable interfaces. + * + *
Implementing the Serializable interface allows object serialization to + * save and restore the entire state of the object and it allows classes to + * evolve between the time the stream is written and the time it is read. It + * automatically traverses references between objects, saving and restoring + * entire graphs. + * + *
Serializable classes that require special handling during the + * serialization and deserialization process should implement the following + * methods:
+ * + *
+ * private void writeObject(java.io.ObjectOutputStream stream) + * throws IOException; + * private void readObject(java.io.ObjectInputStream stream) + * throws IOException, ClassNotFoundException; + * private void readObjectNoData() + * throws ObjectStreamException; + *+ * + *
The readObject method is responsible for reading and restoring the state + * of the object for its particular class using data written to the stream by + * the corresponding writeObject method. The method does not need to concern + * itself with the state belonging to its superclasses or subclasses. State is + * restored by reading data from the ObjectInputStream for the individual + * fields and making assignments to the appropriate fields of the object. + * Reading primitive data types is supported by DataInput. + * + *
Any attempt to read object data which exceeds the boundaries of the + * custom data written by the corresponding writeObject method will cause an + * OptionalDataException to be thrown with an eof field value of true. + * Non-object reads which exceed the end of the allotted data will reflect the + * end of data in the same way that they would indicate the end of the stream: + * bytewise reads will return -1 as the byte read or number of bytes read, and + * primitive reads will throw EOFExceptions. If there is no corresponding + * writeObject method, then the end of default serialized data marks the end of + * the allotted data. + * + *
Primitive and object read calls issued from within a readExternal method
+ * behave in the same manner--if the stream is already positioned at the end of
+ * data written by the corresponding writeExternal method, object reads will
+ * throw OptionalDataExceptions with eof set to true, bytewise reads will
+ * return -1, and primitive reads will throw EOFExceptions. Note that this
+ * behavior does not hold for streams written with the old
+ * ObjectStreamConstants.PROTOCOL_VERSION_1
protocol, in which the
+ * end of data written by writeExternal methods is not demarcated, and hence
+ * cannot be detected.
+ *
+ *
The readObjectNoData method is responsible for initializing the state of + * the object for its particular class in the event that the serialization + * stream does not list the given class as a superclass of the object being + * deserialized. This may occur in cases where the receiving party uses a + * different version of the deserialized instance's class than the sending + * party, and the receiver's version extends classes that are not extended by + * the sender's version. This may also occur if the serialization stream has + * been tampered; hence, readObjectNoData is useful for initializing + * deserialized objects properly despite a "hostile" or incomplete source + * stream. + * + *
Serialization does not read or assign values to the fields of any object + * that does not implement the java.io.Serializable interface. Subclasses of + * Objects that are not serializable can be serializable. In this case the + * non-serializable class must have a no-arg constructor to allow its fields to + * be initialized. In this case it is the responsibility of the subclass to + * save and restore the state of the non-serializable class. It is frequently + * the case that the fields of that class are accessible (public, package, or + * protected) or that there are get and set methods that can be used to restore + * the state. + * + *
Any exception that occurs while deserializing an object will be caught by + * the ObjectInputStream and abort the reading process. + * + *
Implementing the Externalizable interface allows the object to assume + * complete control over the contents and format of the object's serialized + * form. The methods of the Externalizable interface, writeExternal and + * readExternal, are called to save and restore the objects state. When + * implemented by a class they can write and read their own state using all of + * the methods of ObjectOutput and ObjectInput. It is the responsibility of + * the objects to handle any versioning that occurs. + * + *
Enum constants are deserialized differently than ordinary serializable or
+ * externalizable objects. The serialized form of an enum constant consists
+ * solely of its name; field values of the constant are not transmitted. To
+ * deserialize an enum constant, ObjectInputStream reads the constant name from
+ * the stream; the deserialized constant is then obtained by calling the static
+ * method If a security manager is installed, this constructor will check for
+ * the "enableSubclassImplementation" SerializablePermission when invoked
+ * directly or indirectly by the constructor of a subclass which overrides
+ * the ObjectInputStream.readFields or ObjectInputStream.readUnshared
+ * methods.
+ *
+ * @param in input stream to read from
+ * @throws StreamCorruptedException if the stream header is incorrect
+ * @throws IOException if an I/O error occurs while reading stream header
+ * @throws SecurityException if untrusted subclass illegally overrides
+ * security-sensitive methods
+ * @throws NullPointerException if If there is a security manager installed, this method first calls the
+ * security manager's The root object is completely restored when all of its fields and the
+ * objects it references are completely restored. At this point the object
+ * validation callbacks are executed in order based on their registered
+ * priorities. The callbacks are registered by objects (in the readObject
+ * special methods) as they are individually restored.
+ *
+ * Exceptions are thrown for problems with the InputStream and for
+ * classes that should not be deserialized. All exceptions are fatal to
+ * the InputStream and leave it in an indeterminate state; it is up to the
+ * caller to ignore or recover the stream state.
+ *
+ * @throws ClassNotFoundException Class of a serialized object cannot be
+ * found.
+ * @throws InvalidClassException Something is wrong with a class used by
+ * serialization.
+ * @throws StreamCorruptedException Control information in the
+ * stream is inconsistent.
+ * @throws OptionalDataException Primitive data was found in the
+ * stream instead of objects.
+ * @throws IOException Any of the usual Input/Output related exceptions.
+ */
+ public final Object readObject()
+ throws IOException, ClassNotFoundException
+ {
+ if (enableOverride) {
+ return readObjectOverride();
+ }
+
+ // if nested read, passHandle contains handle of enclosing object
+ int outerHandle = passHandle;
+ try {
+ Object obj = readObject0(false);
+ handles.markDependency(outerHandle, passHandle);
+ ClassNotFoundException ex = handles.lookupException(passHandle);
+ if (ex != null) {
+ throw ex;
+ }
+ if (depth == 0) {
+ vlist.doCallbacks();
+ }
+ return obj;
+ } finally {
+ passHandle = outerHandle;
+ if (closed && depth == 0) {
+ clear();
+ }
+ }
+ }
+
+ /**
+ * This method is called by trusted subclasses of ObjectOutputStream that
+ * constructed ObjectOutputStream using the protected no-arg constructor.
+ * The subclass is expected to provide an override method with the modifier
+ * "final".
+ *
+ * @return the Object read from the stream.
+ * @throws ClassNotFoundException Class definition of a serialized object
+ * cannot be found.
+ * @throws OptionalDataException Primitive data was found in the stream
+ * instead of objects.
+ * @throws IOException if I/O errors occurred while reading from the
+ * underlying stream
+ * @see #ObjectInputStream()
+ * @see #readObject()
+ * @since 1.2
+ */
+ protected Object readObjectOverride()
+ throws IOException, ClassNotFoundException
+ {
+ return null;
+ }
+
+ /**
+ * Reads an "unshared" object from the ObjectInputStream. This method is
+ * identical to readObject, except that it prevents subsequent calls to
+ * readObject and readUnshared from returning additional references to the
+ * deserialized instance obtained via this call. Specifically:
+ * ObjectInputStream subclasses which override this method can only be
+ * constructed in security contexts possessing the
+ * "enableSubclassImplementation" SerializablePermission; any attempt to
+ * instantiate such a subclass without this permission will cause a
+ * SecurityException to be thrown.
+ *
+ * @return reference to deserialized object
+ * @throws ClassNotFoundException if class of an object to deserialize
+ * cannot be found
+ * @throws StreamCorruptedException if control information in the stream
+ * is inconsistent
+ * @throws ObjectStreamException if object to deserialize has already
+ * appeared in stream
+ * @throws OptionalDataException if primitive data is next in stream
+ * @throws IOException if an I/O error occurs during deserialization
+ * @since 1.4
+ */
+ public Object readUnshared() throws IOException, ClassNotFoundException {
+ // if nested read, passHandle contains handle of enclosing object
+ int outerHandle = passHandle;
+ try {
+ Object obj = readObject0(true);
+ handles.markDependency(outerHandle, passHandle);
+ ClassNotFoundException ex = handles.lookupException(passHandle);
+ if (ex != null) {
+ throw ex;
+ }
+ if (depth == 0) {
+ vlist.doCallbacks();
+ }
+ return obj;
+ } finally {
+ passHandle = outerHandle;
+ if (closed && depth == 0) {
+ clear();
+ }
+ }
+ }
+
+ /**
+ * Read the non-static and non-transient fields of the current class from
+ * this stream. This may only be called from the readObject method of the
+ * class being deserialized. It will throw the NotActiveException if it is
+ * called otherwise.
+ *
+ * @throws ClassNotFoundException if the class of a serialized object
+ * could not be found.
+ * @throws IOException if an I/O error occurs.
+ * @throws NotActiveException if the stream is not currently reading
+ * objects.
+ */
+ public void defaultReadObject()
+ throws IOException, ClassNotFoundException
+ {
+ if (curContext == null) {
+ throw new NotActiveException("not in call to readObject");
+ }
+ Object curObj = curContext.getObj();
+ ObjectStreamClass curDesc = curContext.getDesc();
+ bin.setBlockDataMode(false);
+ defaultReadFields(curObj, curDesc);
+ bin.setBlockDataMode(true);
+ if (!curDesc.hasWriteObjectData()) {
+ /*
+ * Fix for 4360508: since stream does not contain terminating
+ * TC_ENDBLOCKDATA tag, set flag so that reading code elsewhere
+ * knows to simulate end-of-custom-data behavior.
+ */
+ defaultDataEnd = true;
+ }
+ ClassNotFoundException ex = handles.lookupException(passHandle);
+ if (ex != null) {
+ throw ex;
+ }
+ }
+
+ /**
+ * Reads the persistent fields from the stream and makes them available by
+ * name.
+ *
+ * @return the The corresponding method in The default implementation of this method in
+ * This method is called exactly once for each unique proxy class
+ * descriptor in the stream.
+ *
+ * The corresponding method in The default implementation of this method in
+ * This method is called after an object has been read but before it is
+ * returned from readObject. The default resolveObject method just returns
+ * the same object.
+ *
+ * When a subclass is replacing objects it must insure that the
+ * substituted object is compatible with every field where the reference
+ * will be stored. Objects whose type is not a subclass of the type of the
+ * field or array element abort the serialization by raising an exception
+ * and the object is not be stored.
+ *
+ * This method is called only once when each object is first
+ * encountered. All subsequent references to the object will be redirected
+ * to the new object.
+ *
+ * @param obj object to be substituted
+ * @return the substituted object
+ * @throws IOException Any of the usual Input/Output exceptions.
+ */
+ protected Object resolveObject(Object obj) throws IOException {
+ return obj;
+ }
+
+ /**
+ * Enable the stream to allow objects read from the stream to be replaced.
+ * When enabled, the resolveObject method is called for every object being
+ * deserialized.
+ *
+ * If enable is true, and there is a security manager installed,
+ * this method first calls the security manager's
+ * General use of the table is as follows: during deserialization, a
+ * given object is first assigned a handle by calling the assign method.
+ * This method leaves the assigned handle in an "open" state, wherein
+ * dependencies on the exception status of other handles can be registered
+ * by calling the markDependency method, or an exception can be directly
+ * associated with the handle by calling markException. When a handle is
+ * tagged with an exception, the HandleTable assumes responsibility for
+ * propagating the exception to any other objects which depend
+ * (transitively) on the exception-tagged object.
+ *
+ * Once all exception information/dependencies for the handle have been
+ * registered, the handle should be "closed" by calling the finish method
+ * on it. The act of finishing a handle allows the exception propagation
+ * algorithm to aggressively prune dependency links, lessening the
+ * performance/memory impact of exception tracking.
+ *
+ * Note that the exception propagation algorithm used depends on handles
+ * being assigned/finished in LIFO order; however, for simplicity as well
+ * as memory conservation, it does not enforce this constraint.
+ */
+ // REMIND: add full description of exception propagation algorithm?
+ private static class HandleTable {
+
+ /* status codes indicating whether object has associated exception */
+ private static final byte STATUS_OK = 1;
+ private static final byte STATUS_UNKNOWN = 2;
+ private static final byte STATUS_EXCEPTION = 3;
+
+ /** array mapping handle -> object status */
+ byte[] status;
+ /** array mapping handle -> object/exception (depending on status) */
+ Object[] entries;
+ /** array mapping handle -> list of dependent handles (if any) */
+ HandleList[] deps;
+ /** lowest unresolved dependency */
+ int lowDep = -1;
+ /** number of handles in table */
+ int size = 0;
+
+ /**
+ * Creates handle table with the given initial capacity.
+ */
+ HandleTable(int initialCapacity) {
+ status = new byte[initialCapacity];
+ entries = new Object[initialCapacity];
+ deps = new HandleList[initialCapacity];
+ }
+
+ /**
+ * Assigns next available handle to given object, and returns assigned
+ * handle. Once object has been completely deserialized (and all
+ * dependencies on other objects identified), the handle should be
+ * "closed" by passing it to finish().
+ */
+ int assign(Object obj) {
+ if (size >= entries.length) {
+ grow();
+ }
+ status[size] = STATUS_UNKNOWN;
+ entries[size] = obj;
+ return size++;
+ }
+
+ /**
+ * Registers a dependency (in exception status) of one handle on
+ * another. The dependent handle must be "open" (i.e., assigned, but
+ * not finished yet). No action is taken if either dependent or target
+ * handle is NULL_HANDLE.
+ */
+ void markDependency(int dependent, int target) {
+ if (dependent == NULL_HANDLE || target == NULL_HANDLE) {
+ return;
+ }
+ switch (status[dependent]) {
+
+ case STATUS_UNKNOWN:
+ switch (status[target]) {
+ case STATUS_OK:
+ // ignore dependencies on objs with no exception
+ break;
+
+ case STATUS_EXCEPTION:
+ // eagerly propagate exception
+ markException(dependent,
+ (ClassNotFoundException) entries[target]);
+ break;
+
+ case STATUS_UNKNOWN:
+ // add to dependency list of target
+ if (deps[target] == null) {
+ deps[target] = new HandleList();
+ }
+ deps[target].add(dependent);
+
+ // remember lowest unresolved target seen
+ if (lowDep < 0 || lowDep > target) {
+ lowDep = target;
+ }
+ break;
+
+ default:
+ throw new InternalError();
+ }
+ break;
+
+ case STATUS_EXCEPTION:
+ break;
+
+ default:
+ throw new InternalError();
+ }
+ }
+
+ /**
+ * Associates a ClassNotFoundException (if one not already associated)
+ * with the currently active handle and propagates it to other
+ * referencing objects as appropriate. The specified handle must be
+ * "open" (i.e., assigned, but not finished yet).
+ */
+ void markException(int handle, ClassNotFoundException ex) {
+ switch (status[handle]) {
+ case STATUS_UNKNOWN:
+ status[handle] = STATUS_EXCEPTION;
+ entries[handle] = ex;
+
+ // propagate exception to dependents
+ HandleList dlist = deps[handle];
+ if (dlist != null) {
+ int ndeps = dlist.size();
+ for (int i = 0; i < ndeps; i++) {
+ markException(dlist.get(i), ex);
+ }
+ deps[handle] = null;
+ }
+ break;
+
+ case STATUS_EXCEPTION:
+ break;
+
+ default:
+ throw new InternalError();
+ }
+ }
+
+ /**
+ * Marks given handle as finished, meaning that no new dependencies
+ * will be marked for handle. Calls to the assign and finish methods
+ * must occur in LIFO order.
+ */
+ void finish(int handle) {
+ int end;
+ if (lowDep < 0) {
+ // no pending unknowns, only resolve current handle
+ end = handle + 1;
+ } else if (lowDep >= handle) {
+ // pending unknowns now clearable, resolve all upward handles
+ end = size;
+ lowDep = -1;
+ } else {
+ // unresolved backrefs present, can't resolve anything yet
+ return;
+ }
+
+ // change STATUS_UNKNOWN -> STATUS_OK in selected span of handles
+ for (int i = handle; i < end; i++) {
+ switch (status[i]) {
+ case STATUS_UNKNOWN:
+ status[i] = STATUS_OK;
+ deps[i] = null;
+ break;
+
+ case STATUS_OK:
+ case STATUS_EXCEPTION:
+ break;
+
+ default:
+ throw new InternalError();
+ }
+ }
+ }
+
+ /**
+ * Assigns a new object to the given handle. The object previously
+ * associated with the handle is forgotten. This method has no effect
+ * if the given handle already has an exception associated with it.
+ * This method may be called at any time after the handle is assigned.
+ */
+ void setObject(int handle, Object obj) {
+ switch (status[handle]) {
+ case STATUS_UNKNOWN:
+ case STATUS_OK:
+ entries[handle] = obj;
+ break;
+
+ case STATUS_EXCEPTION:
+ break;
+
+ default:
+ throw new InternalError();
+ }
+ }
+
+ /**
+ * Looks up and returns object associated with the given handle.
+ * Returns null if the given handle is NULL_HANDLE, or if it has an
+ * associated ClassNotFoundException.
+ */
+ Object lookupObject(int handle) {
+ return (handle != NULL_HANDLE &&
+ status[handle] != STATUS_EXCEPTION) ?
+ entries[handle] : null;
+ }
+
+ /**
+ * Looks up and returns ClassNotFoundException associated with the
+ * given handle. Returns null if the given handle is NULL_HANDLE, or
+ * if there is no ClassNotFoundException associated with the handle.
+ */
+ ClassNotFoundException lookupException(int handle) {
+ return (handle != NULL_HANDLE &&
+ status[handle] == STATUS_EXCEPTION) ?
+ (ClassNotFoundException) entries[handle] : null;
+ }
+
+ /**
+ * Resets table to its initial state.
+ */
+ void clear() {
+ Arrays.fill(status, 0, size, (byte) 0);
+ Arrays.fill(entries, 0, size, null);
+ Arrays.fill(deps, 0, size, null);
+ lowDep = -1;
+ size = 0;
+ }
+
+ /**
+ * Returns number of handles registered in table.
+ */
+ int size() {
+ return size;
+ }
+
+ /**
+ * Expands capacity of internal arrays.
+ */
+ private void grow() {
+ int newCapacity = (entries.length << 1) + 1;
+
+ byte[] newStatus = new byte[newCapacity];
+ Object[] newEntries = new Object[newCapacity];
+ HandleList[] newDeps = new HandleList[newCapacity];
+
+ System.arraycopy(status, 0, newStatus, 0, size);
+ System.arraycopy(entries, 0, newEntries, 0, size);
+ System.arraycopy(deps, 0, newDeps, 0, size);
+
+ status = newStatus;
+ entries = newEntries;
+ deps = newDeps;
+ }
+
+ /**
+ * Simple growable list of (integer) handles.
+ */
+ private static class HandleList {
+ private int[] list = new int[4];
+ private int size = 0;
+
+ public HandleList() {
+ }
+
+ public void add(int handle) {
+ if (size >= list.length) {
+ int[] newList = new int[list.length << 1];
+ System.arraycopy(list, 0, newList, 0, list.length);
+ list = newList;
+ }
+ list[size++] = handle;
+ }
+
+ public int get(int index) {
+ if (index >= size) {
+ throw new ArrayIndexOutOfBoundsException();
+ }
+ return list[index];
+ }
+
+ public int size() {
+ return size;
+ }
+ }
+ }
+
+ /**
+ * Method for cloning arrays in case of using unsharing reading
+ */
+ private static Object cloneArray(Object array) {
+ if (array instanceof Object[]) {
+ return ((Object[]) array).clone();
+ } else if (array instanceof boolean[]) {
+ return ((boolean[]) array).clone();
+ } else if (array instanceof byte[]) {
+ return ((byte[]) array).clone();
+ } else if (array instanceof char[]) {
+ return ((char[]) array).clone();
+ } else if (array instanceof double[]) {
+ return ((double[]) array).clone();
+ } else if (array instanceof float[]) {
+ return ((float[]) array).clone();
+ } else if (array instanceof int[]) {
+ return ((int[]) array).clone();
+ } else if (array instanceof long[]) {
+ return ((long[]) array).clone();
+ } else if (array instanceof short[]) {
+ return ((short[]) array).clone();
+ } else {
+ throw new AssertionError();
+ }
+ }
+
+}
Enum.valueOf(Class, String)
with the enum constant's
+ * base type and the received constant name as arguments. Like other
+ * serializable or externalizable objects, enum constants can function as the
+ * targets of back references appearing subsequently in the serialization
+ * stream. The process by which enum constants are deserialized cannot be
+ * customized: any class-specific readObject, readObjectNoData, and readResolve
+ * methods defined by enum types are ignored during deserialization.
+ * Similarly, any serialPersistentFields or serialVersionUID field declarations
+ * are also ignored--all enum types have a fixed serialVersionUID of 0L.
+ *
+ * @author Mike Warres
+ * @author Roger Riggs
+ * @see java.io.DataInput
+ * @see java.io.ObjectOutputStream
+ * @see java.io.Serializable
+ * @see Object Serialization Specification, Section 3, Object Input Classes
+ * @since JDK1.1
+ */
+public class ObjectInputStream
+ extends InputStream implements ObjectInput, ObjectStreamConstants
+{
+ /** handle value representing null */
+ private static final int NULL_HANDLE = -1;
+
+ /** marker for unshared objects in internal handle table */
+ private static final Object unsharedMarker = new Object();
+
+ /** table mapping primitive type names to corresponding class objects */
+ private static final HashMapin
is null
+ * @see ObjectInputStream#ObjectInputStream()
+ * @see ObjectInputStream#readFields()
+ * @see ObjectOutputStream#ObjectOutputStream(OutputStream)
+ */
+ public ObjectInputStream(InputStream in) throws IOException {
+ verifySubclass();
+ bin = new BlockDataInputStream(in);
+ handles = new HandleTable(10);
+ vlist = new ValidationList();
+ enableOverride = false;
+ readStreamHeader();
+ bin.setBlockDataMode(true);
+ }
+
+ /**
+ * Provide a way for subclasses that are completely reimplementing
+ * ObjectInputStream to not have to allocate private data just used by this
+ * implementation of ObjectInputStream.
+ *
+ * checkPermission
method with the
+ * SerializablePermission("enableSubclassImplementation")
+ * permission to ensure it's ok to enable subclassing.
+ *
+ * @throws SecurityException if a security manager exists and its
+ * checkPermission
method denies enabling
+ * subclassing.
+ * @see SecurityManager#checkPermission
+ * @see java.io.SerializablePermission
+ */
+ protected ObjectInputStream() throws IOException, SecurityException {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ sm.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION);
+ }
+ bin = null;
+ handles = null;
+ vlist = null;
+ enableOverride = true;
+ }
+
+ /**
+ * Read an object from the ObjectInputStream. The class of the object, the
+ * signature of the class, and the values of the non-transient and
+ * non-static fields of the class and all of its supertypes are read.
+ * Default deserializing for a class can be overriden using the writeObject
+ * and readObject methods. Objects referenced by this object are read
+ * transitively so that a complete equivalent graph of objects is
+ * reconstructed by readObject.
+ *
+ *
+ *
+ * Deserializing an object via readUnshared invalidates the stream handle
+ * associated with the returned object. Note that this in itself does not
+ * always guarantee that the reference returned by readUnshared is unique;
+ * the deserialized object may define a readResolve method which returns an
+ * object visible to other parties, or readUnshared may return a Class
+ * object or enum constant obtainable elsewhere in the stream or through
+ * external means. If the deserialized object defines a readResolve method
+ * and the invocation of that method returns an array, then readUnshared
+ * returns a shallow clone of that array; this guarantees that the returned
+ * array object is unique and cannot be obtained a second time from an
+ * invocation of readObject or readUnshared on the ObjectInputStream,
+ * even if the underlying data stream has been manipulated.
+ *
+ * GetField
object representing the persistent
+ * fields of the object being deserialized
+ * @throws ClassNotFoundException if the class of a serialized object
+ * could not be found.
+ * @throws IOException if an I/O error occurs.
+ * @throws NotActiveException if the stream is not currently reading
+ * objects.
+ * @since 1.2
+ */
+ public ObjectInputStream.GetField readFields()
+ throws IOException, ClassNotFoundException
+ {
+ if (curContext == null) {
+ throw new NotActiveException("not in call to readObject");
+ }
+ Object curObj = curContext.getObj();
+ ObjectStreamClass curDesc = curContext.getDesc();
+ bin.setBlockDataMode(false);
+ GetFieldImpl getField = new GetFieldImpl(curDesc);
+ getField.readFields();
+ bin.setBlockDataMode(true);
+ if (!curDesc.hasWriteObjectData()) {
+ /*
+ * Fix for 4360508: since stream does not contain terminating
+ * TC_ENDBLOCKDATA tag, set flag so that reading code elsewhere
+ * knows to simulate end-of-custom-data behavior.
+ */
+ defaultDataEnd = true;
+ }
+
+ return getField;
+ }
+
+ /**
+ * Register an object to be validated before the graph is returned. While
+ * similar to resolveObject these validations are called after the entire
+ * graph has been reconstituted. Typically, a readObject method will
+ * register the object with the stream so that when all of the objects are
+ * restored a final set of validations can be performed.
+ *
+ * @param obj the object to receive the validation callback.
+ * @param prio controls the order of callbacks;zero is a good default.
+ * Use higher numbers to be called back earlier, lower numbers for
+ * later callbacks. Within a priority, callbacks are processed in
+ * no particular order.
+ * @throws NotActiveException The stream is not currently reading objects
+ * so it is invalid to register a callback.
+ * @throws InvalidObjectException The validation object is null.
+ */
+ public void registerValidation(ObjectInputValidation obj, int prio)
+ throws NotActiveException, InvalidObjectException
+ {
+ if (depth == 0) {
+ throw new NotActiveException("stream inactive");
+ }
+ vlist.register(obj, prio);
+ }
+
+ /**
+ * Load the local class equivalent of the specified stream class
+ * description. Subclasses may implement this method to allow classes to
+ * be fetched from an alternate source.
+ *
+ * ObjectOutputStream
is
+ * annotateClass
. This method will be invoked only once for
+ * each unique class in the stream. This method can be implemented by
+ * subclasses to use an alternate loading mechanism but must return a
+ * Class
object. Once returned, if the class is not an array
+ * class, its serialVersionUID is compared to the serialVersionUID of the
+ * serialized class, and if there is a mismatch, the deserialization fails
+ * and an {@link InvalidClassException} is thrown.
+ *
+ * ObjectInputStream
returns the result of calling
+ *
+ * Class.forName(desc.getName(), false, loader)
+ *
+ * where loader
is determined as follows: if there is a
+ * method on the current thread's stack whose declaring class was
+ * defined by a user-defined class loader (and was not a generated to
+ * implement reflective invocations), then loader
is class
+ * loader corresponding to the closest such method to the currently
+ * executing frame; otherwise, loader
is
+ * null
. If this call results in a
+ * ClassNotFoundException
and the name of the passed
+ * ObjectStreamClass
instance is the Java language keyword
+ * for a primitive type or void, then the Class
object
+ * representing that primitive type or void will be returned
+ * (e.g., an ObjectStreamClass
with the name
+ * "int"
will be resolved to Integer.TYPE
).
+ * Otherwise, the ClassNotFoundException
will be thrown to
+ * the caller of this method.
+ *
+ * @param desc an instance of class ObjectStreamClass
+ * @return a Class
object corresponding to desc
+ * @throws IOException any of the usual Input/Output exceptions.
+ * @throws ClassNotFoundException if class of a serialized object cannot
+ * be found.
+ */
+ protected Class> resolveClass(ObjectStreamClass desc)
+ throws IOException, ClassNotFoundException
+ {
+ String name = desc.getName();
+ try {
+ return Class.forName(name, false, latestUserDefinedLoader());
+ } catch (ClassNotFoundException ex) {
+ Class> cl = primClasses.get(name);
+ if (cl != null) {
+ return cl;
+ } else {
+ throw ex;
+ }
+ }
+ }
+
+ /**
+ * Returns a proxy class that implements the interfaces named in a proxy
+ * class descriptor; subclasses may implement this method to read custom
+ * data from the stream along with the descriptors for dynamic proxy
+ * classes, allowing them to use an alternate loading mechanism for the
+ * interfaces and the proxy class.
+ *
+ * ObjectOutputStream
is
+ * annotateProxyClass
. For a given subclass of
+ * ObjectInputStream
that overrides this method, the
+ * annotateProxyClass
method in the corresponding subclass of
+ * ObjectOutputStream
must write any data or objects read by
+ * this method.
+ *
+ * ObjectInputStream
returns the result of calling
+ * Proxy.getProxyClass
with the list of Class
+ * objects for the interfaces that are named in the interfaces
+ * parameter. The Class
object for each interface name
+ * i
is the value returned by calling
+ *
+ * Class.forName(i, false, loader)
+ *
+ * where loader
is that of the first non-null
+ * class loader up the execution stack, or null
if no
+ * non-null
class loaders are on the stack (the same class
+ * loader choice used by the resolveClass
method). Unless any
+ * of the resolved interfaces are non-public, this same value of
+ * loader
is also the class loader passed to
+ * Proxy.getProxyClass
; if non-public interfaces are present,
+ * their class loader is passed instead (if more than one non-public
+ * interface class loader is encountered, an
+ * IllegalAccessError
is thrown).
+ * If Proxy.getProxyClass
throws an
+ * IllegalArgumentException
, resolveProxyClass
+ * will throw a ClassNotFoundException
containing the
+ * IllegalArgumentException
.
+ *
+ * @param interfaces the list of interface names that were
+ * deserialized in the proxy class descriptor
+ * @return a proxy class for the specified interfaces
+ * @throws IOException any exception thrown by the underlying
+ * InputStream
+ * @throws ClassNotFoundException if the proxy class or any of the
+ * named interfaces could not be found
+ * @see ObjectOutputStream#annotateProxyClass(Class)
+ * @since 1.3
+ */
+ protected Class> resolveProxyClass(String[] interfaces)
+ throws IOException, ClassNotFoundException
+ {
+ ClassLoader latestLoader = latestUserDefinedLoader();
+ ClassLoader nonPublicLoader = null;
+ boolean hasNonPublicInterface = false;
+
+ // define proxy in class loader of non-public interface(s), if any
+ Class[] classObjs = new Class[interfaces.length];
+ for (int i = 0; i < interfaces.length; i++) {
+ Class cl = Class.forName(interfaces[i], false, latestLoader);
+ if ((cl.getModifiers() & Modifier.PUBLIC) == 0) {
+ if (hasNonPublicInterface) {
+ if (nonPublicLoader != cl.getClassLoader()) {
+ throw new IllegalAccessError(
+ "conflicting non-public interface class loaders");
+ }
+ } else {
+ nonPublicLoader = cl.getClassLoader();
+ hasNonPublicInterface = true;
+ }
+ }
+ classObjs[i] = cl;
+ }
+ try {
+ return Proxy.getProxyClass(
+ hasNonPublicInterface ? nonPublicLoader : latestLoader,
+ classObjs);
+ } catch (IllegalArgumentException e) {
+ throw new ClassNotFoundException(null, e);
+ }
+ }
+
+ /**
+ * This method will allow trusted subclasses of ObjectInputStream to
+ * substitute one object for another during deserialization. Replacing
+ * objects is disabled until enableResolveObject is called. The
+ * enableResolveObject method checks that the stream requesting to resolve
+ * object can be trusted. Every reference to serializable objects is passed
+ * to resolveObject. To insure that the private state of objects is not
+ * unintentionally exposed only trusted streams may use resolveObject.
+ *
+ * checkPermission
method with the
+ * SerializablePermission("enableSubstitution")
permission to
+ * ensure it's ok to enable the stream to allow objects read from the
+ * stream to be replaced.
+ *
+ * @param enable true for enabling use of resolveObject
for
+ * every object being deserialized
+ * @return the previous setting before this method was invoked
+ * @throws SecurityException if a security manager exists and its
+ * checkPermission
method denies enabling the stream
+ * to allow objects read from the stream to be replaced.
+ * @see SecurityManager#checkPermission
+ * @see java.io.SerializablePermission
+ */
+ protected boolean enableResolveObject(boolean enable)
+ throws SecurityException
+ {
+ if (enable == enableResolve) {
+ return enable;
+ }
+ if (enable) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ sm.checkPermission(SUBSTITUTION_PERMISSION);
+ }
+ }
+ enableResolve = enable;
+ return !enableResolve;
+ }
+
+ /**
+ * The readStreamHeader method is provided to allow subclasses to read and
+ * verify their own stream headers. It reads and verifies the magic number
+ * and version number.
+ *
+ * @throws IOException if there are I/O errors while reading from the
+ * underlying InputStream
+ * @throws StreamCorruptedException if control information in the stream
+ * is inconsistent
+ */
+ protected void readStreamHeader()
+ throws IOException, StreamCorruptedException
+ {
+ short s0 = bin.readShort();
+ short s1 = bin.readShort();
+ if (s0 != STREAM_MAGIC || s1 != STREAM_VERSION) {
+ throw new StreamCorruptedException(
+ String.format("invalid stream header: %04X%04X", s0, s1));
+ }
+ }
+
+ /**
+ * Read a class descriptor from the serialization stream. This method is
+ * called when the ObjectInputStream expects a class descriptor as the next
+ * item in the serialization stream. Subclasses of ObjectInputStream may
+ * override this method to read in class descriptors that have been written
+ * in non-standard formats (by subclasses of ObjectOutputStream which have
+ * overridden the writeClassDescriptor
method). By default,
+ * this method reads class descriptors according to the format defined in
+ * the Object Serialization specification.
+ *
+ * @return the class descriptor read
+ * @throws IOException If an I/O error has occurred.
+ * @throws ClassNotFoundException If the Class of a serialized object used
+ * in the class descriptor representation cannot be found
+ * @see java.io.ObjectOutputStream#writeClassDescriptor(java.io.ObjectStreamClass)
+ * @since 1.3
+ */
+ protected ObjectStreamClass readClassDescriptor()
+ throws IOException, ClassNotFoundException
+ {
+ ObjectStreamClass desc = new ObjectStreamClass();
+ desc.readNonProxy(this);
+ return desc;
+ }
+
+ /**
+ * Reads a byte of data. This method will block if no input is available.
+ *
+ * @return the byte read, or -1 if the end of the stream is reached.
+ * @throws IOException If an I/O error has occurred.
+ */
+ public int read() throws IOException {
+ return bin.read();
+ }
+
+ /**
+ * Reads into an array of bytes. This method will block until some input
+ * is available. Consider using java.io.DataInputStream.readFully to read
+ * exactly 'length' bytes.
+ *
+ * @param buf the buffer into which the data is read
+ * @param off the start offset of the data
+ * @param len the maximum number of bytes read
+ * @return the actual number of bytes read, -1 is returned when the end of
+ * the stream is reached.
+ * @throws IOException If an I/O error has occurred.
+ * @see java.io.DataInputStream#readFully(byte[],int,int)
+ */
+ public int read(byte[] buf, int off, int len) throws IOException {
+ if (buf == null) {
+ throw new NullPointerException();
+ }
+ int endoff = off + len;
+ if (off < 0 || len < 0 || endoff > buf.length || endoff < 0) {
+ throw new IndexOutOfBoundsException();
+ }
+ return bin.read(buf, off, len, false);
+ }
+
+ /**
+ * Returns the number of bytes that can be read without blocking.
+ *
+ * @return the number of available bytes.
+ * @throws IOException if there are I/O errors while reading from the
+ * underlying InputStream
+ */
+ public int available() throws IOException {
+ return bin.available();
+ }
+
+ /**
+ * Closes the input stream. Must be called to release any resources
+ * associated with the stream.
+ *
+ * @throws IOException If an I/O error has occurred.
+ */
+ public void close() throws IOException {
+ /*
+ * Even if stream already closed, propagate redundant close to
+ * underlying stream to stay consistent with previous implementations.
+ */
+ closed = true;
+ if (depth == 0) {
+ clear();
+ }
+ bin.close();
+ }
+
+ /**
+ * Reads in a boolean.
+ *
+ * @return the boolean read.
+ * @throws EOFException If end of file is reached.
+ * @throws IOException If other I/O error has occurred.
+ */
+ public boolean readBoolean() throws IOException {
+ return bin.readBoolean();
+ }
+
+ /**
+ * Reads an 8 bit byte.
+ *
+ * @return the 8 bit byte read.
+ * @throws EOFException If end of file is reached.
+ * @throws IOException If other I/O error has occurred.
+ */
+ public byte readByte() throws IOException {
+ return bin.readByte();
+ }
+
+ /**
+ * Reads an unsigned 8 bit byte.
+ *
+ * @return the 8 bit byte read.
+ * @throws EOFException If end of file is reached.
+ * @throws IOException If other I/O error has occurred.
+ */
+ public int readUnsignedByte() throws IOException {
+ return bin.readUnsignedByte();
+ }
+
+ /**
+ * Reads a 16 bit char.
+ *
+ * @return the 16 bit char read.
+ * @throws EOFException If end of file is reached.
+ * @throws IOException If other I/O error has occurred.
+ */
+ public char readChar() throws IOException {
+ return bin.readChar();
+ }
+
+ /**
+ * Reads a 16 bit short.
+ *
+ * @return the 16 bit short read.
+ * @throws EOFException If end of file is reached.
+ * @throws IOException If other I/O error has occurred.
+ */
+ public short readShort() throws IOException {
+ return bin.readShort();
+ }
+
+ /**
+ * Reads an unsigned 16 bit short.
+ *
+ * @return the 16 bit short read.
+ * @throws EOFException If end of file is reached.
+ * @throws IOException If other I/O error has occurred.
+ */
+ public int readUnsignedShort() throws IOException {
+ return bin.readUnsignedShort();
+ }
+
+ /**
+ * Reads a 32 bit int.
+ *
+ * @return the 32 bit integer read.
+ * @throws EOFException If end of file is reached.
+ * @throws IOException If other I/O error has occurred.
+ */
+ public int readInt() throws IOException {
+ return bin.readInt();
+ }
+
+ /**
+ * Reads a 64 bit long.
+ *
+ * @return the read 64 bit long.
+ * @throws EOFException If end of file is reached.
+ * @throws IOException If other I/O error has occurred.
+ */
+ public long readLong() throws IOException {
+ return bin.readLong();
+ }
+
+ /**
+ * Reads a 32 bit float.
+ *
+ * @return the 32 bit float read.
+ * @throws EOFException If end of file is reached.
+ * @throws IOException If other I/O error has occurred.
+ */
+ public float readFloat() throws IOException {
+ return bin.readFloat();
+ }
+
+ /**
+ * Reads a 64 bit double.
+ *
+ * @return the 64 bit double read.
+ * @throws EOFException If end of file is reached.
+ * @throws IOException If other I/O error has occurred.
+ */
+ public double readDouble() throws IOException {
+ return bin.readDouble();
+ }
+
+ /**
+ * Reads bytes, blocking until all bytes are read.
+ *
+ * @param buf the buffer into which the data is read
+ * @throws EOFException If end of file is reached.
+ * @throws IOException If other I/O error has occurred.
+ */
+ public void readFully(byte[] buf) throws IOException {
+ bin.readFully(buf, 0, buf.length, false);
+ }
+
+ /**
+ * Reads bytes, blocking until all bytes are read.
+ *
+ * @param buf the buffer into which the data is read
+ * @param off the start offset of the data
+ * @param len the maximum number of bytes to read
+ * @throws EOFException If end of file is reached.
+ * @throws IOException If other I/O error has occurred.
+ */
+ public void readFully(byte[] buf, int off, int len) throws IOException {
+ int endoff = off + len;
+ if (off < 0 || len < 0 || endoff > buf.length || endoff < 0) {
+ throw new IndexOutOfBoundsException();
+ }
+ bin.readFully(buf, off, len, false);
+ }
+
+ /**
+ * Skips bytes.
+ *
+ * @param len the number of bytes to be skipped
+ * @return the actual number of bytes skipped.
+ * @throws IOException If an I/O error has occurred.
+ */
+ public int skipBytes(int len) throws IOException {
+ return bin.skipBytes(len);
+ }
+
+ /**
+ * Reads in a line that has been terminated by a \n, \r, \r\n or EOF.
+ *
+ * @return a String copy of the line.
+ * @throws IOException if there are I/O errors while reading from the
+ * underlying InputStream
+ * @deprecated This method does not properly convert bytes to characters.
+ * see DataInputStream for the details and alternatives.
+ */
+ @Deprecated
+ public String readLine() throws IOException {
+ return bin.readLine();
+ }
+
+ /**
+ * Reads a String in
+ * modified UTF-8
+ * format.
+ *
+ * @return the String.
+ * @throws IOException if there are I/O errors while reading from the
+ * underlying InputStream
+ * @throws UTFDataFormatException if read bytes do not represent a valid
+ * modified UTF-8 encoding of a string
+ */
+ public String readUTF() throws IOException {
+ return bin.readUTF();
+ }
+
+ /**
+ * Provide access to the persistent fields read from the input stream.
+ */
+ public static abstract class GetField {
+
+ /**
+ * Get the ObjectStreamClass that describes the fields in the stream.
+ *
+ * @return the descriptor class that describes the serializable fields
+ */
+ public abstract ObjectStreamClass getObjectStreamClass();
+
+ /**
+ * Return true if the named field is defaulted and has no value in this
+ * stream.
+ *
+ * @param name the name of the field
+ * @return true, if and only if the named field is defaulted
+ * @throws IOException if there are I/O errors while reading from
+ * the underlying InputStream
+ * @throws IllegalArgumentException if name
does not
+ * correspond to a serializable field
+ */
+ public abstract boolean defaulted(String name) throws IOException;
+
+ /**
+ * Get the value of the named boolean field from the persistent field.
+ *
+ * @param name the name of the field
+ * @param val the default value to use if name
does not
+ * have a value
+ * @return the value of the named boolean
field
+ * @throws IOException if there are I/O errors while reading from the
+ * underlying InputStream
+ * @throws IllegalArgumentException if type of name
is
+ * not serializable or if the field type is incorrect
+ */
+ public abstract boolean get(String name, boolean val)
+ throws IOException;
+
+ /**
+ * Get the value of the named byte field from the persistent field.
+ *
+ * @param name the name of the field
+ * @param val the default value to use if name
does not
+ * have a value
+ * @return the value of the named byte
field
+ * @throws IOException if there are I/O errors while reading from the
+ * underlying InputStream
+ * @throws IllegalArgumentException if type of name
is
+ * not serializable or if the field type is incorrect
+ */
+ public abstract byte get(String name, byte val) throws IOException;
+
+ /**
+ * Get the value of the named char field from the persistent field.
+ *
+ * @param name the name of the field
+ * @param val the default value to use if name
does not
+ * have a value
+ * @return the value of the named char
field
+ * @throws IOException if there are I/O errors while reading from the
+ * underlying InputStream
+ * @throws IllegalArgumentException if type of name
is
+ * not serializable or if the field type is incorrect
+ */
+ public abstract char get(String name, char val) throws IOException;
+
+ /**
+ * Get the value of the named short field from the persistent field.
+ *
+ * @param name the name of the field
+ * @param val the default value to use if name
does not
+ * have a value
+ * @return the value of the named short
field
+ * @throws IOException if there are I/O errors while reading from the
+ * underlying InputStream
+ * @throws IllegalArgumentException if type of name
is
+ * not serializable or if the field type is incorrect
+ */
+ public abstract short get(String name, short val) throws IOException;
+
+ /**
+ * Get the value of the named int field from the persistent field.
+ *
+ * @param name the name of the field
+ * @param val the default value to use if name
does not
+ * have a value
+ * @return the value of the named int
field
+ * @throws IOException if there are I/O errors while reading from the
+ * underlying InputStream
+ * @throws IllegalArgumentException if type of name
is
+ * not serializable or if the field type is incorrect
+ */
+ public abstract int get(String name, int val) throws IOException;
+
+ /**
+ * Get the value of the named long field from the persistent field.
+ *
+ * @param name the name of the field
+ * @param val the default value to use if name
does not
+ * have a value
+ * @return the value of the named long
field
+ * @throws IOException if there are I/O errors while reading from the
+ * underlying InputStream
+ * @throws IllegalArgumentException if type of name
is
+ * not serializable or if the field type is incorrect
+ */
+ public abstract long get(String name, long val) throws IOException;
+
+ /**
+ * Get the value of the named float field from the persistent field.
+ *
+ * @param name the name of the field
+ * @param val the default value to use if name
does not
+ * have a value
+ * @return the value of the named float
field
+ * @throws IOException if there are I/O errors while reading from the
+ * underlying InputStream
+ * @throws IllegalArgumentException if type of name
is
+ * not serializable or if the field type is incorrect
+ */
+ public abstract float get(String name, float val) throws IOException;
+
+ /**
+ * Get the value of the named double field from the persistent field.
+ *
+ * @param name the name of the field
+ * @param val the default value to use if name
does not
+ * have a value
+ * @return the value of the named double
field
+ * @throws IOException if there are I/O errors while reading from the
+ * underlying InputStream
+ * @throws IllegalArgumentException if type of name
is
+ * not serializable or if the field type is incorrect
+ */
+ public abstract double get(String name, double val) throws IOException;
+
+ /**
+ * Get the value of the named Object field from the persistent field.
+ *
+ * @param name the name of the field
+ * @param val the default value to use if name
does not
+ * have a value
+ * @return the value of the named Object
field
+ * @throws IOException if there are I/O errors while reading from the
+ * underlying InputStream
+ * @throws IllegalArgumentException if type of name
is
+ * not serializable or if the field type is incorrect
+ */
+ public abstract Object get(String name, Object val) throws IOException;
+ }
+
+ /**
+ * Verifies that this (possibly subclass) instance can be constructed
+ * without violating security constraints: the subclass must not override
+ * security-sensitive non-final methods, or else the
+ * "enableSubclassImplementation" SerializablePermission is checked.
+ */
+ private void verifySubclass() {
+ Class cl = getClass();
+ if (cl == ObjectInputStream.class) {
+ return;
+ }
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null) {
+ return;
+ }
+ processQueue(Caches.subclassAuditsQueue, Caches.subclassAudits);
+ WeakClassKey key = new WeakClassKey(cl, Caches.subclassAuditsQueue);
+ Boolean result = Caches.subclassAudits.get(key);
+ if (result == null) {
+ result = Boolean.valueOf(auditSubclass(cl));
+ Caches.subclassAudits.putIfAbsent(key, result);
+ }
+ if (result.booleanValue()) {
+ return;
+ }
+ sm.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION);
+ }
+
+ /**
+ * Performs reflective checks on given subclass to verify that it doesn't
+ * override security-sensitive non-final methods. Returns true if subclass
+ * is "safe", false otherwise.
+ */
+ private static boolean auditSubclass(final Class> subcl) {
+ Boolean result = AccessController.doPrivileged(
+ new PrivilegedAction