Dynamic loading of .class files and deserializing of object

[Goofball]

We have such scenario:
There is a client and server nodes working together. Server node
transfers a .class (or .jar) file to the client with the serialized
version of object of the corresponding class. Client receives these
files and stores them in some folder. Now, we need to load that .class
(or .jar) file and deserialize object. Server also transfers full
qualifying class name as string for class loader to load class. The
problem rises when we try to deserialize the class. We tried to create
the instance of URLClassLoader with .class (or .jar) file and then we
tried to set that class loader as default for thread, but we received
error when doing deserialization. Then we tried to create our own
class loader (ExtendableClassLoader), set it as default and then do
the deserialization. Error was still there.
The sample code goes below:


/**
* Load file method is called by server using RMI
* @param file Bytes of .class or .jar file
* @param classTask Serialized object
* @param className Full-qualifying class name
* @param fileName File name of the .class or .jar file
*/
public void loadFile(byte[] file, byte[] classTask, String className,
String fileName)
throws RemoteException {

...

File jarFile = new File("./lib/" + fileName);
try {
// Saving .class or .jar file to fileName from bytes
FileOutputStream fos = new FileOutputStream(jarFile);
fos.write(file);
fos.close();


ExtendableClassLoader.getInstance().addClassPath(jarFile.getAbsolutePath());

Object object = null;
try {
Class workClass1 =
ExtendableClassLoader.getInstance().findClass("java.io.ByteArrayInputStream");
Constructor constr = null;
Class[] parameterTypes = new Class[]
{ byte[].class };
constr =
workClass1.getConstructor(parameterTypes);
ByteArrayInputStream bais =
(ByteArrayInputStream) constr.newInstance(classTask);
Class workClass2 =
ExtendableClassLoader.getInstance().findClass("java.ibjectInputStream");
Constructor constrOis = null;
Class[] parameterTypesOis = new Class[]
{ InputStream.class };
constrOis =
workClass2.getConstructor(parameterTypesOis);
ObjectInputStream ois = (ObjectInputStream)
constrOis.newInstance(bais);
object = ois.readObject();
} catch (Exception e) {

// We've got here when the readObject method is
called

}
} catch (IOException e) {
e.printStackTrace();
}
}

 

[Tom Hawtin]

We have such scenario:
There is a client and server nodes working together. Server node
transfers a .class (or .jar) file to the client with the serialized
version of object of the corresponding class. Client receives these
files and stores them in some folder. Now, we need to load that .class
(or .jar) file and deserialize object. Server also transfers full
qualifying class name as string for class loader to load class. The
problem rises when we try to deserialize the class. We tried to create
the instance of URLClassLoader with .class (or .jar) file and then we
tried to set that class loader as default for thread, but we received
error when doing deserialization. Then we tried to create our own
class loader (ExtendableClassLoader), set it as default and then do
the deserialization. Error was still there.

Deserialisation and class loaders are ugly in the extreme. I think the
methods you need to override in ObjectInputStream are resolveClass and
resolveProxyClass.

From the API docs:

"The default implementation of this method in ObjectInputStream returns
the result of calling

" Class.forName(desc.getName(), false, loader)

"where loader is determined as follows: if there is a method on the
current thread's stack whose declaring class was defined by a
user-defined class loader (and was not a generated to implement
reflective invocations), then loader is class loader corresponding to
the closest such method to the currently executing frame; otherwise,
loader is null. If this call results in a ClassNotFoundException and the
name of the passed ObjectStreamClass instance is the Java language
keyword for a primitive type or void, then the Class object representing
that primitive type or void will be returned (e.g., an ObjectStreamClass
with the name "int" will be resolved to Integer.TYPE). Otherwise, the
ClassNotFoundException will be thrown to the caller of this method."

The even uglier alternative to overriding reolve[Proxy]Class is to have
code loaded from the class loader you want to use call
ObjectInputStream. I did something similar for JDBC drivers. It's not
nice. http://jroller.com/page/tackline/20061101

Just for giggles, the system class loader is treated a little bit
differently. That's the [non-] "user-defined class loader" bit.

Tom Hawtin