stackoom
  简体   繁体   中英

Reliably identify the class of a serialized Java object

 原文  2012-11-07 01:00:40       java/ object/ serialization/ deserialization/ identification

Question

I am in need of reliably identifying the class of a serialized object in Java without deserializing it.

So far I have found that the raw data stream will contain the class name. However someone could create a custom class with an arbitrary name to fool the recognition.

Now I am considering implementing a system where the stored data of the object is also checked against a template but this seems cumbersome.

Is there a package that already does this and/or is there a simpler way to reliably identify the class of a serialized Java object?

1 answers

solution1
 1 ACCPTED  2012-11-07 01:14:53

Have you looked at JavaAssist (http://www.csg.ci.iu-tokyo.ac.jp/~chiba/javassist/)? It appears to be able to load class files metadata and make it available without necessarily creating the class.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Deserialize java serialized object to Scala class Can Hibernate JPA objects be reliably serialized using default Java serialization? Transfer of a Java Serialized Object Update Serialized Object in Java How do I identify that I am at the last byte of a serialized Java object? Read serialized java object from disk with newer class? Java compatibility for serialized object read from changed class How to use HttpURLConnection to send serialized object to a Servlet from Java class? Change the path / class name of a serialized Java object after refactoring How to use an object's class variables to identify an object in java?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM