很明显是classloader找不到这个class,为什么呢,我的应用代码中明明就有啊。
实际上java反序列化的时候,我们一般用的是ObjectInputStream,他默认会去找sun.misc.VM.latestUserDefinedLoader(),这个就是系统默认的appClassloader。
重点来了,我们的tomcat中应用代码的类不是appClassloader,而是webAppClassloader,是tomcat自己搞的一个classLoader。
解决方法:写个类继续ObjectInputStream,覆盖他的resolveClass方法。使用当前线程的classloader,也就是webAppClassloader
具体代码:
package com.vip.marmot.mirror.agent.dataHandler;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.util.HashMap;
/**
* Created by cloud.huang on 17/5/18.
*/
public class YunbinObjectInputStream extends ObjectInputStream {
public YunbinObjectInputStream(InputStream in) throws IOException {
super(in);
}
protected YunbinObjectInputStream() throws IOException, SecurityException {
}
/**
* table mapping primitive type names to corresponding class objects
*/
private static final HashMap<String, Class<?>> primClasses
= new HashMap<>(8, 1.0F);
static {
primClasses.put("boolean", boolean.class);
primClasses.put("byte", byte.class);
primClasses.put("char", char.class);
primClasses.put("short", short.class);
primClasses.put("int", int.class);
primClasses.put("long", long.class);
primClasses.put("float", float.class);
primClasses.put("double", double.class);
primClasses.put("void", void.class);
}
@Override
protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException {
String name = desc.getName();
try {
ClassLoader loader = Thread.currentThread().getContextClassLoader();
return Class.forName(name, false, loader);
} catch (ClassNotFoundException ex) {
Class cl = (Class) primClasses.get(name);
if (cl != null) {
return cl;
} else {
throw ex;
}
}
}
}