I took out the inline class CustomObjectInputStream from FileStore and put it in
org.apache.catalina.util since I need it for the JDBCStore too. There's also a
patch for StandardSession.java to return if the stream is null instead of giving
a NullPointerException, maybe it should throw an Exception instead of returning?
At least it won't corrupt the current Context if a session load is corrupt.
..bip
Index: CustomObjectInputStream.java
===================================================================
/*
* CustomObjectInputStream.java
* $Header$
* $Revision$
* $Date$
*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* [Additional notices, if required by prior licensing conditions]
*
*/
package org.apache.catalina.util;
import java.io.InputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
/**
* Custom subclass of <code>ObjectInputStream</code> that loads from the
* class loader for this web application. This allows classes defined only
* with the web application to be found correctly.
*
* @author Craig R. McClanahan
* @author Bip Thelin
* @version $Revision$, $Date$
*/
public final class CustomObjectInputStream
extends ObjectInputStream {
/**
* The class loader we will use to resolve classes.
*/
private ClassLoader classLoader = null;
/**
* Construct a new instance of CustomObjectInputStream
*
* @param stream The input stream we will read from
* @param classLoader The class loader used to instantiate objects
*
* @exception IOException if an input/output error occurs
*/
public CustomObjectInputStream(InputStream stream,
ClassLoader classLoader)
throws IOException {
super(stream);
this.classLoader = classLoader;
}
/**
* Load the local class equivalent of the specified stream class
* description, by using the class loader assigned to this Context.
*
* @param classDesc Class description from the input stream
*
* @exception ClassNotFoundException if this class cannot be found
* @exception IOException if an input/output error occurs
*/
protected Class resolveClass(ObjectStreamClass classDesc)
throws ClassNotFoundException, IOException {
return (classLoader.loadClass(classDesc.getName()));
}
}
Index: StandardSession.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/StandardSession.java,v
retrieving revision 1.15
diff -u -r1.15 StandardSession.java
--- StandardSession.java 2001/03/17 00:28:05 1.15
+++ StandardSession.java 2001/04/07 23:57:57
@@ -1101,6 +1101,9 @@
private void readObject(ObjectInputStream stream)
throws ClassNotFoundException, IOException {
+ if(stream == null)
+ return;
+
// Deserialize the scalar instance variables (except Manager)
authType = null; // Transient only
creationTime = ((Long) stream.readObject()).longValue();
Index: FileStore.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/FileStore.java,v
retrieving revision 1.2
diff -u -r1.2 FileStore.java
--- FileStore.java 2001/02/03 20:36:18 1.2
+++ FileStore.java 2001/04/07 23:58:47
@@ -95,6 +95,7 @@
import org.apache.catalina.Session;
import org.apache.catalina.Store;
import org.apache.catalina.Container;
+import org.apache.catalina.util.CustomObjectInputStream;
import org.apache.catalina.util.LifecycleSupport;
import org.apache.catalina.util.StringManager;
@@ -307,7 +308,6 @@
* @param manager The newly associated Manager
*/
public void setManager(Manager manager) {
-
Manager oldManager = this.manager;
this.manager = manager;
support.firePropertyChange("manager", oldManager, this.manager);
@@ -816,60 +816,4 @@
}
}
-
- // -------------------------------------------------------- Private Classes
-
-
- /**
- * Custom subclass of <code>ObjectInputStream</code> that loads from the
- * class loader for this web application. This allows classes defined only
- * with the web application to be found correctly.
- */
- private static final class CustomObjectInputStream
- extends ObjectInputStream {
-
-
- /**
- * The class loader we will use to resolve classes.
- */
- private ClassLoader classLoader = null;
-
-
- /**
- * Construct a new instance of CustomObjectInputStream
- *
- * @param stream The input stream we will read from
- * @param classLoader The class loader used to instantiate objects
- *
- * @exception IOException if an input/output error occurs
- */
- public CustomObjectInputStream(InputStream stream,
- ClassLoader classLoader)
- throws IOException {
-
- super(stream);
- this.classLoader = classLoader;
-
- }
-
-
- /**
- * Load the local class equivalent of the specified stream class
- * description, by using the class loader assigned to this Context.
- *
- * @param classDesc Class description from the input stream
- *
- * @exception ClassNotFoundException if this class cannot be found
- * @exception IOException if an input/output error occurs
- */
- protected Class resolveClass(ObjectStreamClass classDesc)
- throws ClassNotFoundException, IOException {
-
- return (classLoader.loadClass(classDesc.getName()));
-
- }
-
-
- }
-
}
