Name: boT120536 Date: 02/08/2001
There are two workarouds, niether is pleasant.
1. Use AccessibleObject and reflection to use the default (package) access
method lookpClassInternal on ObjectStreamClass. This version of the method
doesn't check to make sure that the descriptor is for a Serializable class
before returning. This obviously only works if you can set the security policy
to allow the AccessibleObject call to work.
2. Construct your subclass of ObjectInputStream to have a member variable
which is a subclass of ObjectOutputStream (no, that is not a typo). Have this
subclassed ObjectOutputStream override writeClassDescriptor in such a way that
it stores away the last class descriptor written to an instance variable of
your ObjectInputStream subclass. Have the output of this ObjectOutputStream be
written to a NullOutputStream, you don't care about it, you are only concerned
with the class descriptor you get in writeClassDescriptor.
In the readClassDescriptor you use the information sent by writeClassDescriptor
to get your hands on the appropriate class. Call ObjectStreamClass.lookup with
this class as an argument. If it returns null then the class is not
Serializable. Call writeObject() on the ObjectOutputStream described above
passing the class as an argument. This will cause the ObjectOutputStream to
create an appropriate ObjectStreamClass and pass it in to
writeClassDescriptor. At this point it can be stored in an instance variable.
When the call to writeObject returns you can return the value of this instance
variable from readClassDescriptor. Be sure to call reset() on the
ObjectOutputStream before or after each use.
The use of class descriptors for describing both the class of a serialized
object, and the class of a serialized (perhaps non-serializable) Class object
itself is rooted in the serialization protocol itself, and is unlikely
to change at this point, if for no reason other than compatibility.
The submitter is correct, however, in discerning that ObjectStreamClass
should provide a lookup() variant that allows application code to obtain
class descriptors for non-serializable classes. Unfortunately, it's late in
the merlin cycle to add a new API, and a usable (albeit ugly) workaround
exists, so this addition may have to be delayed until a subsequent release.