/* * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package java.io; import java.io.ObjectStreamClass.WeakClassKey; import java.lang.ref.ReferenceQueue; import java.lang.reflect.Array; import java.lang.reflect.Modifier; import java.lang.reflect.Proxy; import java.security.AccessControlContext; import java.security.AccessController; import java.security.PrivilegedAction; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.util.Arrays; import java.util.HashMap; import java.util.Objects; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; import static java.io.ObjectStreamClass.processQueue; import sun.misc.ObjectInputFilter; import sun.misc.ObjectStreamClassValidator; import sun.misc.SharedSecrets; import sun.reflect.misc.ReflectUtil; import sun.misc.JavaOISAccess; import sun.util.logging.PlatformLogger; /** * An ObjectInputStream deserializes primitive data and objects previously * written using an ObjectOutputStream. * *
ObjectOutputStream and ObjectInputStream can provide an application with * persistent storage for graphs of objects when used with a FileOutputStream * and FileInputStream respectively. ObjectInputStream is used to recover * those objects previously serialized. Other uses include passing objects * between hosts using a socket stream or for marshaling and unmarshaling * arguments and parameters in a remote communication system. * *
ObjectInputStream ensures that the types of all objects in the graph * created from the stream match the classes present in the Java Virtual * Machine. Classes are loaded as required using the standard mechanisms. * *
Only objects that support the java.io.Serializable or * java.io.Externalizable interface can be read from streams. * *
The method readObject
is used to read an object from the
* stream. Java's safe casting should be used to get the desired type. In
* Java, strings and arrays are objects and are treated as objects during
* serialization. When read they need to be cast to the expected type.
*
*
Primitive data types can be read from the stream using the appropriate * method on DataInput. * *
The default deserialization mechanism for objects restores the contents * of each field to the value and type it had when it was written. Fields * declared as transient or static are ignored by the deserialization process. * References to other objects cause those objects to be read from the stream * as necessary. Graphs of objects are restored correctly using a reference * sharing mechanism. New objects are always allocated when deserializing, * which prevents existing objects from being overwritten. * *
Reading an object is analogous to running the constructors of a new * object. Memory is allocated for the object and initialized to zero (NULL). * No-arg constructors are invoked for the non-serializable classes and then * the fields of the serializable classes are restored from the stream starting * with the serializable class closest to java.lang.object and finishing with * the object's most specific class. * *
For example to read from a stream as written by the example in
* ObjectOutputStream:
*
*
* FileInputStream fis = new FileInputStream("t.tmp"); * ObjectInputStream ois = new ObjectInputStream(fis); * * int i = ois.readInt(); * String today = (String) ois.readObject(); * Date date = (Date) ois.readObject(); * * ois.close(); ** *
Classes control how they are serialized by implementing either the * java.io.Serializable or java.io.Externalizable interfaces. * *
Implementing the Serializable interface allows object serialization to * save and restore the entire state of the object and it allows classes to * evolve between the time the stream is written and the time it is read. It * automatically traverses references between objects, saving and restoring * entire graphs. * *
Serializable classes that require special handling during the * serialization and deserialization process should implement the following * methods: * *
* private void writeObject(java.io.ObjectOutputStream stream) * throws IOException; * private void readObject(java.io.ObjectInputStream stream) * throws IOException, ClassNotFoundException; * private void readObjectNoData() * throws ObjectStreamException; ** *
The readObject method is responsible for reading and restoring the state * of the object for its particular class using data written to the stream by * the corresponding writeObject method. The method does not need to concern * itself with the state belonging to its superclasses or subclasses. State is * restored by reading data from the ObjectInputStream for the individual * fields and making assignments to the appropriate fields of the object. * Reading primitive data types is supported by DataInput. * *
Any attempt to read object data which exceeds the boundaries of the * custom data written by the corresponding writeObject method will cause an * OptionalDataException to be thrown with an eof field value of true. * Non-object reads which exceed the end of the allotted data will reflect the * end of data in the same way that they would indicate the end of the stream: * bytewise reads will return -1 as the byte read or number of bytes read, and * primitive reads will throw EOFExceptions. If there is no corresponding * writeObject method, then the end of default serialized data marks the end of * the allotted data. * *
Primitive and object read calls issued from within a readExternal method
* behave in the same manner--if the stream is already positioned at the end of
* data written by the corresponding writeExternal method, object reads will
* throw OptionalDataExceptions with eof set to true, bytewise reads will
* return -1, and primitive reads will throw EOFExceptions. Note that this
* behavior does not hold for streams written with the old
* ObjectStreamConstants.PROTOCOL_VERSION_1
protocol, in which the
* end of data written by writeExternal methods is not demarcated, and hence
* cannot be detected.
*
*
The readObjectNoData method is responsible for initializing the state of * the object for its particular class in the event that the serialization * stream does not list the given class as a superclass of the object being * deserialized. This may occur in cases where the receiving party uses a * different version of the deserialized instance's class than the sending * party, and the receiver's version extends classes that are not extended by * the sender's version. This may also occur if the serialization stream has * been tampered; hence, readObjectNoData is useful for initializing * deserialized objects properly despite a "hostile" or incomplete source * stream. * *
Serialization does not read or assign values to the fields of any object * that does not implement the java.io.Serializable interface. Subclasses of * Objects that are not serializable can be serializable. In this case the * non-serializable class must have a no-arg constructor to allow its fields to * be initialized. In this case it is the responsibility of the subclass to * save and restore the state of the non-serializable class. It is frequently * the case that the fields of that class are accessible (public, package, or * protected) or that there are get and set methods that can be used to restore * the state. * *
Any exception that occurs while deserializing an object will be caught by * the ObjectInputStream and abort the reading process. * *
Implementing the Externalizable interface allows the object to assume * complete control over the contents and format of the object's serialized * form. The methods of the Externalizable interface, writeExternal and * readExternal, are called to save and restore the objects state. When * implemented by a class they can write and read their own state using all of * the methods of ObjectOutput and ObjectInput. It is the responsibility of * the objects to handle any versioning that occurs. * *
Enum constants are deserialized differently than ordinary serializable or
* externalizable objects. The serialized form of an enum constant consists
* solely of its name; field values of the constant are not transmitted. To
* deserialize an enum constant, ObjectInputStream reads the constant name from
* the stream; the deserialized constant is then obtained by calling the static
* method If a security manager is installed, this constructor will check for
* the "enableSubclassImplementation" SerializablePermission when invoked
* directly or indirectly by the constructor of a subclass which overrides
* the ObjectInputStream.readFields or ObjectInputStream.readUnshared
* methods.
*
* @param in input stream to read from
* @throws StreamCorruptedException if the stream header is incorrect
* @throws IOException if an I/O error occurs while reading stream header
* @throws SecurityException if untrusted subclass illegally overrides
* security-sensitive methods
* @throws NullPointerException if If there is a security manager installed, this method first calls the
* security manager's The root object is completely restored when all of its fields and the
* objects it references are completely restored. At this point the object
* validation callbacks are executed in order based on their registered
* priorities. The callbacks are registered by objects (in the readObject
* special methods) as they are individually restored.
*
* Exceptions are thrown for problems with the InputStream and for
* classes that should not be deserialized. All exceptions are fatal to
* the InputStream and leave it in an indeterminate state; it is up to the
* caller to ignore or recover the stream state.
*
* @throws ClassNotFoundException Class of a serialized object cannot be
* found.
* @throws InvalidClassException Something is wrong with a class used by
* serialization.
* @throws StreamCorruptedException Control information in the
* stream is inconsistent.
* @throws OptionalDataException Primitive data was found in the
* stream instead of objects.
* @throws IOException Any of the usual Input/Output related exceptions.
*/
public final Object readObject()
throws IOException, ClassNotFoundException
{
if (enableOverride) {
return readObjectOverride();
}
// if nested read, passHandle contains handle of enclosing object
int outerHandle = passHandle;
try {
Object obj = readObject0(false);
handles.markDependency(outerHandle, passHandle);
ClassNotFoundException ex = handles.lookupException(passHandle);
if (ex != null) {
throw ex;
}
if (depth == 0) {
vlist.doCallbacks();
}
return obj;
} finally {
passHandle = outerHandle;
if (closed && depth == 0) {
clear();
}
}
}
/**
* This method is called by trusted subclasses of ObjectOutputStream that
* constructed ObjectOutputStream using the protected no-arg constructor.
* The subclass is expected to provide an override method with the modifier
* "final".
*
* @return the Object read from the stream.
* @throws ClassNotFoundException Class definition of a serialized object
* cannot be found.
* @throws OptionalDataException Primitive data was found in the stream
* instead of objects.
* @throws IOException if I/O errors occurred while reading from the
* underlying stream
* @see #ObjectInputStream()
* @see #readObject()
* @since 1.2
*/
protected Object readObjectOverride()
throws IOException, ClassNotFoundException
{
return null;
}
/**
* Reads an "unshared" object from the ObjectInputStream. This method is
* identical to readObject, except that it prevents subsequent calls to
* readObject and readUnshared from returning additional references to the
* deserialized instance obtained via this call. Specifically:
* ObjectInputStream subclasses which override this method can only be
* constructed in security contexts possessing the
* "enableSubclassImplementation" SerializablePermission; any attempt to
* instantiate such a subclass without this permission will cause a
* SecurityException to be thrown.
*
* @return reference to deserialized object
* @throws ClassNotFoundException if class of an object to deserialize
* cannot be found
* @throws StreamCorruptedException if control information in the stream
* is inconsistent
* @throws ObjectStreamException if object to deserialize has already
* appeared in stream
* @throws OptionalDataException if primitive data is next in stream
* @throws IOException if an I/O error occurs during deserialization
* @since 1.4
*/
public Object readUnshared() throws IOException, ClassNotFoundException {
// if nested read, passHandle contains handle of enclosing object
int outerHandle = passHandle;
try {
Object obj = readObject0(true);
handles.markDependency(outerHandle, passHandle);
ClassNotFoundException ex = handles.lookupException(passHandle);
if (ex != null) {
throw ex;
}
if (depth == 0) {
vlist.doCallbacks();
}
return obj;
} finally {
passHandle = outerHandle;
if (closed && depth == 0) {
clear();
}
}
}
/**
* Read the non-static and non-transient fields of the current class from
* this stream. This may only be called from the readObject method of the
* class being deserialized. It will throw the NotActiveException if it is
* called otherwise.
*
* @throws ClassNotFoundException if the class of a serialized object
* could not be found.
* @throws IOException if an I/O error occurs.
* @throws NotActiveException if the stream is not currently reading
* objects.
*/
public void defaultReadObject()
throws IOException, ClassNotFoundException
{
SerialCallbackContext ctx = curContext;
if (ctx == null) {
throw new NotActiveException("not in call to readObject");
}
Object curObj = ctx.getObj();
ObjectStreamClass curDesc = ctx.getDesc();
bin.setBlockDataMode(false);
defaultReadFields(curObj, curDesc);
bin.setBlockDataMode(true);
if (!curDesc.hasWriteObjectData()) {
/*
* Fix for 4360508: since stream does not contain terminating
* TC_ENDBLOCKDATA tag, set flag so that reading code elsewhere
* knows to simulate end-of-custom-data behavior.
*/
defaultDataEnd = true;
}
ClassNotFoundException ex = handles.lookupException(passHandle);
if (ex != null) {
throw ex;
}
}
/**
* Reads the persistent fields from the stream and makes them available by
* name.
*
* @return the The corresponding method in The default implementation of this method in
* This method is called exactly once for each unique proxy class
* descriptor in the stream.
*
* The corresponding method in The default implementation of this method in
* This method is called after an object has been read but before it is
* returned from readObject. The default resolveObject method just returns
* the same object.
*
* When a subclass is replacing objects it must insure that the
* substituted object is compatible with every field where the reference
* will be stored. Objects whose type is not a subclass of the type of the
* field or array element abort the serialization by raising an exception
* and the object is not be stored.
*
* This method is called only once when each object is first
* encountered. All subsequent references to the object will be redirected
* to the new object.
*
* @param obj object to be substituted
* @return the substituted object
* @throws IOException Any of the usual Input/Output exceptions.
*/
protected Object resolveObject(Object obj) throws IOException {
return obj;
}
/**
* Enable the stream to allow objects read from the stream to be replaced.
* When enabled, the resolveObject method is called for every object being
* deserialized.
*
* If enable is true, and there is a security manager installed,
* this method first calls the security manager's
*
* If the filter returns {@link ObjectInputFilter.Status#REJECTED Status.REJECTED},
* {@code null} or throws a {@link RuntimeException},
* the active {@code readObject} or {@code readUnshared}
* throws {@link InvalidClassException}, otherwise deserialization
* continues uninterrupted.
*
* The serialization filter is initialized to the value of
* {@link ObjectInputFilter.Config#getSerialFilter() ObjectInputFilter.Config.getSerialFilter}
* when the {@code ObjectInputStream} is constructed and can be set
* to a custom filter only once.
*
* @implSpec
* The filter, when not {@code null}, is invoked during {@link #readObject readObject}
* and {@link #readUnshared readUnshared} for each object
* (regular or class) in the stream including the following:
*
* Each call to {@link #readObject readObject} or
* {@link #readUnshared readUnshared} increases the depth by 1
* before reading an object and decreases by 1 before returning
* normally or exceptionally.
* The depth starts at {@code 1} and increases for each nested object and
* decrements when each nested call returns.
* The count of references in the stream starts at {@code 1} and
* is increased before reading an object.
*
* @param filter the filter, may be null
* @throws SecurityException if there is security manager and the
* {@code SerializablePermission("serialFilter")} is not granted
* @throws IllegalStateException if the {@linkplain #getInternalObjectInputFilter() current filter}
* is not {@code null} and is not the process-wide filter
*/
private final void setInternalObjectInputFilter(ObjectInputFilter filter) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new SerializablePermission("serialFilter"));
}
// Allow replacement of the process-wide filter if not already set
if (serialFilter != null &&
serialFilter != ObjectInputFilter.Config.getSerialFilter()) {
throw new IllegalStateException("filter can not be set more than once");
}
this.serialFilter = filter;
}
/**
* Invoke the serialization filter if non-null.
* If the filter rejects or an exception is thrown, throws InvalidClassException.
*
* @param clazz the class; may be null
* @param arrayLength the array length requested; use {@code -1} if not creating an array
* @throws InvalidClassException if it rejected by the filter or
* a {@link RuntimeException} is thrown
*/
private void filterCheck(Class> clazz, int arrayLength)
throws InvalidClassException {
if (serialFilter != null) {
RuntimeException ex = null;
ObjectInputFilter.Status status;
try {
status = serialFilter.checkInput(new FilterValues(clazz, arrayLength,
totalObjectRefs, depth, bin.getBytesRead()));
} catch (RuntimeException e) {
// Preventive interception of an exception to log
status = ObjectInputFilter.Status.REJECTED;
ex = e;
}
if (status == null ||
status == ObjectInputFilter.Status.REJECTED) {
// Debug logging of filter checks that fail
if (Logging.infoLogger != null) {
Logging.infoLogger.info(
"ObjectInputFilter {0}: {1}, array length: {2}, nRefs: {3}, depth: {4}, bytes: {5}, ex: {6}",
status, clazz, arrayLength, totalObjectRefs, depth, bin.getBytesRead(),
Objects.toString(ex, "n/a"));
}
InvalidClassException ice = new InvalidClassException("filter status: " + status);
ice.initCause(ex);
throw ice;
} else {
// Trace logging for those that succeed
if (Logging.traceLogger != null) {
Logging.traceLogger.finer(
"ObjectInputFilter {0}: {1}, array length: {2}, nRefs: {3}, depth: {4}, bytes: {5}, ex: {6}",
status, clazz, arrayLength, totalObjectRefs, depth, bin.getBytesRead(),
Objects.toString(ex, "n/a"));
}
}
}
}
/**
* Provide access to the persistent fields read from the input stream.
*/
public static abstract class GetField {
/**
* Get the ObjectStreamClass that describes the fields in the stream.
*
* @return the descriptor class that describes the serializable fields
*/
public abstract ObjectStreamClass getObjectStreamClass();
/**
* Return true if the named field is defaulted and has no value in this
* stream.
*
* @param name the name of the field
* @return true, if and only if the named field is defaulted
* @throws IOException if there are I/O errors while reading from
* the underlying General use of the table is as follows: during deserialization, a
* given object is first assigned a handle by calling the assign method.
* This method leaves the assigned handle in an "open" state, wherein
* dependencies on the exception status of other handles can be registered
* by calling the markDependency method, or an exception can be directly
* associated with the handle by calling markException. When a handle is
* tagged with an exception, the HandleTable assumes responsibility for
* propagating the exception to any other objects which depend
* (transitively) on the exception-tagged object.
*
* Once all exception information/dependencies for the handle have been
* registered, the handle should be "closed" by calling the finish method
* on it. The act of finishing a handle allows the exception propagation
* algorithm to aggressively prune dependency links, lessening the
* performance/memory impact of exception tracking.
*
* Note that the exception propagation algorithm used depends on handles
* being assigned/finished in LIFO order; however, for simplicity as well
* as memory conservation, it does not enforce this constraint.
*/
// REMIND: add full description of exception propagation algorithm?
private static class HandleTable {
/* status codes indicating whether object has associated exception */
private static final byte STATUS_OK = 1;
private static final byte STATUS_UNKNOWN = 2;
private static final byte STATUS_EXCEPTION = 3;
/** array mapping handle -> object status */
byte[] status;
/** array mapping handle -> object/exception (depending on status) */
Object[] entries;
/** array mapping handle -> list of dependent handles (if any) */
HandleList[] deps;
/** lowest unresolved dependency */
int lowDep = -1;
/** number of handles in table */
int size = 0;
/**
* Creates handle table with the given initial capacity.
*/
HandleTable(int initialCapacity) {
status = new byte[initialCapacity];
entries = new Object[initialCapacity];
deps = new HandleList[initialCapacity];
}
/**
* Assigns next available handle to given object, and returns assigned
* handle. Once object has been completely deserialized (and all
* dependencies on other objects identified), the handle should be
* "closed" by passing it to finish().
*/
int assign(Object obj) {
if (size >= entries.length) {
grow();
}
status[size] = STATUS_UNKNOWN;
entries[size] = obj;
return size++;
}
/**
* Registers a dependency (in exception status) of one handle on
* another. The dependent handle must be "open" (i.e., assigned, but
* not finished yet). No action is taken if either dependent or target
* handle is NULL_HANDLE.
*/
void markDependency(int dependent, int target) {
if (dependent == NULL_HANDLE || target == NULL_HANDLE) {
return;
}
switch (status[dependent]) {
case STATUS_UNKNOWN:
switch (status[target]) {
case STATUS_OK:
// ignore dependencies on objs with no exception
break;
case STATUS_EXCEPTION:
// eagerly propagate exception
markException(dependent,
(ClassNotFoundException) entries[target]);
break;
case STATUS_UNKNOWN:
// add to dependency list of target
if (deps[target] == null) {
deps[target] = new HandleList();
}
deps[target].add(dependent);
// remember lowest unresolved target seen
if (lowDep < 0 || lowDep > target) {
lowDep = target;
}
break;
default:
throw new InternalError();
}
break;
case STATUS_EXCEPTION:
break;
default:
throw new InternalError();
}
}
/**
* Associates a ClassNotFoundException (if one not already associated)
* with the currently active handle and propagates it to other
* referencing objects as appropriate. The specified handle must be
* "open" (i.e., assigned, but not finished yet).
*/
void markException(int handle, ClassNotFoundException ex) {
switch (status[handle]) {
case STATUS_UNKNOWN:
status[handle] = STATUS_EXCEPTION;
entries[handle] = ex;
// propagate exception to dependents
HandleList dlist = deps[handle];
if (dlist != null) {
int ndeps = dlist.size();
for (int i = 0; i < ndeps; i++) {
markException(dlist.get(i), ex);
}
deps[handle] = null;
}
break;
case STATUS_EXCEPTION:
break;
default:
throw new InternalError();
}
}
/**
* Marks given handle as finished, meaning that no new dependencies
* will be marked for handle. Calls to the assign and finish methods
* must occur in LIFO order.
*/
void finish(int handle) {
int end;
if (lowDep < 0) {
// no pending unknowns, only resolve current handle
end = handle + 1;
} else if (lowDep >= handle) {
// pending unknowns now clearable, resolve all upward handles
end = size;
lowDep = -1;
} else {
// unresolved backrefs present, can't resolve anything yet
return;
}
// change STATUS_UNKNOWN -> STATUS_OK in selected span of handles
for (int i = handle; i < end; i++) {
switch (status[i]) {
case STATUS_UNKNOWN:
status[i] = STATUS_OK;
deps[i] = null;
break;
case STATUS_OK:
case STATUS_EXCEPTION:
break;
default:
throw new InternalError();
}
}
}
/**
* Assigns a new object to the given handle. The object previously
* associated with the handle is forgotten. This method has no effect
* if the given handle already has an exception associated with it.
* This method may be called at any time after the handle is assigned.
*/
void setObject(int handle, Object obj) {
switch (status[handle]) {
case STATUS_UNKNOWN:
case STATUS_OK:
entries[handle] = obj;
break;
case STATUS_EXCEPTION:
break;
default:
throw new InternalError();
}
}
/**
* Looks up and returns object associated with the given handle.
* Returns null if the given handle is NULL_HANDLE, or if it has an
* associated ClassNotFoundException.
*/
Object lookupObject(int handle) {
return (handle != NULL_HANDLE &&
status[handle] != STATUS_EXCEPTION) ?
entries[handle] : null;
}
/**
* Looks up and returns ClassNotFoundException associated with the
* given handle. Returns null if the given handle is NULL_HANDLE, or
* if there is no ClassNotFoundException associated with the handle.
*/
ClassNotFoundException lookupException(int handle) {
return (handle != NULL_HANDLE &&
status[handle] == STATUS_EXCEPTION) ?
(ClassNotFoundException) entries[handle] : null;
}
/**
* Resets table to its initial state.
*/
void clear() {
Arrays.fill(status, 0, size, (byte) 0);
Arrays.fill(entries, 0, size, null);
Arrays.fill(deps, 0, size, null);
lowDep = -1;
size = 0;
}
/**
* Returns number of handles registered in table.
*/
int size() {
return size;
}
/**
* Expands capacity of internal arrays.
*/
private void grow() {
int newCapacity = (entries.length << 1) + 1;
byte[] newStatus = new byte[newCapacity];
Object[] newEntries = new Object[newCapacity];
HandleList[] newDeps = new HandleList[newCapacity];
System.arraycopy(status, 0, newStatus, 0, size);
System.arraycopy(entries, 0, newEntries, 0, size);
System.arraycopy(deps, 0, newDeps, 0, size);
status = newStatus;
entries = newEntries;
deps = newDeps;
}
/**
* Simple growable list of (integer) handles.
*/
private static class HandleList {
private int[] list = new int[4];
private int size = 0;
public HandleList() {
}
public void add(int handle) {
if (size >= list.length) {
int[] newList = new int[list.length << 1];
System.arraycopy(list, 0, newList, 0, list.length);
list = newList;
}
list[size++] = handle;
}
public int get(int index) {
if (index >= size) {
throw new ArrayIndexOutOfBoundsException();
}
return list[index];
}
public int size() {
return size;
}
}
}
/**
* Method for cloning arrays in case of using unsharing reading
*/
private static Object cloneArray(Object array) {
if (array instanceof Object[]) {
return ((Object[]) array).clone();
} else if (array instanceof boolean[]) {
return ((boolean[]) array).clone();
} else if (array instanceof byte[]) {
return ((byte[]) array).clone();
} else if (array instanceof char[]) {
return ((char[]) array).clone();
} else if (array instanceof double[]) {
return ((double[]) array).clone();
} else if (array instanceof float[]) {
return ((float[]) array).clone();
} else if (array instanceof int[]) {
return ((int[]) array).clone();
} else if (array instanceof long[]) {
return ((long[]) array).clone();
} else if (array instanceof short[]) {
return ((short[]) array).clone();
} else {
throw new AssertionError();
}
}
private void validateDescriptor(ObjectStreamClass descriptor) {
ObjectStreamClassValidator validating = validator;
if (validating != null) {
validating.validateDescriptor(descriptor);
}
}
// controlled access to ObjectStreamClassValidator
private volatile ObjectStreamClassValidator validator;
private static void setValidator(ObjectInputStream ois, ObjectStreamClassValidator validator) {
ois.validator = validator;
}
static {
SharedSecrets.setJavaObjectInputStreamAccess(ObjectInputStream::setValidator);
}
}
Enum.valueOf(Class, String)
with the enum constant's
* base type and the received constant name as arguments. Like other
* serializable or externalizable objects, enum constants can function as the
* targets of back references appearing subsequently in the serialization
* stream. The process by which enum constants are deserialized cannot be
* customized: any class-specific readObject, readObjectNoData, and readResolve
* methods defined by enum types are ignored during deserialization.
* Similarly, any serialPersistentFields or serialVersionUID field declarations
* are also ignored--all enum types have a fixed serialVersionUID of 0L.
*
* @author Mike Warres
* @author Roger Riggs
* @see java.io.DataInput
* @see java.io.ObjectOutputStream
* @see java.io.Serializable
* @see Object Serialization Specification, Section 3, Object Input Classes
* @since JDK1.1
*/
public class ObjectInputStream
extends InputStream implements ObjectInput, ObjectStreamConstants
{
/** handle value representing null */
private static final int NULL_HANDLE = -1;
/** marker for unshared objects in internal handle table */
private static final Object unsharedMarker = new Object();
/** table mapping primitive type names to corresponding class objects */
private static final HashMapin
is null
* @see ObjectInputStream#ObjectInputStream()
* @see ObjectInputStream#readFields()
* @see ObjectOutputStream#ObjectOutputStream(OutputStream)
*/
public ObjectInputStream(InputStream in) throws IOException {
verifySubclass();
bin = new BlockDataInputStream(in);
handles = new HandleTable(10);
vlist = new ValidationList();
serialFilter = ObjectInputFilter.Config.getSerialFilter();
enableOverride = false;
readStreamHeader();
bin.setBlockDataMode(true);
}
/**
* Provide a way for subclasses that are completely reimplementing
* ObjectInputStream to not have to allocate private data just used by this
* implementation of ObjectInputStream.
*
* checkPermission
method with the
* SerializablePermission("enableSubclassImplementation")
* permission to ensure it's ok to enable subclassing.
*
* @throws SecurityException if a security manager exists and its
* checkPermission
method denies enabling
* subclassing.
* @throws IOException if an I/O error occurs while creating this stream
* @see SecurityManager#checkPermission
* @see java.io.SerializablePermission
*/
protected ObjectInputStream() throws IOException, SecurityException {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION);
}
bin = null;
handles = null;
vlist = null;
serialFilter = ObjectInputFilter.Config.getSerialFilter();
enableOverride = true;
}
/**
* Read an object from the ObjectInputStream. The class of the object, the
* signature of the class, and the values of the non-transient and
* non-static fields of the class and all of its supertypes are read.
* Default deserializing for a class can be overridden using the writeObject
* and readObject methods. Objects referenced by this object are read
* transitively so that a complete equivalent graph of objects is
* reconstructed by readObject.
*
*
*
* Deserializing an object via readUnshared invalidates the stream handle
* associated with the returned object. Note that this in itself does not
* always guarantee that the reference returned by readUnshared is unique;
* the deserialized object may define a readResolve method which returns an
* object visible to other parties, or readUnshared may return a Class
* object or enum constant obtainable elsewhere in the stream or through
* external means. If the deserialized object defines a readResolve method
* and the invocation of that method returns an array, then readUnshared
* returns a shallow clone of that array; this guarantees that the returned
* array object is unique and cannot be obtained a second time from an
* invocation of readObject or readUnshared on the ObjectInputStream,
* even if the underlying data stream has been manipulated.
*
* GetField
object representing the persistent
* fields of the object being deserialized
* @throws ClassNotFoundException if the class of a serialized object
* could not be found.
* @throws IOException if an I/O error occurs.
* @throws NotActiveException if the stream is not currently reading
* objects.
* @since 1.2
*/
public ObjectInputStream.GetField readFields()
throws IOException, ClassNotFoundException
{
SerialCallbackContext ctx = curContext;
if (ctx == null) {
throw new NotActiveException("not in call to readObject");
}
Object curObj = ctx.getObj();
ObjectStreamClass curDesc = ctx.getDesc();
bin.setBlockDataMode(false);
GetFieldImpl getField = new GetFieldImpl(curDesc);
getField.readFields();
bin.setBlockDataMode(true);
if (!curDesc.hasWriteObjectData()) {
/*
* Fix for 4360508: since stream does not contain terminating
* TC_ENDBLOCKDATA tag, set flag so that reading code elsewhere
* knows to simulate end-of-custom-data behavior.
*/
defaultDataEnd = true;
}
return getField;
}
/**
* Register an object to be validated before the graph is returned. While
* similar to resolveObject these validations are called after the entire
* graph has been reconstituted. Typically, a readObject method will
* register the object with the stream so that when all of the objects are
* restored a final set of validations can be performed.
*
* @param obj the object to receive the validation callback.
* @param prio controls the order of callbacks;zero is a good default.
* Use higher numbers to be called back earlier, lower numbers for
* later callbacks. Within a priority, callbacks are processed in
* no particular order.
* @throws NotActiveException The stream is not currently reading objects
* so it is invalid to register a callback.
* @throws InvalidObjectException The validation object is null.
*/
public void registerValidation(ObjectInputValidation obj, int prio)
throws NotActiveException, InvalidObjectException
{
if (depth == 0) {
throw new NotActiveException("stream inactive");
}
vlist.register(obj, prio);
}
/**
* Load the local class equivalent of the specified stream class
* description. Subclasses may implement this method to allow classes to
* be fetched from an alternate source.
*
* ObjectOutputStream
is
* annotateClass
. This method will be invoked only once for
* each unique class in the stream. This method can be implemented by
* subclasses to use an alternate loading mechanism but must return a
* Class
object. Once returned, if the class is not an array
* class, its serialVersionUID is compared to the serialVersionUID of the
* serialized class, and if there is a mismatch, the deserialization fails
* and an {@link InvalidClassException} is thrown.
*
* ObjectInputStream
returns the result of calling
*
* Class.forName(desc.getName(), false, loader)
*
* where loader
is determined as follows: if there is a
* method on the current thread's stack whose declaring class was
* defined by a user-defined class loader (and was not a generated to
* implement reflective invocations), then loader
is class
* loader corresponding to the closest such method to the currently
* executing frame; otherwise, loader
is
* null
. If this call results in a
* ClassNotFoundException
and the name of the passed
* ObjectStreamClass
instance is the Java language keyword
* for a primitive type or void, then the Class
object
* representing that primitive type or void will be returned
* (e.g., an ObjectStreamClass
with the name
* "int"
will be resolved to Integer.TYPE
).
* Otherwise, the ClassNotFoundException
will be thrown to
* the caller of this method.
*
* @param desc an instance of class ObjectStreamClass
* @return a Class
object corresponding to desc
* @throws IOException any of the usual Input/Output exceptions.
* @throws ClassNotFoundException if class of a serialized object cannot
* be found.
*/
protected Class> resolveClass(ObjectStreamClass desc)
throws IOException, ClassNotFoundException
{
String name = desc.getName();
try {
return Class.forName(name, false, latestUserDefinedLoader());
} catch (ClassNotFoundException ex) {
Class> cl = primClasses.get(name);
if (cl != null) {
return cl;
} else {
throw ex;
}
}
}
/**
* Returns a proxy class that implements the interfaces named in a proxy
* class descriptor; subclasses may implement this method to read custom
* data from the stream along with the descriptors for dynamic proxy
* classes, allowing them to use an alternate loading mechanism for the
* interfaces and the proxy class.
*
* ObjectOutputStream
is
* annotateProxyClass
. For a given subclass of
* ObjectInputStream
that overrides this method, the
* annotateProxyClass
method in the corresponding subclass of
* ObjectOutputStream
must write any data or objects read by
* this method.
*
* ObjectInputStream
returns the result of calling
* Proxy.getProxyClass
with the list of Class
* objects for the interfaces that are named in the interfaces
* parameter. The Class
object for each interface name
* i
is the value returned by calling
*
* Class.forName(i, false, loader)
*
* where loader
is that of the first non-null
* class loader up the execution stack, or null
if no
* non-null
class loaders are on the stack (the same class
* loader choice used by the resolveClass
method). Unless any
* of the resolved interfaces are non-public, this same value of
* loader
is also the class loader passed to
* Proxy.getProxyClass
; if non-public interfaces are present,
* their class loader is passed instead (if more than one non-public
* interface class loader is encountered, an
* IllegalAccessError
is thrown).
* If Proxy.getProxyClass
throws an
* IllegalArgumentException
, resolveProxyClass
* will throw a ClassNotFoundException
containing the
* IllegalArgumentException
.
*
* @param interfaces the list of interface names that were
* deserialized in the proxy class descriptor
* @return a proxy class for the specified interfaces
* @throws IOException any exception thrown by the underlying
* InputStream
* @throws ClassNotFoundException if the proxy class or any of the
* named interfaces could not be found
* @see ObjectOutputStream#annotateProxyClass(Class)
* @since 1.3
*/
protected Class> resolveProxyClass(String[] interfaces)
throws IOException, ClassNotFoundException
{
ClassLoader latestLoader = latestUserDefinedLoader();
ClassLoader nonPublicLoader = null;
boolean hasNonPublicInterface = false;
// define proxy in class loader of non-public interface(s), if any
Class>[] classObjs = new Class>[interfaces.length];
for (int i = 0; i < interfaces.length; i++) {
Class> cl = Class.forName(interfaces[i], false, latestLoader);
if ((cl.getModifiers() & Modifier.PUBLIC) == 0) {
if (hasNonPublicInterface) {
if (nonPublicLoader != cl.getClassLoader()) {
throw new IllegalAccessError(
"conflicting non-public interface class loaders");
}
} else {
nonPublicLoader = cl.getClassLoader();
hasNonPublicInterface = true;
}
}
classObjs[i] = cl;
}
try {
return Proxy.getProxyClass(
hasNonPublicInterface ? nonPublicLoader : latestLoader,
classObjs);
} catch (IllegalArgumentException e) {
throw new ClassNotFoundException(null, e);
}
}
/**
* This method will allow trusted subclasses of ObjectInputStream to
* substitute one object for another during deserialization. Replacing
* objects is disabled until enableResolveObject is called. The
* enableResolveObject method checks that the stream requesting to resolve
* object can be trusted. Every reference to serializable objects is passed
* to resolveObject. To insure that the private state of objects is not
* unintentionally exposed only trusted streams may use resolveObject.
*
* checkPermission
method with the
* SerializablePermission("enableSubstitution")
permission to
* ensure it's ok to enable the stream to allow objects read from the
* stream to be replaced.
*
* @param enable true for enabling use of resolveObject
for
* every object being deserialized
* @return the previous setting before this method was invoked
* @throws SecurityException if a security manager exists and its
* checkPermission
method denies enabling the stream
* to allow objects read from the stream to be replaced.
* @see SecurityManager#checkPermission
* @see java.io.SerializablePermission
*/
protected boolean enableResolveObject(boolean enable)
throws SecurityException
{
if (enable == enableResolve) {
return enable;
}
if (enable) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SUBSTITUTION_PERMISSION);
}
}
enableResolve = enable;
return !enableResolve;
}
/**
* The readStreamHeader method is provided to allow subclasses to read and
* verify their own stream headers. It reads and verifies the magic number
* and version number.
*
* @throws IOException if there are I/O errors while reading from the
* underlying InputStream
* @throws StreamCorruptedException if control information in the stream
* is inconsistent
*/
protected void readStreamHeader()
throws IOException, StreamCorruptedException
{
short s0 = bin.readShort();
short s1 = bin.readShort();
if (s0 != STREAM_MAGIC || s1 != STREAM_VERSION) {
throw new StreamCorruptedException(
String.format("invalid stream header: %04X%04X", s0, s1));
}
}
/**
* Read a class descriptor from the serialization stream. This method is
* called when the ObjectInputStream expects a class descriptor as the next
* item in the serialization stream. Subclasses of ObjectInputStream may
* override this method to read in class descriptors that have been written
* in non-standard formats (by subclasses of ObjectOutputStream which have
* overridden the writeClassDescriptor
method). By default,
* this method reads class descriptors according to the format defined in
* the Object Serialization specification.
*
* @return the class descriptor read
* @throws IOException If an I/O error has occurred.
* @throws ClassNotFoundException If the Class of a serialized object used
* in the class descriptor representation cannot be found
* @see java.io.ObjectOutputStream#writeClassDescriptor(java.io.ObjectStreamClass)
* @since 1.3
*/
protected ObjectStreamClass readClassDescriptor()
throws IOException, ClassNotFoundException
{
ObjectStreamClass desc = new ObjectStreamClass();
desc.readNonProxy(this);
return desc;
}
/**
* Reads a byte of data. This method will block if no input is available.
*
* @return the byte read, or -1 if the end of the stream is reached.
* @throws IOException If an I/O error has occurred.
*/
public int read() throws IOException {
return bin.read();
}
/**
* Reads into an array of bytes. This method will block until some input
* is available. Consider using java.io.DataInputStream.readFully to read
* exactly 'length' bytes.
*
* @param buf the buffer into which the data is read
* @param off the start offset of the data
* @param len the maximum number of bytes read
* @return the actual number of bytes read, -1 is returned when the end of
* the stream is reached.
* @throws IOException If an I/O error has occurred.
* @see java.io.DataInputStream#readFully(byte[],int,int)
*/
public int read(byte[] buf, int off, int len) throws IOException {
if (buf == null) {
throw new NullPointerException();
}
int endoff = off + len;
if (off < 0 || len < 0 || endoff > buf.length || endoff < 0) {
throw new IndexOutOfBoundsException();
}
return bin.read(buf, off, len, false);
}
/**
* Returns the number of bytes that can be read without blocking.
*
* @return the number of available bytes.
* @throws IOException if there are I/O errors while reading from the
* underlying InputStream
*/
public int available() throws IOException {
return bin.available();
}
/**
* Closes the input stream. Must be called to release any resources
* associated with the stream.
*
* @throws IOException If an I/O error has occurred.
*/
public void close() throws IOException {
/*
* Even if stream already closed, propagate redundant close to
* underlying stream to stay consistent with previous implementations.
*/
closed = true;
if (depth == 0) {
clear();
}
bin.close();
}
/**
* Reads in a boolean.
*
* @return the boolean read.
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
public boolean readBoolean() throws IOException {
return bin.readBoolean();
}
/**
* Reads an 8 bit byte.
*
* @return the 8 bit byte read.
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
public byte readByte() throws IOException {
return bin.readByte();
}
/**
* Reads an unsigned 8 bit byte.
*
* @return the 8 bit byte read.
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
public int readUnsignedByte() throws IOException {
return bin.readUnsignedByte();
}
/**
* Reads a 16 bit char.
*
* @return the 16 bit char read.
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
public char readChar() throws IOException {
return bin.readChar();
}
/**
* Reads a 16 bit short.
*
* @return the 16 bit short read.
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
public short readShort() throws IOException {
return bin.readShort();
}
/**
* Reads an unsigned 16 bit short.
*
* @return the 16 bit short read.
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
public int readUnsignedShort() throws IOException {
return bin.readUnsignedShort();
}
/**
* Reads a 32 bit int.
*
* @return the 32 bit integer read.
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
public int readInt() throws IOException {
return bin.readInt();
}
/**
* Reads a 64 bit long.
*
* @return the read 64 bit long.
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
public long readLong() throws IOException {
return bin.readLong();
}
/**
* Reads a 32 bit float.
*
* @return the 32 bit float read.
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
public float readFloat() throws IOException {
return bin.readFloat();
}
/**
* Reads a 64 bit double.
*
* @return the 64 bit double read.
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
public double readDouble() throws IOException {
return bin.readDouble();
}
/**
* Reads bytes, blocking until all bytes are read.
*
* @param buf the buffer into which the data is read
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
public void readFully(byte[] buf) throws IOException {
bin.readFully(buf, 0, buf.length, false);
}
/**
* Reads bytes, blocking until all bytes are read.
*
* @param buf the buffer into which the data is read
* @param off the start offset of the data
* @param len the maximum number of bytes to read
* @throws EOFException If end of file is reached.
* @throws IOException If other I/O error has occurred.
*/
public void readFully(byte[] buf, int off, int len) throws IOException {
int endoff = off + len;
if (off < 0 || len < 0 || endoff > buf.length || endoff < 0) {
throw new IndexOutOfBoundsException();
}
bin.readFully(buf, off, len, false);
}
/**
* Skips bytes.
*
* @param len the number of bytes to be skipped
* @return the actual number of bytes skipped.
* @throws IOException If an I/O error has occurred.
*/
public int skipBytes(int len) throws IOException {
return bin.skipBytes(len);
}
/**
* Reads in a line that has been terminated by a \n, \r, \r\n or EOF.
*
* @return a String copy of the line.
* @throws IOException if there are I/O errors while reading from the
* underlying InputStream
* @deprecated This method does not properly convert bytes to characters.
* see DataInputStream for the details and alternatives.
*/
@Deprecated
public String readLine() throws IOException {
return bin.readLine();
}
/**
* Reads a String in
* modified UTF-8
* format.
*
* @return the String.
* @throws IOException if there are I/O errors while reading from the
* underlying InputStream
* @throws UTFDataFormatException if read bytes do not represent a valid
* modified UTF-8 encoding of a string
*/
public String readUTF() throws IOException {
return bin.readUTF();
}
/**
* Returns the serialization filter for this stream.
* The serialization filter is the most recent filter set in
* {@link #setInternalObjectInputFilter setInternalObjectInputFilter} or
* the initial process-wide filter from
* {@link ObjectInputFilter.Config#getSerialFilter() ObjectInputFilter.Config.getSerialFilter}.
*
* @return the serialization filter for the stream; may be null
*/
private final ObjectInputFilter getInternalObjectInputFilter() {
return serialFilter;
}
/**
* Set the serialization filter for the stream.
* The filter's {@link ObjectInputFilter#checkInput checkInput} method is called
* for each class and reference in the stream.
* The filter can check any or all of the class, the array length, the number
* of references, the depth of the graph, and the size of the input stream.
*
*
*
* When the {@link ObjectInputFilter#checkInput checkInput} method is invoked
* it is given access to the current class, the array length,
* the current number of references already read from the stream,
* the depth of nested calls to {@link #readObject readObject} or
* {@link #readUnshared readUnshared},
* and the implementation dependent number of bytes consumed from the input stream.
* InputStream
* @throws IllegalArgumentException if name
does not
* correspond to a serializable field
*/
public abstract boolean defaulted(String name) throws IOException;
/**
* Get the value of the named boolean field from the persistent field.
*
* @param name the name of the field
* @param val the default value to use if name
does not
* have a value
* @return the value of the named boolean
field
* @throws IOException if there are I/O errors while reading from the
* underlying InputStream
* @throws IllegalArgumentException if type of name
is
* not serializable or if the field type is incorrect
*/
public abstract boolean get(String name, boolean val)
throws IOException;
/**
* Get the value of the named byte field from the persistent field.
*
* @param name the name of the field
* @param val the default value to use if name
does not
* have a value
* @return the value of the named byte
field
* @throws IOException if there are I/O errors while reading from the
* underlying InputStream
* @throws IllegalArgumentException if type of name
is
* not serializable or if the field type is incorrect
*/
public abstract byte get(String name, byte val) throws IOException;
/**
* Get the value of the named char field from the persistent field.
*
* @param name the name of the field
* @param val the default value to use if name
does not
* have a value
* @return the value of the named char
field
* @throws IOException if there are I/O errors while reading from the
* underlying InputStream
* @throws IllegalArgumentException if type of name
is
* not serializable or if the field type is incorrect
*/
public abstract char get(String name, char val) throws IOException;
/**
* Get the value of the named short field from the persistent field.
*
* @param name the name of the field
* @param val the default value to use if name
does not
* have a value
* @return the value of the named short
field
* @throws IOException if there are I/O errors while reading from the
* underlying InputStream
* @throws IllegalArgumentException if type of name
is
* not serializable or if the field type is incorrect
*/
public abstract short get(String name, short val) throws IOException;
/**
* Get the value of the named int field from the persistent field.
*
* @param name the name of the field
* @param val the default value to use if name
does not
* have a value
* @return the value of the named int
field
* @throws IOException if there are I/O errors while reading from the
* underlying InputStream
* @throws IllegalArgumentException if type of name
is
* not serializable or if the field type is incorrect
*/
public abstract int get(String name, int val) throws IOException;
/**
* Get the value of the named long field from the persistent field.
*
* @param name the name of the field
* @param val the default value to use if name
does not
* have a value
* @return the value of the named long
field
* @throws IOException if there are I/O errors while reading from the
* underlying InputStream
* @throws IllegalArgumentException if type of name
is
* not serializable or if the field type is incorrect
*/
public abstract long get(String name, long val) throws IOException;
/**
* Get the value of the named float field from the persistent field.
*
* @param name the name of the field
* @param val the default value to use if name
does not
* have a value
* @return the value of the named float
field
* @throws IOException if there are I/O errors while reading from the
* underlying InputStream
* @throws IllegalArgumentException if type of name
is
* not serializable or if the field type is incorrect
*/
public abstract float get(String name, float val) throws IOException;
/**
* Get the value of the named double field from the persistent field.
*
* @param name the name of the field
* @param val the default value to use if name
does not
* have a value
* @return the value of the named double
field
* @throws IOException if there are I/O errors while reading from the
* underlying InputStream
* @throws IllegalArgumentException if type of name
is
* not serializable or if the field type is incorrect
*/
public abstract double get(String name, double val) throws IOException;
/**
* Get the value of the named Object field from the persistent field.
*
* @param name the name of the field
* @param val the default value to use if name
does not
* have a value
* @return the value of the named Object
field
* @throws IOException if there are I/O errors while reading from the
* underlying InputStream
* @throws IllegalArgumentException if type of name
is
* not serializable or if the field type is incorrect
*/
public abstract Object get(String name, Object val) throws IOException;
}
/**
* Verifies that this (possibly subclass) instance can be constructed
* without violating security constraints: the subclass must not override
* security-sensitive non-final methods, or else the
* "enableSubclassImplementation" SerializablePermission is checked.
*/
private void verifySubclass() {
Class> cl = getClass();
if (cl == ObjectInputStream.class) {
return;
}
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
return;
}
processQueue(Caches.subclassAuditsQueue, Caches.subclassAudits);
WeakClassKey key = new WeakClassKey(cl, Caches.subclassAuditsQueue);
Boolean result = Caches.subclassAudits.get(key);
if (result == null) {
result = Boolean.valueOf(auditSubclass(cl));
Caches.subclassAudits.putIfAbsent(key, result);
}
if (result.booleanValue()) {
return;
}
sm.checkPermission(SUBCLASS_IMPLEMENTATION_PERMISSION);
}
/**
* Performs reflective checks on given subclass to verify that it doesn't
* override security-sensitive non-final methods. Returns true if subclass
* is "safe", false otherwise.
*/
private static boolean auditSubclass(final Class> subcl) {
Boolean result = AccessController.doPrivileged(
new PrivilegedAction