问题分析
在SpringBoot中使用 org.apache.commons.lang.SerializationUtils.clone 方法时,发现克隆出来的类强转对应类时发生类型不一致的错误,经过检测发现两个看似相同的类的类加载器不一致
场景
报错信息
java.lang.ClassCastException: com.tianqiauto.tis.pc.dingdanyupai.po.PrePoint cannot be cast to com.tianqiauto.tis.pc.dingdanyupai.po.PrePoint
检测信息
解决方法分析
既然发现类加载器不一致,那么需要找到类反序列化时的类加载器是如何指定得
深入SerializationUtils.clone方法时发现内部是通过jdk的反序列化类ObjectInputStream将字节码转为对象得
发现返回对象是由cons创建的,cons 是一个Constructor,那么需要判断cons是在哪里生成的,从而推断出类加载器的生成依据,而cons存在于ObjectStreamClass,进入ObjectStreamClass desc = readClassDesc(false);判断cons何时赋值
发现执行完desc.initNonProxy(readDesc, cl, resolveEx, readClassDesc(false));这段代码时,cons有值,进入initNonProxy方法中
发现最终指向Caches.localDescs一个map中
localDescs是一个全局静态变量,所以需要知道在什么地方添加值的
打断点debug发现在序列化的时候会new ObjectStreamClass(cl)并放在localDescs里,所以进入new ObjectStreamClass(cl)的方法里,找cons的来源
发现cons是由Class<?> cl生成,也就是说cons的类加载器信息是由Class<?> cl的类加载器决定的,反向查找cl的加载
发现cl的类加载信息由latestUserDefinedLoader(),查阅资料发现,latestUserDefinedLoader()会根据栈帧信息查找第一个非根类加载器或扩展类加载器,而SerializationUtils属于ApplicationClassLoader加载的范围,所以SerializationUtils.clone(point)返回的对象是由ApplicationClassLoader加载
解决方案
方案一(推荐)
将SerializationUtils.clone中的方法复制到项目中
public class TestClassLoaderController {private static PrePoint point = new PrePoint();@GetMapping("/testClassLoader")public AjaxResult testClassLoader() {PrePoint deserialize = (PrePoint) cloneObject(point);return null;}private static Object cloneObject(PrePoint point) {ByteArrayOutputStream baos = new ByteArrayOutputStream(512);serialize(point, baos);byte[] bytes = baos.toByteArray();return deserialize(bytes);}public static Object deserialize(byte[] objectData) {if (objectData == null) {throw new IllegalArgumentException("The byte[] must not be null");}ByteArrayInputStream bais = new ByteArrayInputStream(objectData);return deserialize(bais);}public static Object deserialize(InputStream inputStream) {if (inputStream == null) {throw new IllegalArgumentException("The InputStream must not be null");}ObjectInputStream in = null;try {// stream closed in the finallyin = new ObjectInputStream(inputStream);return in.readObject();} catch (ClassNotFoundException ex) {throw new SerializationException(ex);} catch (IOException ex) {throw new SerializationException(ex);} finally {try {if (in != null) {in.close();}} catch (IOException ex) {// ignore close exception}}}public static void serialize(Serializable obj, OutputStream outputStream) {if (outputStream == null) {throw new IllegalArgumentException("The OutputStream must not be null");}ObjectOutputStream out = null;try {// stream closed in the finallyout = new ObjectOutputStream(outputStream);out.writeObject(obj);} catch (IOException ex) {throw new SerializationException(ex);} finally {try {if (out != null) {out.close();}} catch (IOException ex) {// ignore close exception}}}
}
方案二
关闭热加载
spring:devtools:restart:enabled: false
或者
@SpringBootApplication
public class SSMPApplication {public static void main(String[] args) {System.setProperty("spring.devtools.restart.enabled","false");SpringApplication.run(SSMPApplication.class);}
}
方案三
移除热加载的jar包
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-devtools</artifactId><optional>true</optional> <!-- 这个需要为 true 热部署才有效 -->
</dependency>
