如果您有权访问代码库,则可以使用Ant的SerialVer任务来插入和修改
serialVersionUID可序列化类的源代码,并彻底解决此问题。
如果不能这样做,或者这不是一个选择(例如,如果您已经序列化了一些需要反序列化的对象),则一种解决方案是extend
ObjectInputStream。增强其行为,以比较
serialVersionUID流描述符与
serialVersionUID该描述符表示的本地JVM中的类的类,并在不匹配的情况下使用本地类描述符。然后,只需使用此自定义类进行反序列化即可。这样的东西(此消息的信用):
import java.io.IOException;import java.io.InputStream;import java.io.InvalidClassException;import java.io.ObjectInputStream;import java.io.ObjectStreamClass;import org.slf4j.Logger;import org.slf4j.LoggerFactory;public class DecompressibleInputStream extends ObjectInputStream { private static Logger logger = LoggerFactory.getLogger(DecompressibleInputStream.class); public DecompressibleInputStream(InputStream in) throws IOException { super(in); } @Override protected ObjectStreamClass readClassDescriptor() throws IOException, ClassNotFoundException { ObjectStreamClass resultClassDescriptor = super.readClassDescriptor(); // initially streams descriptor Class localClass; // the class in the local JVM that this descriptor represents. try { localClass = Class.forName(resultClassDescriptor.getName()); } catch (ClassNotFoundException e) { logger.error("No local class for " + resultClassDescriptor.getName(), e); return resultClassDescriptor; } ObjectStreamClass localClassDescriptor = ObjectStreamClass.lookup(localClass); if (localClassDescriptor != null) { // only if class implements serializable final long localSUID = localClassDescriptor.getSerialVersionUID(); final long streamSUID = resultClassDescriptor.getSerialVersionUID(); if (streamSUID != localSUID) { // check for serialVersionUID mismatch. final StringBuffer s = new StringBuffer("Overriding serialized class version mismatch: "); s.append("local serialVersionUID = ").append(localSUID); s.append(" stream serialVersionUID = ").append(streamSUID); Exception e = new InvalidClassException(s.toString()); logger.error("Potentially Fatal Deserialization Operation.", e); resultClassDescriptor = localClassDescriptor; // Use local class descriptor for deserialization } } return resultClassDescriptor; }}
