JEP 187: Serialization 2.0
Chris Hegarty
chris.hegarty at oracle.com
Wed Jan 22 14:47:35 UTC 2014
On 22/01/14 13:57, Florian Weimer wrote:
> On 01/14/2014 01:26 AM, mark.reinhold at oracle.com wrote:
>> Posted: http://openjdk.java.net/jeps/187
>
> There's another aspect of the current approach to serialization that is
> not mentioned: the type information does not come from the calling
> context, but exclusively from the input stream.
Have you overlooked resolveClass [1], or are you looking for additional
context?
-Chris.
[1]
http://download.java.net/jdk8/docs/api/java/io/ObjectInputStream.html#resolveClass-java.io.ObjectStreamClass-
> This means that all
> serializable classes can be instantiated, and not just those the context
> is prepared to deal with. I don't know if this is worth changing, but I
> do think it's something to consider.
>
More information about the core-libs-dev
mailing list