https://stackoverflow.com/questions/13261804
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianHave you looked at JavaAssist (http://www.csg.ci.i.u-tokyo.ac.jp/~chiba/javassist/)? It appears to be able to load class files metadata and make it available without necessarily creating the class.
Reliably identify the class of a serialized Java object
-
27-11-2021 - |
Question
I am in need of reliably identifying the class of a serialized object in Java without deserializing it.
So far I have found that the raw data stream will contain the class name. However someone could create a custom class with an arbitrary name to fool the recognition.
Now I am considering implementing a system where the stored data of the object is also checked against a template but this seems cumbersome.
Is there a package that already does this and/or is there a simpler way to reliably identify the class of a serialized Java object?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
