how to discover serialVersionUID of serialized objects

Short question: how to discover the serialVersionUID of Objects that are in serialized form.

Detail: I have some serialized versions of Objects in a session database for a web application. For some of these objects, I failed to specify a serialVersionUID in the source code so the JVM created one for me. I want to discover what the serialVersionUID of the saved Objects are so that I can hard code it in my source files.

I have easy access to read the serialized data. I've already gone through and deleted the (old) sessions that won't read with the current versions of my code, so I know that every serialized object matches the current codebase.

Answer1:

Since you have the data, you can simply look at the eight octets following the class name in the stream as indicated by the grammar for Java Serialization

00000000: aced 0005 7372 0003 466f 6f00 0000 0000 ....sr..Foo..... 00000010: 0000 0102 0001 4c00 066d 794e 616d 6574 ......L..myNamet 00000020: 0012 4c6a 6176 612f 6c61 6e67 2f53 7472 ..Ljava/lang/Str 00000030: 696e 673b 7870 7400 044a 6f68 6e ing;xpt..John

The name of the class above is "Foo" (no package), and the serialVersionUID is 1L. Here's another example:

00000000: aced 0005 7372 0011 7374 6163 6b6f 7665 ....sr..stackove 00000010: 7266 6c6f 772e 466f 6fff ffff ffff 7e3c rflow.Foo.....~< 00000020: 1802 0001 4c00 066d 794e 616d 6574 0012 ....L..myNamet.. 00000030: 4c6a 6176 612f 6c61 6e67 2f53 7472 696e Ljava/lang/Strin 00000040: 673b 7870 7400 044a 6f68 6e g;xpt..John

The classname is stackoverflow.Foo. The serialVersionUID is 0xff7e3c18 as noted by this sequence of octets:

ff ffff fffff 7e3c 18

Now all you have to do is look at the file format to find out where your object is in each case and read the serialVersionUID that immediately follows the className in the grammar linked above.

Answer2:

What worked for me is to use ObjectStreamClass.lookup(class).

I run a method that de-serializes all of the session objects in my database. Then I run ObjectStreamClass.lookup() on each class that I am interested in. It gives me a ObjectStreamClass object for the class. A ObjectStreamClass object contains the class name and the serialVersionUID.

I'll take the output of that and modify my source files accordingly.

人吐槽 人点赞

Recommend

Comment

用户名: 密码:
验证码: 匿名发表

你可以使用这些语言

查看评论:how to discover serialVersionUID of serialized objects