/**
* Licensed to the Austrian Association for Software Tool Integration (AASTI)
* under one or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information regarding copyright
* ownership. The AASTI licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.openengsb.core.persistence.internal;
import java.io.Externalizable;
import java.io.IOException;
import java.io.NotSerializableException;
import java.io.ObjectOutput;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamClass;
import java.io.ObjectStreamField;
import java.io.OutputStream;
import java.io.Serializable;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.util.Date;
import java.util.HashSet;
import java.util.IdentityHashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import java.util.Stack;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Utility class that analyzes objects for non-serializable nodes. Construct, then call {@link #check(Object)} with the
* object you want to check. When a non-serializable object is found, a {@link WicketNotSerializableException} is thrown
* with a message that shows the trace up to the not-serializable object. The exception is thrown for the first
* non-serializable instance it encounters, so multiple problems will not be shown.
* <p>
* As this class depends heavily on JDK's serialization internals using introspection, analyzing may not be possible,
* for instance when the runtime environment does not have sufficient rights to set fields accessible that would
* otherwise be hidden. You should call {@link SerializableChecker#isAvailable()} to see whether this class can operate
* properly. If it doesn't, you should fall back to e.g. re-throwing/ printing the {@link NotSerializableException} you
* probably got before using this class.
* </p>
*
* @author eelcohillenius
* @author Al Maw
*/
public final class SerializableChecker extends ObjectOutputStream {
/** log. */
private static final Logger LOGGER = LoggerFactory.getLogger(SerializableChecker.class);
/**
* Exception that is thrown when a non-serializable object was found.
*/
public static final class ObjectDbNotSerializableException extends RuntimeException {
private static final long serialVersionUID = 1L;
ObjectDbNotSerializableException(String message, Throwable cause) {
super(message, cause);
}
}
/**
* Does absolutely nothing.
*/
private static class NoopOutputStream extends OutputStream {
@Override
public void close() {
}
@Override
public void flush() {
}
@Override
public void write(byte[] b) {
}
@Override
public void write(byte[] b, int i, int l) {
}
@Override
public void write(int b) {
}
}
private abstract static class ObjectOutputAdaptor implements ObjectOutput {
@Override
public void writeBoolean(boolean v) throws IOException {
}
@Override
public void writeByte(int v) throws IOException {
}
@Override
public void writeShort(int v) throws IOException {
}
@Override
public void writeChar(int v) throws IOException {
}
@Override
public void writeInt(int v) throws IOException {
}
@Override
public void writeLong(long v) throws IOException {
}
@Override
public void writeFloat(float v) throws IOException {
}
@Override
public void writeDouble(double v) throws IOException {
}
@Override
public void writeBytes(String s) throws IOException {
}
@Override
public void writeChars(String s) throws IOException {
}
@Override
public void writeUTF(String s) throws IOException {
}
@Override
public void writeObject(Object obj) throws IOException {
}
@Override
public void write(int b) throws IOException {
}
@Override
public void write(byte[] b) throws IOException {
}
@Override
public void write(byte[] b, int off, int len) throws IOException {
}
@Override
public void flush() throws IOException {
}
@Override
public void close() throws IOException {
}
}
/** Holds information about the field and the resulting object being traced. */
private static final class TraceSlot {
private final String fieldDescription;
private final Object object;
TraceSlot(Object object, String fieldDescription) {
super();
this.object = object;
this.fieldDescription = fieldDescription;
}
@Override
public String toString() {
return object.getClass() + " - " + fieldDescription;
}
}
private static final NoopOutputStream DUMMY_OUTPUT_STREAM = new NoopOutputStream();
/** Whether we can execute the tests. If false, check will just return. */
private static boolean available = true;
// this hack - accessing the serialization API through introspection - is
// the only way to use Java serialization for our purposes without writing
// the whole thing from scratch (and even then, it would be limited). This
// way of working is of course fragile for internal API changes, but as we
// do an extra check on availability and we report when we can't use this
// introspection fu, we'll find out soon enough and clients on this class
// can fall back on Java's default exception for serialization errors (which
// sucks and is the main reason for this attempt).
private static Method lookupMethod;
private static Method getClassDataLayoutMethod;
private static Method getNumObjFieldsMethod;
private static Method getObjFieldValuesMethod;
private static Method getFieldMethod;
private static Method hasWriteReplaceMethodMetod;
private static Method invokeWriteReplaceMethod;
static {
try {
lookupMethod = ObjectStreamClass.class.getDeclaredMethod("lookup", new Class[]{
Class.class, Boolean.TYPE });
lookupMethod.setAccessible(true);
getClassDataLayoutMethod = ObjectStreamClass.class.getDeclaredMethod(
"getClassDataLayout", (Class[]) null);
getClassDataLayoutMethod.setAccessible(true);
getNumObjFieldsMethod = ObjectStreamClass.class.getDeclaredMethod(
"getNumObjFields", (Class[]) null);
getNumObjFieldsMethod.setAccessible(true);
getObjFieldValuesMethod = ObjectStreamClass.class.getDeclaredMethod(
"getObjFieldValues", new Class[]{ Object.class, Object[].class });
getObjFieldValuesMethod.setAccessible(true);
getFieldMethod = ObjectStreamField.class.getDeclaredMethod("getField", (Class[]) null);
getFieldMethod.setAccessible(true);
hasWriteReplaceMethodMetod = ObjectStreamClass.class.getDeclaredMethod(
"hasWriteReplaceMethod", (Class[]) null);
hasWriteReplaceMethodMetod.setAccessible(true);
invokeWriteReplaceMethod = ObjectStreamClass.class.getDeclaredMethod(
"invokeWriteReplace", new Class[]{ Object.class });
invokeWriteReplaceMethod.setAccessible(true);
} catch (Exception e) {
LOGGER.warn("SerializableChecker not available", e);
available = false;
}
}
/**
* Gets whether we can execute the tests. If false, calling {@link #check(Object)} will just return and you are
* advised to rely on the {@link NotSerializableException}. Clients are advised to call this method prior to calling
* the check method.
*
* @return whether security settings and underlying API etc allow for accessing the serialization API using
* introspection
*/
public static boolean isAvailable() {
return available;
}
/** object stack that with the trace path. */
private final LinkedList<TraceSlot> traceStack = new LinkedList<TraceSlot>();
/** set for checking circular references. */
private final Map<Object, Object> checked = new IdentityHashMap<Object, Object>();
/** string stack with current names pushed. */
private final LinkedList<String> nameStack = new LinkedList<String>();
/** root object being analyzed. */
private Object root;
/** set of classes that had no writeObject methods at lookup (to avoid repeated checking) */
private final Set<Class<?>> writeObjectMethodMissing = new HashSet<Class<?>>();
/** current simple field name. */
private String simpleName = "";
/** current full field description. */
private String fieldDescription;
/** Exception that should be set as the cause when throwing a new exception. */
private final NotSerializableException exception;
private final Stack<Object> stack = new Stack<Object>();
/**
* Construct.
*
* @param exception exception that should be set as the cause when throwing a new exception
*
* @throws IOException
*/
public SerializableChecker(NotSerializableException exception) throws IOException {
this.exception = exception;
}
/**
* @see java.io.ObjectOutputStream#reset()
*/
@Override
public void reset() throws IOException {
root = null;
checked.clear();
fieldDescription = null;
simpleName = null;
traceStack.clear();
nameStack.clear();
writeObjectMethodMissing.clear();
}
private void check(Object obj) {
if (obj == null) {
return;
}
try {
if (stack.contains(obj)) {
return;
}
} catch (RuntimeException e) {
LOGGER.warn("Wasn't possible to check the object " + obj.getClass()
+ " possible due an problematic implementation of equals method");
/*
* Can't check if this obj were in stack, giving up because we don't want to throw an invaluable exception
* to user. The main goal of this checker is to find non serializable data
*/
return;
}
stack.push(obj);
try {
internalCheck(obj);
} finally {
stack.pop();
}
}
private void internalCheck(Object obj) {
if (obj == null) {
return;
}
Class<?> cls = obj.getClass();
nameStack.add(simpleName);
traceStack.add(new TraceSlot(obj, fieldDescription));
if (!(obj instanceof Serializable) && (!Proxy.isProxyClass(cls))) {
throw new ObjectDbNotSerializableException(toPrettyPrintedStack(obj.getClass().getName()), exception);
}
ObjectStreamClass desc;
for (;;) {
try {
desc = (ObjectStreamClass) lookupMethod.invoke(null, cls, Boolean.TRUE);
obj = invokeWriteReplaceMethod.invoke(desc, obj);
Class<?> repCl = obj.getClass();
if (!(Boolean) hasWriteReplaceMethodMetod.invoke(desc, (Object[]) null)
|| obj == null
|| repCl == cls) {
break;
}
cls = repCl;
} catch (IllegalAccessException e) {
throw new RuntimeException(e);
} catch (InvocationTargetException e) {
throw new RuntimeException(e);
}
}
if (cls.isPrimitive()) {
LOGGER.trace("skip primitive check");
} else if (cls.isArray()) {
checked.put(obj, null);
Class<?> ccl = cls.getComponentType();
if (!(ccl.isPrimitive())) {
Object[] objs = (Object[]) obj;
for (int i = 0; i < objs.length; i++) {
String arrayPos = "[" + i + "]";
simpleName = arrayPos;
fieldDescription += arrayPos;
check(objs[i]);
}
}
} else if (obj instanceof Externalizable && (!Proxy.isProxyClass(cls))) {
Externalizable extObj = (Externalizable) obj;
try {
extObj.writeExternal(new ObjectOutputAdaptor() {
private int count = 0;
@Override
public void writeObject(Object streamObj) throws IOException {
if (checked.containsKey(streamObj)) {
return;
}
checked.put(streamObj, null);
String arrayPos = "[write:" + count++ + "]";
simpleName = arrayPos;
fieldDescription += arrayPos;
check(streamObj);
}
});
} catch (Exception e) {
if (e instanceof ObjectDbNotSerializableException) {
throw (ObjectDbNotSerializableException) e;
}
LOGGER.warn("error delegating to Externalizable : " + e.getMessage() + ", path: " + currentPath());
}
} else {
Method writeObjectMethod = null;
if (!writeObjectMethodMissing.contains(cls)) {
try {
writeObjectMethod =
cls.getDeclaredMethod("writeObject", new Class[]{ java.io.ObjectOutputStream.class });
} catch (SecurityException e) {
writeObjectMethodMissing.add(cls);
} catch (NoSuchMethodException e) {
writeObjectMethodMissing.add(cls);
}
}
final Object original = obj;
if (writeObjectMethod != null) {
class InterceptingObjectOutputStream extends ObjectOutputStream {
private int counter;
InterceptingObjectOutputStream() throws IOException {
super(DUMMY_OUTPUT_STREAM);
enableReplaceObject(true);
}
@Override
protected Object replaceObject(Object streamObj) throws IOException {
if (streamObj == original) {
return streamObj;
}
counter++;
if (checked.containsKey(streamObj)) {
return null;
}
checked.put(streamObj, null);
String arrayPos = "[write:" + counter + "]";
simpleName = arrayPos;
fieldDescription += arrayPos;
check(streamObj);
return streamObj;
}
}
InterceptingObjectOutputStream ioos = null;
try {
ioos = new InterceptingObjectOutputStream();
ioos.writeObject(obj);
} catch (Exception e) {
if (e instanceof ObjectDbNotSerializableException) {
throw (ObjectDbNotSerializableException) e;
}
LOGGER.warn("error delegating to writeObject : " + e.getMessage() + ", path: " + currentPath());
} finally {
IOUtils.closeQuietly(ioos);
}
} else {
Object[] slots;
try {
slots = (Object[]) getClassDataLayoutMethod.invoke(desc, (Object[]) null);
} catch (Exception e) {
throw new RuntimeException(e);
}
for (Object slot : slots) {
ObjectStreamClass slotDesc;
try {
Field descField = slot.getClass().getDeclaredField("desc");
descField.setAccessible(true);
slotDesc = (ObjectStreamClass) descField.get(slot);
} catch (Exception e) {
throw new RuntimeException(e);
}
checked.put(obj, null);
checkFields(obj, slotDesc);
}
}
}
traceStack.removeLast();
nameStack.removeLast();
}
private void checkFields(Object obj, ObjectStreamClass desc) {
int numFields;
try {
numFields = (Integer) getNumObjFieldsMethod.invoke(desc, (Object[]) null);
} catch (IllegalAccessException e) {
throw new RuntimeException(e);
} catch (InvocationTargetException e) {
throw new RuntimeException(e);
}
if (numFields > 0) {
int numPrimFields;
ObjectStreamField[] fields = desc.getFields();
Object[] objVals = new Object[numFields];
numPrimFields = fields.length - objVals.length;
try {
getObjFieldValuesMethod.invoke(desc, obj, objVals);
} catch (IllegalAccessException e) {
throw new RuntimeException(e);
} catch (InvocationTargetException e) {
throw new RuntimeException(e);
}
for (int i = 0; i < objVals.length; i++) {
if (objVals[i] instanceof String || objVals[i] instanceof Number || objVals[i] instanceof Date
|| objVals[i] instanceof Boolean || objVals[i] instanceof Class) {
continue;
}
// Check for circular reference.
if (checked.containsKey(objVals[i])) {
continue;
}
ObjectStreamField fieldDesc = fields[numPrimFields + i];
Field field;
try {
field = (Field) getFieldMethod.invoke(fieldDesc, (Object[]) null);
} catch (IllegalAccessException e) {
throw new RuntimeException(e);
} catch (InvocationTargetException e) {
throw new RuntimeException(e);
}
field.getName();
simpleName = field.getName();
fieldDescription = field.toString();
check(objVals[i]);
}
}
}
/**
* @return name from root to current node concatenated with slashes
*/
private StringBuilder currentPath() {
StringBuilder b = new StringBuilder();
for (Iterator<String> it = nameStack.iterator(); it.hasNext();) {
b.append(it.next());
if (it.hasNext()) {
b.append('/');
}
}
return b;
}
/**
* Dump with indentation.
*
* @param type the type that couldn't be serialized
* @return A very pretty dump
*/
private String toPrettyPrintedStack(String type) {
StringBuilder result = new StringBuilder();
StringBuilder spaces = new StringBuilder();
result.append("Unable to serialize class: ");
result.append(type);
result.append("\nField hierarchy is:");
for (Iterator<TraceSlot> i = traceStack.listIterator(); i.hasNext();) {
spaces.append(" ");
TraceSlot slot = i.next();
result.append("\n").append(spaces).append(slot.fieldDescription);
result.append(" [class=").append(slot.object.getClass().getName());
result.append("]");
}
result.append(" <----- field that is not serializable");
return result.toString();
}
/**
* @see java.io.ObjectOutputStream#writeObjectOverride(java.lang.Object)
*/
@Override
protected void writeObjectOverride(Object obj) throws IOException {
if (!available) {
return;
}
root = obj;
check(root);
}
}