Fix for NETTY-150 CompactObjectInputStream web start (applet) Class.forName issue

* Refactored to reduce code duplication in CompactObjectInputStream * Made sure that class loading doesn't incur security check unnecessarily
2009-05-15 03:42:48 +00:00 · 2009-05-15 03:42:48 +00:00 · b2eea97036
commit b2eea97036
parent 64bfa6cfda
1 changed files with 18 additions and 16 deletions
--- a/src/main/java/org/jboss/netty/handler/codec/serialization/CompactObjectInputStream.java
+++ b/src/main/java/org/jboss/netty/handler/codec/serialization/CompactObjectInputStream.java
@ -71,14 +71,7 @@ class CompactObjectInputStream extends ObjectInputStream {
            return super.readClassDescriptor();
        case CompactObjectOutputStream.TYPE_NON_PRIMITIVE:
            String className = readUTF();
-            Class<?> clazz;
-            if (classLoader == null) {
-                clazz = Class.forName(
-                        className, true,
-                        Thread.currentThread().getContextClassLoader());
-            } else {
-                clazz = Class.forName(className, true, classLoader);
-            }
+            Class<?> clazz = loadClass(className);
            return ObjectStreamClass.lookup(clazz);
        default:
            throw new StreamCorruptedException(
@ -88,17 +81,26 @@ class CompactObjectInputStream extends ObjectInputStream {

    @Override
    protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException {
-        String name = desc.getName();
+        String className = desc.getName();
        try {
-            if (classLoader == null) {
-                return Class.forName(
-                        name, false,
-                        Thread.currentThread().getContextClassLoader());
-            } else {
-                return Class.forName(name, false, classLoader);
-            }
+            return loadClass(className);
        } catch (ClassNotFoundException ex) {
            return super.resolveClass(desc);
        }
    }
+
+    private Class<?> loadClass(String className) throws ClassNotFoundException {
+        Class<?> clazz;
+        ClassLoader classLoader = this.classLoader;
+        if (classLoader == null) {
+            classLoader = Thread.currentThread().getContextClassLoader();
+        }
+
+        if (classLoader != null) {
+            clazz = classLoader.loadClass(className);
+        } else {
+            clazz = Class.forName(className);
+        }
+        return clazz;
+    }
 }