JDK-2146356 : LTP: Java 6 breaks XML encoding/decoding of immutable list member and "id" property
  • Type: Backport
  • Backport of: JDK-6505888
  • Component: client-libs
  • Sub-Component: java.beans
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2007-01-29
  • Updated: 2011-03-08
  • Resolved: 2011-03-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7
6u2Fixed 7 b10Fixed
Description
Classes in the Java DTrace API that encode/decode successfully in Java 5 no longer encode/decode successfully in Java 6 (using XMLEncoder and XMLDecoder).

To demonstrate the behavior on Java 5:

; su root
...
; rm /usr/java
; ln -s /usr/jdk/jdk1.5.0_08 /usr/java
; java -version
java version "1.5.0_08"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_08-b03)
Java HotSpot(TM) Server VM (build 1.5.0_08-b03, mixed mode)

Then compile and run the attached TestBean.java in another window as non-root:

; javac TestBean.java
; java TestBean out
  serialized: TestBean[id = 1, list = [1, 2, 3]]
  deserialized: TestBean[id = 1, list = [1, 2, 3]]
  XML-encoded: TestBean[id = 1, list = [1, 2, 3]]
  XML-decoded: TestBean[id = 1, list = [1, 2, 3]]
;

The above test writes a TestBean with id 1 and list of integers (1,2,3) to a file named "out" then reads it back in using object serialization first then XML encoding. The output above represents a successful test result.

To demonstrate the failure on Java 6:

; rm /usr/java
; ln -s /usr/jdk/jdk1.6.0 /usr/java
; java -version
java version "1.6.0-rc"
Java(TM) SE Runtime Environment (build 1.6.0-rc-b100)
Java HotSpot(TM) Server VM (build 1.6.0-rc-b100, mixed mode)

Then re-compile and re-run the attached TestBean.java in another window as non-root:

; javac TestBean.java
; java TestBean out
  serialized: TestBean[id = 1, list = [1, 2, 3]]
  deserialized: TestBean[id = 1, list = [1, 2, 3]]
  XML-encoded: TestBean[id = 1, list = [1, 2, 3]]
java.lang.NoSuchMethodException: TestBean.getId
Continuing ...
java.lang.InstantiationException: java.util.Collections$UnmodifiableRandomAccessList
Continuing ...
java.lang.Exception: XMLEncoder: discarding statement XMLEncoder.writeObject(TestBean);
Continuing ...
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 0
        at com.sun.beans.ObjectHandler.dequeueResult(ObjectHandler.java:139)
        at java.beans.XMLDecoder.readObject(XMLDecoder.java:201)
        at TestBean.performBeanTest(TestBean.java:203)
        at TestBean.main(TestBean.java:243)

In Java 6, the "id" property no longer maps to the public getID() method:

            BeanInfo info = Introspector.getBeanInfo(TestBean.class);
            PersistenceDelegate persistenceDelegate =
                    new DefaultPersistenceDelegate(
                    new String[] {"id", "list"});
...
    public int
    getID()
    {
        return id;
    }

This problem is fixed by changing the spelling of the "id" property to "iD":

            PersistenceDelegate persistenceDelegate =
                    new DefaultPersistenceDelegate(
                    new String[] {"iD", "list"});

Still, this is inconsistent with the behavior of Java 5 and breaks existing classes in the Java DTrace library (source in ON gate: http://onnv/):

    /usr/src/lib/libdtrace_jni/java/src/org/opensolaris/os/dtrace/Aggregation.java
    /usr/src/lib/libdtrace_jni/java/src/org/opensolaris/os/dtrace/ProbeDescription.java

Since the TestBean class is immutable, the getList() method returns an immutable view of its internal list member:

    public List <Integer>
    getList()
    {
        return Collections. <Integer> unmodifiableList(list);
    }

In Java 5, the list property returned by this method is successfully encoded and decoded using XMLEncoder and XMLDecoder, but not in Java 6. This breaks another existing class in the Java DTrace API:

    /usr/src/lib/libdtrace_jni/java/src/org/opensolaris/os/dtrace/PrintfRecord.java
Comments
EVALUATION This is regression after the fix of the bug 4741757. Old version of DefaultPersistenceDelegate uses private fields instead properties. We should not rollback the fix by security reason, but we should solve 2 problems here: 1. Illegal property name "public int getID()" means that property name is "ID" (not "id"). So user should follow the JavaBeans specification (section 8.8). We can try to create a hack but it is a bad idea. 2. Persistence for private classes like Collections.UnmodifiableList We can create custom persistence delegates for classes in Collections, but we can't create common solution for all such classes. The field access (that was removed by the fix of the bug 4741757) can't fix this problem, because it is possible to create user's bean with unmodifiable list.
29-01-2007