From d4be433a7685640dad0f6c3b74e0d63e9dc329c4 Mon Sep 17 00:00:00 2001 From: Mark Mielke Date: Wed, 8 Aug 2018 06:43:55 -0400 Subject: [PATCH] Fix HttpClient 4.5.4 regression in BasicCookieStore serialization. HttpClient 4.5.4 modified BasicCookieStore to introduce a new ReadWriteLock field to improve performance. Unfortunately this also changed the serialized data structure, and any objects serialized using HttpClient 4.5.3 and before would be unusable after restore in HttpClient 4.5.4 due to the new "lock" field being null. The fix is to change "lock" to be transient, and ensure it is correctly instantiated upon object restore. This restores compatibility with HttpClient 4.5.3, as well as maintaining compatible with the intermediate versions containing the regression. This also avoids unnecessary serialization of the new "lock" field, which does not need to be persisted. --- .../hc/client5/http/cookie/BasicCookieStore.java | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/cookie/BasicCookieStore.java b/httpclient5/src/main/java/org/apache/hc/client5/http/cookie/BasicCookieStore.java index b7874528a..6e1cea44c 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/cookie/BasicCookieStore.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/cookie/BasicCookieStore.java @@ -26,6 +26,8 @@ */ package org.apache.hc.client5.http.cookie; +import java.io.IOException; +import java.io.ObjectInputStream; import java.io.Serializable; import java.util.ArrayList; import java.util.Date; @@ -50,7 +52,7 @@ public class BasicCookieStore implements CookieStore, Serializable { private static final long serialVersionUID = -7581093305228232025L; private final TreeSet cookies; - private final ReadWriteLock lock; + private transient ReadWriteLock lock; public BasicCookieStore() { super(); @@ -58,6 +60,13 @@ public class BasicCookieStore implements CookieStore, Serializable { this.lock = new ReentrantReadWriteLock(); } + private void readObject(final ObjectInputStream stream) throws IOException, ClassNotFoundException { + stream.defaultReadObject(); + + /* Reinstantiate transient fields. */ + this.lock = new ReentrantReadWriteLock(); + } + /** * Adds an {@link Cookie HTTP cookie}, replacing any existing equivalent cookies. * If the given cookie has already expired it will not be added, but existing