2

Short question: how to discover the serialVersionUID of Objects that are in serialized form.

Detail: I have some serialized versions of Objects in a session database for a web application. For some of these objects, I failed to specify a serialVersionUID in the source code so the JVM created one for me. I want to discover what the serialVersionUID of the saved Objects are so that I can hard code it in my source files.

I have easy access to read the serialized data. I've already gone through and deleted the (old) sessions that won't read with the current versions of my code, so I know that every serialized object matches the current codebase.

Improve this question
2

2 Answers 2

Reset to default
3

Since you have the data, you can simply look at the eight octets following the class name in the stream as indicated by the grammar for Java Serialization

00000000: aced 0005 7372 0003 466f 6f00 0000 0000  ....sr..Foo.....
00000010: 0000 0102 0001 4c00 066d 794e 616d 6574  ......L..myNamet
00000020: 0012 4c6a 6176 612f 6c61 6e67 2f53 7472  ..Ljava/lang/Str
00000030: 696e 673b 7870 7400 044a 6f68 6e         ing;xpt..John

The name of the class above is "Foo" (no package), and the serialVersionUID is 1L. Here's another example:

00000000: aced 0005 7372 0011 7374 6163 6b6f 7665  ....sr..stackove
00000010: 7266 6c6f 772e 466f 6fff ffff ffff 7e3c  rflow.Foo.....~<
00000020: 1802 0001 4c00 066d 794e 616d 6574 0012  ....L..myNamet..
00000030: 4c6a 6176 612f 6c61 6e67 2f53 7472 696e  Ljava/lang/Strin
00000040: 673b 7870 7400 044a 6f68 6e              g;xpt..John

The classname is stackoverflow.Foo. The serialVersionUID is 0xff7e3c18 as noted by this sequence of octets:

ff ffff fffff 7e3c 18

Now all you have to do is look at the file format to find out where your object is in each case and read the serialVersionUID that immediately follows the className in the grammar linked above.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

What worked for me is to use ObjectStreamClass.lookup(class).

I run a method that de-serializes all of the session objects in my database. Then I run ObjectStreamClass.lookup() on each class that I am interested in. It gives me a ObjectStreamClass object for the class. A ObjectStreamClass object contains the class name and the serialVersionUID.

I'll take the output of that and modify my source files accordingly.

Improve this answer

4 Comments

Is the code for the classes still the same as it was for the all of the serialized instances in your database?
If the class actually changed, then the ObjectStreamClass.lookup() can throw java.io.InvalidClassException if the class actually changed. If it's not changed, then there's no point in doing any of this; just use serialver package.Class. How are you getting the class to pass to lookup()?
ObjectStreamClass.lookup() worked fine for me. To get the list of classes I just massaged a list of filenames from the package that I know has the code w/o the explicit serialVersionUID.
Yes, that will work if you have the source code (or old compiled classes.)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.