igniterealtime · guusdk · Dec 7, 2021
diff --git a/changelog.html b/changelog.html
@@ -54,6 +54,7 @@ <h1>
     <li>[<a href='https://github.com/igniterealtime/openfire-hazelcast-plugin/issues/71'>Issue #71</a>] - Send member joined notification across the cluster on clustering start</li>
     <li>[<a href='https://github.com/igniterealtime/openfire-hazelcast-plugin/issues/74'>Issue #74</a>] - Warn against usage of plugin-provided classes in Hazelcast</li>
     <li>[<a href='https://github.com/igniterealtime/openfire-hazelcast-plugin/issues/76'>Issue #76</a>] - Finish leftCluster handling before invoking joinCluster handlers</li>
+    <li>[<a href='https://github.com/igniterealtime/openfire-hazelcast-plugin/issues/81'>Issue #81</a>] - ClusterExternalizableUtil should not ignore provided ClassLoader instances</li>
 </ul>
 
 <p><b>2.5.1</b> -- September 29, 2021.</p>

diff --git a/src/java/org/jivesoftware/openfire/plugin/util/cache/ClusterExternalizableUtil.java b/src/java/org/jivesoftware/openfire/plugin/util/cache/ClusterExternalizableUtil.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2009 Jive Software. All rights reserved.
+ * Copyright (C) 2004-2009 Jive Software, 2020-2021 Ignite Realtime Foundation. All rights reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,10 @@
 
 package org.jivesoftware.openfire.plugin.util.cache;
 
+import com.hazelcast.core.HazelcastInstance;
+import org.jivesoftware.util.cache.ExternalizableUtilStrategy;
+
+import javax.annotation.Nullable;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.DataInput;
@@ -33,10 +37,6 @@
 import java.util.Map;
 import java.util.Set;
 
-import org.jivesoftware.util.cache.ExternalizableUtilStrategy;
-
-import com.hazelcast.core.HazelcastInstance;
-
 /**
  * Serialization strategy that uses Hazelcast as its underlying mechanism.
  *
@@ -251,7 +251,7 @@ public void writeSerializableCollection(DataOutput out, Collection<? extends Ser
      * @return the number of elements added to the collection.
      */
     public int readExternalizableCollection(DataInput in, Collection<? extends Externalizable> value, ClassLoader loader) throws IOException {
-        Collection<Externalizable> result = (Collection<Externalizable>) readObject(in);
+        Collection<Externalizable> result = (Collection<Externalizable>) readObject(loader, in);
         if (result == null) return 0;
         ((Collection<Externalizable>)value).addAll(result);
         return result.size();
@@ -268,7 +268,7 @@ public int readExternalizableCollection(DataInput in, Collection<? extends Exter
      * @return the number of elements added to the collection.
      */
     public int readSerializableCollection(DataInput in, Collection<? extends Serializable> value, ClassLoader loader) throws IOException {
-        Collection<Serializable> result = (Collection<Serializable>) readObject(in);
+        Collection<Serializable> result = (Collection<Serializable>) readObject(loader, in);
         if (result == null) return 0;
         ((Collection<Serializable>)value).addAll(result);
         return result.size();
@@ -309,7 +309,7 @@ public void writeSerializableMap(DataOutput out, Map<? extends Serializable, ? e
      * @return the number of elements added to the collection.
      */
     public int readExternalizableMap(DataInput in, Map<String, ? extends Externalizable> map, ClassLoader loader) throws IOException {
-        Map<String, Externalizable> result = (Map<String, Externalizable>) readObject(in);
+        Map<String, Externalizable> result = (Map<String, Externalizable>) readObject(loader, in);
         if (result == null) return 0;
         ((Map<String, Externalizable>)map).putAll(result);
         return result.size();
@@ -326,7 +326,7 @@ public int readExternalizableMap(DataInput in, Map<String, ? extends Externaliza
      * @return the number of elements added to the collection.
      */
     public int readSerializableMap(DataInput in, Map<? extends Serializable, ? extends Serializable> map, ClassLoader loader) throws IOException {
-        Map<String, Serializable> result = (Map<String, Serializable>) readObject(in);
+        Map<String, Serializable> result = (Map<String, Serializable>) readObject(loader, in);
         if (result == null) return 0;
         ((Map<String, Serializable>)map).putAll(result);
         return result.size();
@@ -388,6 +388,10 @@ public static void writeObject(DataOutput out, Object obj) throws IOException {
     }
 
     public static Object readObject(DataInput in) throws IOException {
+        return readObject(null, in);
+    }
+
+    public static Object readObject(ClassLoader classLoader, DataInput in) throws IOException {
         byte type = in.readByte();
         if (type == 0) {
             return null;
@@ -413,7 +417,7 @@ public static Object readObject(DataInput in) throws IOException {
             int len = in.readInt();
             byte[] buf = new byte[len];
             in.readFully(buf);
-            ObjectInputStream oin = newObjectInputStream(new ByteArrayInputStream(buf));
+            ObjectInputStream oin = newObjectInputStream(classLoader, new ByteArrayInputStream(buf));
             try {
                 return oin.readObject();
             } catch (ClassNotFoundException e) {
@@ -425,7 +429,16 @@ public static Object readObject(DataInput in) throws IOException {
             throw new IOException("Unknown object type=" + type);
         }
     }
-
+
+    public static ObjectInputStream newObjectInputStream(@Nullable final ClassLoader classLoader, final InputStream in) throws IOException {
+        return new ObjectInputStream(in) {
+            @Override
+            protected Class<?> resolveClass(final ObjectStreamClass desc) throws ClassNotFoundException {
+                return loadClass(classLoader, desc.getName());
+            }
+        };
+    }
+
     public static ObjectInputStream newObjectInputStream(final InputStream in) throws IOException {
         return new ObjectInputStream(in) {
             @Override
@@ -439,7 +452,7 @@ public static Class<?> loadClass(final String className) throws ClassNotFoundExc
         return loadClass(null, className);
     }
 
-    public static Class<?> loadClass(final ClassLoader classLoader, final String className) throws ClassNotFoundException {
+    public static Class<?> loadClass(@Nullable final ClassLoader classLoader, final String className) throws ClassNotFoundException {
         if (className == null) {
             throw new IllegalArgumentException("ClassName cannot be null!");
         }