The constructor for ObjectInputStream reads some header
information from the serialized stream, and if the stream doesn't contain this
header information you could easily get an EOFException. This is what I do in
my service() method:
public void service(ServletRequest request, ServletResponse response)
throws ServletException, IOException {
if ( request.getContentLength() > 0 &&
"application/octet-stream".equals(request.getContentType())) {
ObjectInputStream inputStream =
new ObjectInputStream(request.getInputStream());
even this only provides limited protection.
扫一扫
244
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
