On Fri, 28 Jan 2022 21:02:23 GMT, Roger Riggs <rri...@openjdk.org> wrote:
> During deserialization of a serialized data stream that contains a proxy > descriptor with non-public interfaces > `java.io.ObjectInputStream` checks that the interfaces can be loaded from a > single classloader in `ObjectInputStream.resolveProxyClass`. > If the interfaces cannot be loaded from a single classloader, an > `IllegalAccessError` is thrown. > When `ObjectInputStream.readObject` encounters this case, it reflects an > incompatibility > between the classloaders of the source of the serialized stream and the > classloader being used for deserialization. > When a proxy object cannot be created from the interfaces, > `ObjectInputStream.readObject` should catch > the `InvalidAccessError` and throw `InvalidObjectException` with the > `InvalidAccessError` as the cause. > This allows the application to handle the exception consistently with other > errors during deserialization. `ObjectInputStream::readObject` does not specify that `InvalidObjectException` may be thrown. Have you considered throwing `InvalidClassException` be an alternative? i.e. extend `InvalidClassException` to report failure in creating the proxy class during deserialization. ------------- PR: https://git.openjdk.java.net/jdk/pull/7274
