On Fri, 28 Jan 2022 21:02:23 GMT, Roger Riggs <rri...@openjdk.org> wrote:
> During deserialization of a serialized data stream that contains a proxy > descriptor with non-public interfaces > `java.io.ObjectInputStream` checks that the interfaces can be loaded from a > single classloader in `ObjectInputStream.resolveProxyClass`. > If the interfaces cannot be loaded from a single classloader, an > `IllegalAccessError` is thrown. > When `ObjectInputStream.readObject` encounters this case, it reflects an > incompatibility > between the classloaders of the source of the serialized stream and the > classloader being used for deserialization. > When a proxy object cannot be created from the interfaces, > `ObjectInputStream.readObject` should catch > the `InvalidAccessError` and throw `InvalidObjectException` with the > `InvalidAccessError` as the cause. > This allows the application to handle the exception consistently with other > errors during deserialization. `readProxyDesc` throws a mix of `InvalidClassException` and `InvalidObjectException`. I'm not close to the spec of this area and let others to comment which one would be appropriate for this case. In general, wrapping IAE with an existing exception is a reasonable solution. IMO, it'd be helpful to clarify this in the javadoc and document this specific exception. ------------- PR: https://git.openjdk.java.net/jdk/pull/7274
