Summary

Exception changed to InvalidClassException from IllegalAccessError in ObjectInputStream.readObject if a proxy descriptor includes private interfaces that cannot be loaded from a single classloader.

Problem

During deserialization of a serialized data stream that contains a proxy descriptor with non-public interfaces, ObjectInputStream checks that the interfaces can be loaded from a single classloader in ObjectInputStream.resolveProxyClass. If the interfaces cannot be loaded from a single classloader, a java.lang.IllegalAccessError is thrown.

When ObjectInputStream.readObject encounters this case, it reflects an incompatibility between the classloaders of the source of the serialized stream and the classloader being used for deserialization.

The IllegalAccessError is not expected by callers of ObjectInputStream.readObject.

Solution

When a proxy object cannot be created from the interfaces, ObjectInputStream.readObject should throw java.io.InvalidClassException with the java.lang.IllegalAccessError as the cause. This allows the application to handle the exception similarly to other exceptions during deserialization.

Specification

The specification of ObjectInputStream.readObject includes the possibility of throwing InvalidClassException if there is something wrong with a class used by deserialization. The implementation of readObject is modified to catch java.lang.IllegalAccessError and throw a java.io.InvalidClassException with the error as its cause.

The behavior of ObjectInputStream.resolveProxyClass possibly throwing IllegalAccessError is not changed.