From 30b8c66cf796149cdce26061c5c88b0960569932 Mon Sep 17 00:00:00 2001 From: seonwoo_jung Date: Mon, 25 May 2026 12:14:35 +0900 Subject: [PATCH] Expose ClassLoader from DefaultDeserializer Add a public accessor for the ClassLoader configured on a DefaultDeserializer instance so that callers no longer need to read the private field via reflection in order to forward it to a ConfigurableObjectInputStream subclass. Closes gh-36827 Signed-off-by: seonwoo_jung --- .../core/serializer/DefaultDeserializer.java | 11 +++++++++++ .../core/serializer/SerializerTests.java | 11 +++++++++++ 2 files changed, 22 insertions(+) diff --git a/spring-core/src/main/java/org/springframework/core/serializer/DefaultDeserializer.java b/spring-core/src/main/java/org/springframework/core/serializer/DefaultDeserializer.java index 1e0f0fe94291..f183c95b353d 100644 --- a/spring-core/src/main/java/org/springframework/core/serializer/DefaultDeserializer.java +++ b/spring-core/src/main/java/org/springframework/core/serializer/DefaultDeserializer.java @@ -59,6 +59,17 @@ public DefaultDeserializer(@Nullable ClassLoader classLoader) { } + /** + * Return the {@link ClassLoader} to use for deserialization, or {@code null} + * to use the "latest user-defined ClassLoader" of {@link ObjectInputStream}. + * @since 7.1 + * @see ConfigurableObjectInputStream#ConfigurableObjectInputStream(InputStream, ClassLoader) + */ + public @Nullable ClassLoader getClassLoader() { + return this.classLoader; + } + + /** * Read from the supplied {@code InputStream} and deserialize the contents * into an object. diff --git a/spring-core/src/test/java/org/springframework/core/serializer/SerializerTests.java b/spring-core/src/test/java/org/springframework/core/serializer/SerializerTests.java index d3960c4f0ff7..26963d069da7 100644 --- a/spring-core/src/test/java/org/springframework/core/serializer/SerializerTests.java +++ b/spring-core/src/test/java/org/springframework/core/serializer/SerializerTests.java @@ -78,6 +78,17 @@ public String deserialize(InputStream inputStream) { assertThat(deserializer.expectedInputStream).isNotNull(); } + @Test + void defaultDeserializerExposesNullClassLoaderByDefault() { + assertThat(new DefaultDeserializer().getClassLoader()).isNull(); + } + + @Test + void defaultDeserializerExposesConfiguredClassLoader() { + ClassLoader classLoader = getClass().getClassLoader(); + assertThat(new DefaultDeserializer(classLoader).getClassLoader()).isSameAs(classLoader); + } + @Test void serializationDelegateWithExplicitSerializerAndDeserializer() throws IOException { SerializationDelegate delegate = new SerializationDelegate(new DefaultSerializer(), new DefaultDeserializer());