diff --git a/src/java.base/share/classes/java/io/ObjectInputStream.java b/src/java.base/share/classes/java/io/ObjectInputStream.java index a47d2d5a325..daed5f3cce5 100644 --- a/src/java.base/share/classes/java/io/ObjectInputStream.java +++ b/src/java.base/share/classes/java/io/ObjectInputStream.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -255,14 +255,6 @@ public class ObjectInputStream private static final Object unsharedMarker = new Object(); private static class Caches { - /** cache of subclass security audit results */ - static final ClassValue subclassAudits = - new ClassValue<>() { - @Override - protected Boolean computeValue(Class type) { - return auditSubclass(type); - } - }; /** * Property to permit setting a filter after objects @@ -1544,31 +1536,6 @@ public class ObjectInputStream public abstract Object get(String name, Object val) throws IOException, ClassNotFoundException; } - /** - * Performs reflective checks on given subclass to verify that it doesn't - * override security-sensitive non-final methods. Returns TRUE if subclass - * is "safe", FALSE otherwise. - */ - private static Boolean auditSubclass(Class subcl) { - for (Class cl = subcl; - cl != ObjectInputStream.class; - cl = cl.getSuperclass()) - { - try { - cl.getDeclaredMethod( - "readUnshared", (Class[]) null); - return Boolean.FALSE; - } catch (NoSuchMethodException ex) { - } - try { - cl.getDeclaredMethod("readFields", (Class[]) null); - return Boolean.FALSE; - } catch (NoSuchMethodException ex) { - } - } - return Boolean.TRUE; - } - /** * Clears internal data structures. */ diff --git a/src/java.base/share/classes/java/io/ObjectOutputStream.java b/src/java.base/share/classes/java/io/ObjectOutputStream.java index 71bda09bd8c..31413bcf8ed 100644 --- a/src/java.base/share/classes/java/io/ObjectOutputStream.java +++ b/src/java.base/share/classes/java/io/ObjectOutputStream.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2024, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2025, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2024, Alibaba Group Holding Limited. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * @@ -174,17 +174,6 @@ public class ObjectOutputStream { private static final JavaLangAccess JLA = SharedSecrets.getJavaLangAccess(); - private static class Caches { - /** cache of subclass security audit results */ - static final ClassValue subclassAudits = - new ClassValue<>() { - @Override - protected Boolean computeValue(Class type) { - return auditSubclass(type); - } - }; - } - /** filter stream for handling block data conversion */ private final BlockDataOutputStream bout; /** obj -> wire handle map */ @@ -1003,31 +992,6 @@ public class ObjectOutputStream } } - /** - * Performs reflective checks on given subclass to verify that it doesn't - * override security-sensitive non-final methods. Returns TRUE if subclass - * is "safe", FALSE otherwise. - */ - private static Boolean auditSubclass(Class subcl) { - for (Class cl = subcl; - cl != ObjectOutputStream.class; - cl = cl.getSuperclass()) - { - try { - cl.getDeclaredMethod( - "writeUnshared", new Class[] { Object.class }); - return Boolean.FALSE; - } catch (NoSuchMethodException ex) { - } - try { - cl.getDeclaredMethod("putFields", (Class[]) null); - return Boolean.FALSE; - } catch (NoSuchMethodException ex) { - } - } - return Boolean.TRUE; - } - /** * Clears internal data structures. */