So, I recently upgraded from Java 8 and Wildfly 26 to Java 21 and Wildfly 38. Everything seemed fine… except for some weird stack traces that appeared a few times a day:
Caused by: java.io.InvalidClassException: filter status: REJECTED
at java.base/java.io.ObjectInputStream.filterCheck(ObjectInputStream.java:1439)
at java.base/java.io.ObjectInputStream.checkArray(ObjectInputStream.java:1466)
at java.base/java.util.ArrayList.readObject(ArrayList.java:976)
at org.jboss.marshalling@2.2.3.Final//org.jboss.marshalling.reflect.SerMethods.callReadObject(SerMethods.java:83)This exception comes from Java’s deserialization filtering, introduced in newer Java versions and enforced more strictly in JDK 21. WildFly 38 may also have tightened its own deserialization filters. I tried to find a common root cause of the calls, and it turns out they all involve large result sets (list and maps) travelling through an EJB call. They were probably hitting the JDK default limits, which explains the error:
maxdepth=20;maxrefs=10000;maxbytes=10485760I generally hate deviating from default settings, so I first tried reducing the amount of data traveling in the affected remote EJB calls… it worked.
Lessons learned: It’s better not to send large amounts of data through remote EJB calls just to sort and filter it on the other side… but back then, that was how it was done.