dubbo-serialization/dubbo-serialization-fastjson2/src/main/java/org/apache/dubbo/common/serialize/fastjson2/FastJson2ObjectInput.java [111:145]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        updateClassLoaderIfNeed();
        int length = readLength();
        byte[] bytes = new byte[length];
        int read = is.read(bytes, 0, length);
        if (read != length) {
            throw new IllegalArgumentException(
                    "deserialize failed. expected read length: " + length + " but actual read: " + read);
        }
        Fastjson2SecurityManager.Handler securityFilter = fastjson2SecurityManager.getSecurityFilter();
        T result;
        if (securityFilter.isCheckSerializable()) {
            result = JSONB.parseObject(
                    bytes,
                    cls,
                    securityFilter,
                    JSONReader.Feature.UseDefaultConstructorAsPossible,
                    JSONReader.Feature.ErrorOnNoneSerializable,
                    JSONReader.Feature.IgnoreAutoTypeNotMatch,
                    JSONReader.Feature.UseNativeObject,
                    JSONReader.Feature.FieldBased);
        } else {
            result = JSONB.parseObject(
                    bytes,
                    cls,
                    securityFilter,
                    JSONReader.Feature.UseDefaultConstructorAsPossible,
                    JSONReader.Feature.UseNativeObject,
                    JSONReader.Feature.IgnoreAutoTypeNotMatch,
                    JSONReader.Feature.FieldBased);
        }
        if (result != null && cls != null && !ClassUtils.isMatch(result.getClass(), cls)) {
            throw new IllegalArgumentException(
                    "deserialize failed. expected class: " + cls + " but actual class: " + result.getClass());
        }
        return result;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



dubbo-serialization/dubbo-serialization-fastjson2/src/main/java/org/apache/dubbo/common/serialize/fastjson2/FastJson2ObjectInput.java [150:184]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        updateClassLoaderIfNeed();
        int length = readLength();
        byte[] bytes = new byte[length];
        int read = is.read(bytes, 0, length);
        if (read != length) {
            throw new IllegalArgumentException(
                    "deserialize failed. expected read length: " + length + " but actual read: " + read);
        }
        Fastjson2SecurityManager.Handler securityFilter = fastjson2SecurityManager.getSecurityFilter();
        T result;
        if (securityFilter.isCheckSerializable()) {
            result = JSONB.parseObject(
                    bytes,
                    cls,
                    securityFilter,
                    JSONReader.Feature.UseDefaultConstructorAsPossible,
                    JSONReader.Feature.ErrorOnNoneSerializable,
                    JSONReader.Feature.IgnoreAutoTypeNotMatch,
                    JSONReader.Feature.UseNativeObject,
                    JSONReader.Feature.FieldBased);
        } else {
            result = JSONB.parseObject(
                    bytes,
                    cls,
                    securityFilter,
                    JSONReader.Feature.UseDefaultConstructorAsPossible,
                    JSONReader.Feature.UseNativeObject,
                    JSONReader.Feature.IgnoreAutoTypeNotMatch,
                    JSONReader.Feature.FieldBased);
        }
        if (result != null && cls != null && !ClassUtils.isMatch(result.getClass(), cls)) {
            throw new IllegalArgumentException(
                    "deserialize failed. expected class: " + cls + " but actual class: " + result.getClass());
        }
        return result;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -