JDK-8366002 : Beans.instantiate needs to describe the lookup procedure
  • Type: Bug
  • Component: client-libs
  • Sub-Component: java.beans
  • Affected Version: 26
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2025-08-22
  • Updated: 2025-10-13
  • Resolved: 2025-10-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 26
26 b19Fixed
Related Reports
CSR :  
JDK-8366018 - Beans.instantiate needs to describe the lookup procedure
Causes :  
JDK-8359058 - Implement JEP 504 - Remove the Applet API
Description
The current Beans.instantiate specification lacks an explicit description of a behavior that existed in previous versions. Historically, the specification stated:

"In Beans 1.0 the given name can indicate either a serialized object or a class. Other mechanisms may be added in the future. In Beans 1.0 we first try to treat the beanName as a serialized object name, then as a class name..."

This explanation was previously included in the now-deleted instantiate method (Object instantiate(ClassLoader cls, String beanName, BeanContext beanContext, AppletInitializer initializer)
 ). Without it, it is unclear that Beans.instantiate will attempt to load a serialized bean before creating an object from the specified class.

However, the current specification only mentions that ClassNotFoundException is thrown if the class of a serialized object cannot be found, which hints at serialized loading but does not describe the mechanism or order explicitly.

Impact:

other implementations may assume the method simply creates an object from the specified class, leading to potential misunderstandings.

Request:

Update the specification to make the serialized object loading behavior of Beans.instantiate explicit. 

"In Beans 1.0 the given name can indicate either a serialized object or a class. Other mechanisms may be added in the future. In Beans 1.0 we first try to treat the beanName as a serialized object name, then as a class name..."
Comments
Changeset: 6bfd018b Branch: master Author: Phil Race <prr@openjdk.org> Date: 2025-10-07 19:08:22 +0000 URL: https://git.openjdk.org/jdk/commit/6bfd018beaf187940ebafc71885045b4aabca673
07-10-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/26905 Date: 2025-08-22 17:39:10 +0000
22-08-2025
Yes, it seems that the 3-4 sentences about looking a serialized object first, etc, existed only on this method. Nowhere else in the beans spec. I suspect it is because the Applet method had the actual implementation that did this. I just can move it up to the next method which now has this and we'll be as we were before. But I think we can drop the " Other mechanisms may be added in the future. " part.
22-08-2025