我正在嘗試通過使用 Apache API ValidatingObjectInputStream 來構建針對 Java 反序列化漏洞的防御。但它因以下異常而失敗，并且不確定這里可能缺少什么：Object has been serializedIOException is caughtjava.io.StreamCorruptedException: invalid stream header: 74000732    at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:863)    at java.io.ObjectInputStream.<init>(ObjectInputStream.java:355)    at org.apache.commons.io.serialization.ValidatingObjectInputStream.<init>(ValidatingObjectInputStream.java:59)    at com.apple.ctbdp.controller.Test.deSerialize(Test.java:44)    at com.apple.ctbdp.controller.Test.main(Test.java:28)測試.javaclass Test {    public static void main(String[] args) {        String object = new String("2323232");        String filename = "file.ser";        serialize(object, filename);        deSerialize(filename);    }    private static void deSerialize(String filename) {        String object1 = null;        try {            // Reading the object from a file            FileInputStream fis = new FileInputStream(filename);            ObjectInputStream in = new ObjectInputStream(fis);            final ValidatingObjectInputStream objectInStream = new ValidatingObjectInputStream(fis);            objectInStream.accept(String.class);            // Method for deserialization of object            object1 = (String) objectInStream.readObject();            in.close();            fis.close();            System.out.println("Object has been deserialized ");            System.out.println("Test.deSerialize() " + object1);        }        catch (IOException ex) {            ex.printStackTrace();            System.out.println("IOException is caught");        }        catch (ClassNotFoundException ex) {            System.out.println("ClassNotFoundException is caught");        }    }感謝您在這方面的提示/建議。