The type java.io.ObjectInputStream cannot be resolved. It is indirectly referenced from required .class files
I have downloaded Eclipse and tried to create a sample servlet program but I got following error
The type java.io.ObjectInputStream cannot be resolved. It is indirectly referenced from required .class files
I have configured build path correctly. I am using Java 8 and Apache Tomcat 7 and libraries for both are referenced correctly.
Problem is specifically for Java EE only. Ordinarily Java SE projects are running fine.
Answer
Something happened in Java 8 Update 91 that broke existing JSP code. That seems pretty clear. Here is a sample of similar questions and bug reports:
- Unable to compile JSP file with JDK1.8.0_92
- Spring MVC - Unable to compile class for JSP
- Unable to access CloudPlatform Client
- https://bugs.openjdk.java.net/browse/JDK-8155588 (closed as "not an issue")
- https://bugs.openjdk.java.net/browse/JDK-8155223 (closed as "not an issue")
- https://access.redhat.com/solutions/2294701
- https://alluxio.atlassian.net/browse/ALLUXIO-1956
- https://jira.atlassian.com/browse/CWD-4729
- https://community.exoplatform.com/portal/intranet/forum/topic/topic991e097d9e45345236bb2bd1920a4c68
- https://issues.apache.org/jira/browse/OOZIE-2533 (from a comment: "This is really looking like a JDK bug")
- https://bugzilla.redhat.com/show_bug.cgi?id=1337940 (comment 2 mentions the change to
java.io.ObjectInputStreamin Update 91 that "made it incompatible with RHEL6's current ECJ version") - https://github.com/mit-cml/appinventor-sources/issues/814
- https://community.oracle.com/thread/3953395
All these are about problems with Java 8 Update 91 (or later) that are not present when using earlier JRE/JDK versions.
The following OpenJDK changeset from 22 January 2016 appears to be related: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/32f64c19b5fb (commit message "8144430: Improve JMX connections"). The changeset seems to be related to this vulnerability, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3427, which is mentioned in a comment to this Red Hat bug report, https://bugzilla.redhat.com/show_bug.cgi?id=1336481.
The Update 91 release notes document mentions JDK-8144430 (non-public ticket): http://www.oracle.com/technetwork/java/javase/8u91-relnotes-2949462.html.
In "Oracle Critical Patch Update Advisory - April 2016", the CVE-2016-3427 vulnerability is mentioned: http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html.