[Java] Skip toString in annotation invocation handler readObject (#922)

* Use fury serialization to avoid AnnotationInvocationHandler#readObject

* Use fury serialization to avoid AnnotationInvocationHandler#readObject

Author: chaokunyang

java/fury-core/src/main/java/io/fury/resolver/ClassResolver.java

@@ -541,6 +541,13 @@ public static boolean requireJavaSerialization(Class<?> clz) {
     if (Externalizable.class.isAssignableFrom(clz)) {
       return false;
     } else {
+      // `AnnotationInvocationHandler#readObject` may invoke `toString` of object, which may be
+      // risky.
+      // For example, JsonObject#toString may invoke `getter`.
+      // Use fury serialization to avoid this.
+      if ("sun.reflect.annotation.AnnotationInvocationHandler".equals(clz.getName())) {
+        return false;
+      }
       return JavaSerializer.getReadObjectMethod(clz) != null
           || JavaSerializer.getWriteObjectMethod(clz) != null;
     }