FileBasedStateRepository uses the wrong classloader for deserialization #1785
Description
When we deserialize what could potentially be user classes we should make sure to use the cache (or cache managers) classloader otherwise we may not be able to access all the necessary classes. The FileBasedStateRepository does not do this and could be deserializing classes that belong to the user (depending on what the consuming service is doing). This type should probably use the following loaders in order: TCCL, Cache/CacheManager Loader, "Latest User Defined ClassLoader".