Fields in a "Serializable" class should either be transient or serializable
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Fields in a "Serializable" class should either be transient or serializable相关的知识,希望对你有一定的参考价值。
Fields in a Serializable class must themselves be either Serializable or transient even if the class is never explicitly serialized or deserialized. That‘s because under load, most J2EE application frameworks flush objects to disk, and an allegedly Serializable object with non-transient, non-serializable data members could cause program crashes, and open the door to attackers.
This rule raises an issue on non-Serializable fields, and on collection fields when they are not private (because they could be assigned non-Serializable values externally), and when they are assigned non-Serializable types within the class.
Noncompliant Code Example
public class Address {
//...
}
public class Person implements Serializable {
private static final long serialVersionUID = 1905122041950251207L;
private String name;
private Address address; // Noncompliant; Address isn‘t serializable
}
Exceptions
The alternative to making all members serializable or transient is to implement special methods which take on the responsibility of properly serializing and de-serializing the object. This rule ignores classes which implement the following methods:
private void writeObject(java.io.ObjectOutputStream out)
throws IOException
private void readObject(java.io.ObjectInputStream in)
throws IOException, ClassNotFoundException;以上是关于Fields in a "Serializable" class should either be transient or serializable的主要内容,如果未能解决你的问题,请参考以下文章
pandasError tokenizing data. C error: Expected 6 fields in line 3, saw 9
ES关键字排序报错 reason=Fielddata is disabled on text fields by default. Set fielddata=true on 关键字 in order
如何在 MYSQL 查询中将“LIKE”与“IN”结合起来?