Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring MVC - should my domain classes implement Serializable for over-the-wire transfer?

I'm trying to learn Spring Boot by implementing a simple REST API.

My understanding was that if I need to transfer an object over the wire, that object should implement Serializable.

In many examples on the net though, including official ones, domain classes that need to be transferred from server to client (or vice-versa) do not to implement Serializable.

For instance: https://spring.io/guides/gs/rest-service/

But in some cases, they do:

For instance: https://github.com/szerhusenBC/jwt-spring-security-demo/blob/master/src/main/java/org/zerhusen/security/JwtAuthenticationRequest.java

Is there a general rule of thumb on when to implement Serializable?

like image 939
glhr Avatar asked Jul 19 '16 11:07

glhr


People also ask

When should a class implements Serializable?

Implement the Serializable interface when you want to be able to convert an instance of a class into a series of bytes or when you think that a Serializable object might reference an instance of your class. Serializable classes are useful when you want to persist instances of them or send them over a wire.

Which classes should implement Serializable?

The Serializable interface must be implemented by the class whose object needs to be persisted. The String class and all the wrapper classes implement the java. io. Serializable interface by default.

Is it necessary to implement Serializable in entity?

If an entity instance is to be passed by value as a detached object (e.g., through a remote interface), the entity class must implement the Serializable interface. In practice, if our object is to leave the domain of the JVM, it'll require serialization. Each entity class consists of persistent fields and properties.

What will happen if we don't implement Serializable?

If our class does not implement Serializable interface, or if it is having a reference to a non- Serializable class, then the JVM will throw NotSerializableException . All transient and static fields do not get serialized.


1 Answers

To update this, advice about Serializable has changed, the recommendation currently seems to be Don’t use Serializable for anything.

Using the Java serialization API means you need something in Java on the other side of the wire to deserialize the objects, so you have to control the code that deserializes as well as the code that serializes.

This typically isn't relevant for REST applications, consuming the application response is the business of someone else's code, usually outside your organization. When building a REST application it's normal to try to avoid imposing limitations on what is consuming it, picking a format that is more technology-agnostic and broadly available.

Some reasons for having an object implement java.io.Serializable would be:

  • so you can put it in an HttpSession

  • so you can pass it across a network between parts of a distributed application

  • so you can save it to the file system and restore it later (for instance, you could make the contents of a queue serializable and have the queue contents saved when the application shuts down, reading from the save location when the application starts to restore the queue to its state on shutdown).

In all these cases, you serialize so you can save something to a filesystem or send it across a network.

like image 59
Nathan Hughes Avatar answered Sep 25 '22 01:09

Nathan Hughes