Menu
I've got a sonar plugin to Eclipse, and it's giving me a
Make this value-based field transient so it is not included in the serialization of this class
on a LocalDateTime object. What I do not get is, LocalDateTime is definitely serializable. Here's the class
public final class LocalDateTime
implements Temporal, TemporalAdjuster, ChronoLocalDateTime<LocalDate>, Serializable {
Anyone have any ideas? Do I just not understand what transient means? Normally I wouldn't pay much attention, but I'm weirdly able to serialize it in a Get request, but not deserialize it in a post request and I'm wondering if it's related to this.
619
If you don't want to serialize otherProperties , then the field should be marked as transient : private transient Map<String, Object> otherProperties; Otherwise, you can change the type of otherProperties to an implementation of Map that implements Serializable , such as HashMap .
It'll throw a NotSerializableException when you try to Serialize it. To avoid that, make that field a transient field.
At the time of serialization, if you don't want to save the value of a particular variable in a file, then use the transient keyword. transient private <member variable>; In case you define any data member as transient, it will not be serialized. This is because every field marked as transient will not be serialized.
the non-serializable field's Class must have an API to allow getting it's state (for writing to the object stream) and then instantiating a new instance with that state (when later reading from the object stream.)
At the time of serialization, if we don’t want to save value of a particular variable in a file, then we use transient keyword. When JVM comes across transient keyword, it ignores original value of the variable and save default value of that variable data type.
However there is no compilation error. transient and final : final variables are directly serialized by their values, so there is no use/impact of declaring final variable as transient. There is no compile-time error though.
It implements the ChronoLocalDateTime interface and inherits the object class. Wherever we need to represent time without a timezone reference, we can use the LocalDateTime instances.
It is good habit to use transient keyword with private confidential fields of a class during serialization. transient and static : Since static fields are not part of state of the object, there is no use/impact of using transient keyword with static variables. However there is no compilation error.
According to Sonarsource rules explorer :
Fields in a Serializable class must themselves be either Serializable or transient even if the class is never explicitly serialized or deserialized. For instance, under load, most J2EE application frameworks flush objects to disk, and an allegedly Serializable object with non-transient, non-serializable data members could cause program crashes, and open the door to attackers. In general a Serializable class is expected to fulfil its contract and not have an unexpected behaviour when an instance is serialized.
However as you've said the LocalDateTime is serializable. This means that sometimes Sonar rules are not good (when using Hibernate with Objects that contains LocalDateTime which is Serializable).
One solution would be to use your own rules instead of Sonar default ones. Another one (this is a workaround more than a solution) would be to annotate your field with : @SuppressWarnings("squid:S3437")
109
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
