Is implementing java.io.Serializable even in simple POJO Java classes a best practice?
In general, is it a best practice to have simple POJO Java classes implement java.io.Serializable?
Asked by: Ada793 | Posted: 28-01-2022
Answer 1
Generally not. Joshua Bloch says to implement Serializable judiciously. A summary of drawbacks that he describes:
- decreases flexibility of changing class implementation later - the serialized form is part of the class's API
- makes some bugs and security holes more likely - an attacker can access class internals within the serialized byte stream
- increases test burden - now you have to test serialization!
- burdens authors of subclasses - they have to make their subclasses Serializable too
Of course, sometimes you need a POJO to implement Serializable, say for RMI, but if the need isn't there, your code will be simpler and more secure without it.
Answered by: Patrick880 | Posted: 01-03-2022Answer 2
Only if you need to be able to serialise them. It's not worth the effort otherwise.
Answered by: Edgar627 | Posted: 01-03-2022Answer 3
It depends more on the needs. In the context of web applications, some web servers (eg. Tomcat 6) even make it mandatory to serialize the classes whose objects we store in sessions.
Answered by: Charlie108 | Posted: 01-03-2022Answer 4
One thing I've done to address the fact that the serialized form is not backwards compatible (say when dynamically reloading a class on a running system), is load the fields I want to save into a hashmap and then serializing that. That way, I can always deserialize in the data, even if there are missing fields. You might have to provide defaults for missing keys, but it's better than messing up field order.
Answered by: Darcy846 | Posted: 01-03-2022Similar questions
serialization - Using java.io.Serializable when implementing a tree?
I have ANOTHER serialization question, but this time it is in regards to Java's native serialization import when serializing to binary. I have to serialize a random tree that is generated in another java file. I know how serialization and deserialization works, but the example I followed when using binary serialization with java.io.Serializable did not work in the same fashion as when I did it with, say a simple object. ...
serialization - Using java.io.Serializable when implementing a tree?
I have ANOTHER serialization question, but this time it is in regards to Java's native serialization import when serializing to binary. I have to serialize a random tree that is generated in another java file. I know how serialization and deserialization works, but the example I followed when using binary serialization with java.io.Serializable did not work in the same fashion as when I did it with, say a simple object. ...
serialization - Using java.io.Serializable when implementing a tree?
I have ANOTHER serialization question, but this time it is in regards to Java's native serialization import when serializing to binary. I have to serialize a random tree that is generated in another java file. I know how serialization and deserialization works, but the example I followed when using binary serialization with java.io.Serializable did not work in the same fashion as when I did it with, say a simple object. ...
Still can't find your answer? Check out these amazing Java communities for help...
Java Reddit Community | Java Help Reddit Community | Dev.to Java Community | Java Discord | Java Programmers (Facebook) | Java developers (Facebook)