Java serialization is the conversion from objects to byte streams for storage or transmission. And later, java deserialization is the reverse conversion, it reconstructs objects from byte streams.
To make a java class serializable, this class should implement the java.io.Serializable
interface directly or through its
inheritance.
import java.io.Serializable; public class NonSerializableClass { } public class SerializableClass implements Serializable { } public class OtherSerializableClass extends SerializableClass { // is also serializable because it is a subtype of Serializable }
Given a serializable class, it is important to note that not all its superclasses are serializable. Eventually, its superclasses stop implementing
java.io.Serializable
. It could be at the end, once reaching the java.lang.Object
class, or before.
This is important because the serialization/deserialization runs through the class hierarchy of an object to decide which object fields to write or read, and applies two different logics:
So developers should pay particular attention to the non-serializable classes in the class hierarchy, because the presence of an implicit or explicit no-argument constructor is required in those classes.
This is an example of mandatory no-argument constructors in the hierarchy of SerializableClass
:
public class NonSerializableClassWithoutConstructor { // after deserialization, "field1" will always be set to 42 private int field1 = 42; // this non-serializable class has an implicit no-argument constructor } public class NonSerializableClass extends NonSerializableClassWithoutConstructor { // after deserialization, "field2" will always be set to 12 by the no-argument constructor private int field2; // this non-serializable class has an explicit no-argument constructor public NonSerializableClass() { field2 = 12; } public NonSerializableClass(int field2) { this.field2 = field2; } } public class SerializableClass extends NonSerializableClass implements Serializable { // after deserialization, "field3" will have the previously serialized value. private int field3; // deserialization does not use declared constructors public SerializableClass(int field3) { super(field3 * 2); this.field3 = field3; } }
Unfortunately, there is no compilation error when a class implements java.io.Serializable
and extends a non-serializable superclass
without a no-argument constructor. This is an issue because, at runtime, deserialization will fail to find the required constructor.
For example, deserialization of an instance of the following SerializableClass
class, throws an InvalidClassException: no valid
constructor
.
public class NonSerializableClass { private int field; // this class can not be deserialized because it does not have any implicit or explicit no-argument constructor public NonSerializableClass(int field) { this.field = field; } } public class SerializableClass extends NonSerializableClass implements Serializable { }
This rule checks in the hierarchy of serializable classes and reports an issue when a non-serializable superclass does not have the required no-argument constructor which will produce a runtime error.
There are two solutions to fix the missing no-argument constructor issue on non-serializable classes:
Solution 1
If the fields of a non-serializable class need to be persisted, add the java.io.Serializable
interface to
the class implements
definition. Solution 2
Otherwise, add a no-argument constructor and initialize the fields with some valid default values. Example #1
// Noncompliant; this Raspberry's ancestor doesn't have a no-argument constructor // this rule raises an issue on the Raspberry class declaration public class Fruit { private Season pickingSeason; public Fruit(Season pickingSeason) { this.pickingSeason = pickingSeason; } }
public class Raspberry extends Fruit implements Serializable { private static final long serialVersionUID = 1; private String variety; public Raspberry(String variety) { super(Season.SUMMER); this.variety = variety; } }
Solution 1
// Compliant; this Raspberry's ancestor is serializable public class Fruit implements Serializable { private static final long serialVersionUID = 1; private Season pickingSeason; public Fruit(Season pickingSeason) { this.pickingSeason = pickingSeason; } }
Example #2
public class Fruit { // Noncompliant; this Raspberry's ancestor doesn't have a no-argument constructor // this rule raises an issue on the Raspberry class declaration public Fruit(String debugMessage) { LOG.debug(debugMessage); } }
public class Raspberry extends Fruit implements Serializable { private static final long serialVersionUID = 1; private String variety; public Raspberry(String variety) { super("From Raspberry constructor"); this.variety = variety; } }
Solution 2
public class Fruit { // Compliant; this Raspberry ancestor has a no-argument constructor public Fruit() { this("From serialization"); } public Fruit(String debugMessage) { LOG.debug(debugMessage); } }