Why is this an issue?

Java serialization is the conversion from objects to byte streams for storage or transmission. And later, java deserialization is the reverse conversion, it reconstructs objects from byte streams.

To make a java class serializable, this class should implement the java.io.Serializable interface directly or through its inheritance.

import java.io.Serializable;

public class NonSerializableClass {
}

public class SerializableClass implements Serializable {
}

public class OtherSerializableClass extends SerializableClass {
  // is also serializable because it is a subtype of Serializable
}

Given a serializable class, it is important to note that not all its superclasses are serializable. Eventually, its superclasses stop implementing java.io.Serializable. It could be at the end, once reaching the java.lang.Object class, or before.

This is important because the serialization/deserialization runs through the class hierarchy of an object to decide which object fields to write or read, and applies two different logics:

So developers should pay particular attention to the non-serializable classes in the class hierarchy, because the presence of an implicit or explicit no-argument constructor is required in those classes.

This is an example of mandatory no-argument constructors in the hierarchy of SerializableClass:

public class NonSerializableClassWithoutConstructor {
  // after deserialization, "field1" will always be set to 42
  private int field1 = 42;

  // this non-serializable class has an implicit no-argument constructor
}

public class NonSerializableClass extends NonSerializableClassWithoutConstructor {
  // after deserialization, "field2" will always be set to 12 by the no-argument constructor
  private int field2;

  // this non-serializable class has an explicit no-argument constructor
  public NonSerializableClass() {
    field2 = 12;
  }

  public NonSerializableClass(int field2) {
    this.field2 = field2;
  }
}

public class SerializableClass extends NonSerializableClass implements Serializable {
  // after deserialization, "field3" will have the previously serialized value.
  private int field3;

  // deserialization does not use declared constructors
  public SerializableClass(int field3) {
    super(field3 * 2);
    this.field3 = field3;
  }
}

Unfortunately, there is no compilation error when a class implements java.io.Serializable and extends a non-serializable superclass without a no-argument constructor. This is an issue because, at runtime, deserialization will fail to find the required constructor.

For example, deserialization of an instance of the following SerializableClass class, throws an InvalidClassException: no valid constructor.

public class NonSerializableClass {
  private int field;
  // this class can not be deserialized because it does not have any implicit or explicit no-argument constructor
  public NonSerializableClass(int field) {
    this.field = field;
  }
}

public class SerializableClass extends NonSerializableClass implements Serializable {
}

This rule checks in the hierarchy of serializable classes and reports an issue when a non-serializable superclass does not have the required no-argument constructor which will produce a runtime error.

How to fix it

There are two solutions to fix the missing no-argument constructor issue on non-serializable classes:

Code examples

Example #1

Noncompliant code example

// Noncompliant; this Raspberry's ancestor doesn't have a no-argument constructor
// this rule raises an issue on the Raspberry class declaration
public class Fruit {
  private Season pickingSeason;
  public Fruit(Season pickingSeason) {
    this.pickingSeason = pickingSeason;
  }
}
public class Raspberry extends Fruit implements Serializable {
  private static final long serialVersionUID = 1;
  private String variety;
  public Raspberry(String variety) {
    super(Season.SUMMER);
    this.variety = variety;
  }
}

Compliant solution

Solution 1

// Compliant; this Raspberry's ancestor is serializable
public class Fruit implements Serializable {
  private static final long serialVersionUID = 1;
  private Season pickingSeason;
  public Fruit(Season pickingSeason) {
    this.pickingSeason = pickingSeason;
  }
}

Example #2

Noncompliant code example

public class Fruit {
  // Noncompliant; this Raspberry's ancestor doesn't have a no-argument constructor
  // this rule raises an issue on the Raspberry class declaration
  public Fruit(String debugMessage) {
    LOG.debug(debugMessage);
  }
}
public class Raspberry extends Fruit implements Serializable {
  private static final long serialVersionUID = 1;
  private String variety;
  public Raspberry(String variety) {
    super("From Raspberry constructor");
    this.variety = variety;
  }
}

Compliant solution

Solution 2

public class Fruit {
  // Compliant; this Raspberry ancestor has a no-argument constructor
  public Fruit() {
    this("From serialization");
  }
  public Fruit(String debugMessage) {
    LOG.debug(debugMessage);
  }
}

Resources

Documentation