On 12/4/06, Rahul Akolkar <[EMAIL PROTECTED]> wrote:
On 12/4/06, Craig McClanahan <[EMAIL PROTECTED]> wrote: > On 12/4/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > * Have the base classes implement Serializable where applicable > > > > Sorry ... I should have discussed this on the list before making these > changes. It comes out of having been badly bit in cases where a subclass of > the base class *cannot* for some reason be made Serializable. Unless it's > absolutely required (and it's not in this case ... non JavaEE servers are > not required to enforce the serializability of session attributes unless you > also declare your app to be distributable), I would prefer we left the > SHOULD comments in the class javadocs, and make it the responsibility of the > concrete implementation classes to say "implements Serializable" when they > actually obey the contract. > <snip/> Makes sense, I've changed back (per above para) in r482470. As an aside, one trick I've seen when subclasses cannot be serializable is to implement writeObject simply to throw a NotSerializableException.
That definitely works for runtime, but you still get surprised sometimes by static analysis or "instanceof" checks. For example, in Commons Chain the Context is marked Serializable, even though some of the implementations of that interface are not. Thus, even if you've got your servlet container set up to check for all session scope attributes being serializable, the container gets fooled because the "instanceof" check passes. -Rahul Craig
Craig > >
