Hi, With https://git-wip-us.apache.org/repos/asf/wicket/repo?p=wicket.git;a=commitdiff;h=6014d8bb92595bf486d69f7a5c1c798bcdc252f1 I extracted the logic for reading object members with ObjectStreamClass into a separate class ObjectChecker. This new class uses implementations of IObjectChecker to do the actual checks. For now there are two impls: - check that the class is Serializable (as before) - check that instances of LoadableDetachableModel are detached before serialization. This own proved to be quite useful !
It is quite easy to add your own custom checkers. For example like the ones explained at http://wicketinaction.com/2011/11/detect-attached-models-and-entities/ for JPA entities. I tried to keep SerializableChecker binary compatible so it has some baggage which may be removed for Wicket 7.0. If any of the checkers fail then the pretty print message is used to show where is the problem and its type. The usage is: JavaSerializer serializer = new JavaSerializer(app.getKey()) { @Override protected ObjectOutputStream newObjectOutputStream(OutputStream out) throws IOException { return new ObjectCheckerObjectOutputStream(out, new ObjectSerializationChecker(), new NotDetachedModelChecker(), new MyOwnChecker()); } } app.getFrameworkSettings().setSerializer(serializer); Please have a look and give your opinion. Any suggestions are welcome! -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com
