1

Is the conversation interface you can inject in a @ConversationScoped bean safe to mark transient (ie. will CDI deal with it is during serialization) or I do I need a custom read/writeObject?

@ConversationScoped
    public class CDIConversationScopedBean implements Serializable {
        private static final long serialVersionUID = 1L;
        @Inject
        private transient Conversation conversation; // <<-- transient ok?

FindBugs is complaining about a non-transient non-serializable instance field.

TownCube
  • 1,280
  • 1
  • 13
  • 32

1 Answers1

0

TL;DR: Yes, it is safe. Explanation:

Since the Conversation class doesn't implement the Serializable interface as well the static analyzers usually complain that all the fields must be either Serializable or transient even if the class is never explicitly serialized or deserialized.

Firstly, your snippet is a bit questionable, why do you implement this marker interface - so do you plan to serialize this class? You might want to add the generated or default Serial Version UID.

To solve this, make the field transient if you don't plan to make de/serialize the class - it's harmless and will not affect the behavior of Conversation. See Java 8 specification, chapter 8.3.1.3.

Variables may be marked transient to indicate that they are not part of the persistent state of an object.

If you plan, make Conversation implement Serializable and treat its fields in the same way.

Nikolas Charalambidis
  • 40,893
  • 16
  • 117
  • 183
  • The conversation interface is a CDI provided interface, how can I make it implement Serializable as you suggest? – TownCube Jul 17 '18 at 11:18
  • You can't serialize a class that doesn't implement the `Serializable` interface, but you can wrap it in a class that does - use a decorator. Again: Do you need to serialize it? If not, make the field `transient`. Why do you implement `Serializable` then? The real question is here: to serialize or not to serialize. – Nikolas Charalambidis Jul 17 '18 at 11:21
  • The Serializable marker is implemented because the CDI spec requires that passivating beans like @ConversationScoped implement it. – TownCube Jul 17 '18 at 11:22
  • Well, it means you don't serialize the class, then use the `transient` keyword and FindBugs stops complaining. See my answer which explains why "is transient ok?". – Nikolas Charalambidis Jul 17 '18 at 11:28
  • My understanding is the class can be serialized by the container at any time so I don't understand what you mean by "you don't serialize the class" – TownCube Jul 17 '18 at 11:30
  • It does? It does not work in this way. The container won't serialize what is not `Serializable` anyway. Then the only question is whether you plan to de/serialize it. – Nikolas Charalambidis Jul 17 '18 at 11:32
  • Some containers will attempt it and throw an exception if you don't https://stackoverflow.com/questions/2847669/saving-objects-in-servlet-session-and-java-io-notserializableexception – TownCube Jul 17 '18 at 11:59
  • 1
    One of the answers at the linked question starts with: "Serialization is attempted not only when objects are persisted to hard disk, but also when transferred to another node in distributed environment." - the serialization does not start without your intention. The question again is: do you plan to serialize or not? – Nikolas Charalambidis Jul 17 '18 at 12:20
  • Given it depends on the servlet container and other settings which may or may not be turned on in a given set up, to be on the safe side, yes I want to serialize it. – TownCube Jul 17 '18 at 13:14