Rule Definition
Although not required, it is helpful if objects placed in session scope implement Serializable. The application server may serialize session objects after crossing certain memory limit. Also, when a server restart some we containers provide "session failover", in which session data is not lost during a restart.
In these cases, the web container will attempt to serialize all data stored in session scope, in order to recover the data after. This will work only if such data implements Serializable.
Remediation
Implement serialization if your web container implements such mechanisms or ignore it in others cases.
Violation Code Sample
Sample for JSF:
----> faces-config.xml:
<managed-bean>
<managed-bean-name>myBean</managed-bean-name>
<managed-bean-class>com.cast.MyBean</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
----> myBean.java:
// VIOLATION: the class associate to a backing bean
// does not implement the interface Serializable
public class MyBean {
// Properties
private String name;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
Fixed Code Sample
----> myBean.java:
// FIXED: the interface Serializable is implemented
public class MyBean implements Serializable {
// Properties
private String name;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
Reference
http://www.javapractices.com/Topic110.cjp
http://www.precisejava.com/javaperf/j2se/Serialization.htm
Related Technologies
JEE
Technical Criterion
Efficiency - Memory, Network and Disk Space Management
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.