...
| Code Block | ||
|---|---|---|
| ||
class WeaponStore implements Serializable {
int noOfWeapons = 10; // Total number of weapons
}
public class GameWeapon implements Serializable {
WeaponStore ws = new WeaponStore();
private static final ObjectStreamField[] serialPersistentFields
= {new ObjectStreamField("ws", WeaponStore.class)};
private void readObject(ObjectInputStream ois) throws IOException {
try {
ObjectInputStream.GetField gf = ois.readFields();
this.ws = (WeaponStore) gf.get("ws", ws);
} catch (ClassNotFoundException e) { /* Forward to handler */ }
}
private void writeObject(ObjectOutputStream oos) throws IOException {
ObjectOutputStream.PutField pf = oos.putFields();
pf.put("ws", ws);
oos.writeFields();
}
public String toString() {
return String.valueOf(ws);
}
}
|
Exceptions
| Wiki Markup |
|---|
*SER00-EX1*: According to the Serialization Specification \[[Sun 2006|AA. Bibliography#Sun 06]\], sectionSection 1.5, "Defining Serializable Fields for a Class": |
Inner classes can only contain
final staticfields that are initialized to constants or expressions built up from constants. Consequently, it is not possible to setserialPersistentFieldsfor an inner class (though it is possible to set it forstaticmember classes).
...
Failure to provide a consistent serialization mechanism across releases can limit the extensibility of classes. If classes are extended, compatibility issues may result.
Rule Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
SER00-J | low | probable | high | P2 | L3 |
...