rspec/rules/S3276/java/rule.adoc

== Why is this an issue?

The ``++@Remote++`` annotation indicates that an interface may be called from a remote client. Therefore the parameters and return types of methods in the interface must be ``++Serializable++``.


=== Noncompliant code example

[source,java]
----
public class Employee {  // Nonserializable
}

@Remote
public interface EmployeeServiceRemote {
  public Employee getEmployee(String id);  // Noncompliant
}
----


=== Compliant solution

[source,java]
----
public class Employee implements Serializable{
}

@Remote
public interface EmployeeServiceRemote {
  public Employee getEmployee(String id);  // Noncompliant
}
----


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Make "xxx" serializable or replace it with a serializable type.


'''
== Comments And Links
(visible only on this page)

=== on 22 Jul 2015, 07:48:37 Nicolas Peru wrote:
\[~ann.campbell.2] LGTM

=== on 23 Jul 2015, 13:56:52 Ann Campbell wrote:
Rule origin: \https://groups.google.com/forum/#!topic/sonarqube/cYQdBhf00eo


from rule requester:

I wrote this rule and have now a working version. Having tested it on a representative code base of 350+remote interfaces, here are the cases I had to handle :

* primitive types are allowed
* Enums are allowed
* Serializable itself is not allowed (bad practice)
* subType of java.io.Serializable are allowed
* arrays of allowed types are allowed
* parameterized types must be checked
* parameter types of parameterized types must be checked (recursively)
* handle the case of java Collections and Maps (we consider them as Serializable as only 2-3 Collections Interfaces implementations are not serializable, and as those implementations are only used for developping caches (and therefore it makes no sense to transmit them through remote services calls)... this is as a corner case, but it may raise lots of false positives 
* both parameters and return types of method signatures must be checked
* we check only remote interfaces (not types)

endif::env-github,rspecator-view[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			The ``++@Remote++`` annotation indicates that an interface may be called from a remote client. Therefore the parameters and return types of methods in the interface must be ``++Serializable++``.

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`----`
			`public class Employee { // Nonserializable`
			`}`

			`@Remote`
			`public interface EmployeeServiceRemote {`
			`public Employee getEmployee(String id); // Noncompliant`
			`}`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`----`
			`public class Employee implements Serializable{`
			`}`

			`@Remote`
			`public interface EmployeeServiceRemote {`
			`public Employee getEmployee(String id); // Noncompliant`
			`}`
			`----`
Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00

Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== Message`

			`Make "xxx" serializable or replace it with a serializable type.`

RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== on 22 Jul 2015, 07:48:37 Nicolas Peru wrote:`
			`\[~ann.campbell.2] LGTM`

			`=== on 23 Jul 2015, 13:56:52 Ann Campbell wrote:`
			`Rule origin: \https://groups.google.com/forum/#!topic/sonarqube/cYQdBhf00eo`


			`from rule requester:`

			`I wrote this rule and have now a working version. Having tested it on a representative code base of 350+remote interfaces, here are the cases I had to handle :`

			`* primitive types are allowed`
			`* Enums are allowed`
			`* Serializable itself is not allowed (bad practice)`
			`* subType of java.io.Serializable are allowed`
			`* arrays of allowed types are allowed`
			`* parameterized types must be checked`
			`* parameter types of parameterized types must be checked (recursively)`
			`* handle the case of java Collections and Maps (we consider them as Serializable as only 2-3 Collections Interfaces implementations are not serializable, and as those implementations are only used for developping caches (and therefore it makes no sense to transmit them through remote services calls)... this is as a corner case, but it may raise lots of false positives`
			`* both parameters and return types of method signatures must be checked`
			`* we check only remote interfaces (not types)`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`