16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
73 lines
2.0 KiB
Plaintext
73 lines
2.0 KiB
Plaintext
== Why is this an issue?
|
|
|
|
The ``++@Remote++`` annotation indicates that an interface may be called from a remote client. Therefore the parameters and return types of methods in the interface must be ``++Serializable++``.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,java]
|
|
----
|
|
public class Employee { // Nonserializable
|
|
}
|
|
|
|
@Remote
|
|
public interface EmployeeServiceRemote {
|
|
public Employee getEmployee(String id); // Noncompliant
|
|
}
|
|
----
|
|
|
|
|
|
=== Compliant solution
|
|
|
|
[source,java]
|
|
----
|
|
public class Employee implements Serializable{
|
|
}
|
|
|
|
@Remote
|
|
public interface EmployeeServiceRemote {
|
|
public Employee getEmployee(String id); // Noncompliant
|
|
}
|
|
----
|
|
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Make "xxx" serializable or replace it with a serializable type.
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 22 Jul 2015, 07:48:37 Nicolas Peru wrote:
|
|
\[~ann.campbell.2] LGTM
|
|
|
|
=== on 23 Jul 2015, 13:56:52 Ann Campbell wrote:
|
|
Rule origin: \https://groups.google.com/forum/#!topic/sonarqube/cYQdBhf00eo
|
|
|
|
|
|
from rule requester:
|
|
|
|
I wrote this rule and have now a working version. Having tested it on a representative code base of 350+remote interfaces, here are the cases I had to handle :
|
|
|
|
* primitive types are allowed
|
|
* Enums are allowed
|
|
* Serializable itself is not allowed (bad practice)
|
|
* subType of java.io.Serializable are allowed
|
|
* arrays of allowed types are allowed
|
|
* parameterized types must be checked
|
|
* parameter types of parameterized types must be checked (recursively)
|
|
* handle the case of java Collections and Maps (we consider them as Serializable as only 2-3 Collections Interfaces implementations are not serializable, and as those implementations are only used for developping caches (and therefore it makes no sense to transmit them through remote services calls)... this is as a corner case, but it may raise lots of false positives
|
|
* both parameters and return types of method signatures must be checked
|
|
* we check only remote interfaces (not types)
|
|
|
|
endif::env-github,rspecator-view[]
|