48 lines
1.3 KiB
Plaintext
48 lines
1.3 KiB
Plaintext
Serializing a non-``++static++`` inner class will result in an attempt at serializing the outer class as well. If the outer class is actually serializable, then the serialization will succeed but possibly write out far more data than was intended.
|
|
|
|
|
|
Making the inner class ``++static++`` (i.e. "nested") avoids this problem, therefore inner classes should be ``++static++`` if possible. However, you should be aware that there are semantic differences between an inner class and a nested one:
|
|
|
|
* an inner class can only be instantiated within the context of an instance of the outer class.
|
|
* a nested (``++static++``) class can be instantiated independently of the outer class.
|
|
|
|
|
|
== Noncompliant Code Example
|
|
|
|
----
|
|
public class Raspberry implements Serializable {
|
|
// ...
|
|
|
|
public class Drupelet implements Serializable { // Noncompliant; output may be too large
|
|
// ...
|
|
}
|
|
}
|
|
----
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
----
|
|
public class Raspberry implements Serializable {
|
|
// ...
|
|
|
|
public static class Drupelet implements Serializable {
|
|
// ...
|
|
}
|
|
}
|
|
----
|
|
|
|
|
|
== See
|
|
|
|
* https://wiki.sei.cmu.edu/confluence/x/ZTdGBQ[CERT, SER05-J.] - Do not serialize instances of inner classes
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|