Don't Ignore serialVersionUID
by
Join the DZone community and get the full member experience.
Join For FreeOkay,I admit that this one should have totally been obvious to me long ago. But I'm still a bit of a JEE newcomer (been doing it for almost five years), so perhaps I can be forgiven.
If you do a lot of ORM or EJB remoting, you probably deal with a lot of Serializable classes. And you're probably used to the annoying warning message that you see all the time in your IDE when you're working with Serializable classes:
The serializable class BlaBlaBla does not declare a static final serialVersionUID field of type long BlaBlaBla.java myProject/src/main/java/us/mikedesjardins/foo/domain/entity line 44
If you're like me, you roll your eyes and politely add a @SuppressWarnings("serial") to the top of the class definition (or, worse, you just shut the warning message off in your IDE altogether. Even I don't do that!). You reason with yourself that current versions of Java conveniently and automatically compute the serialVersionUID at run-time, so there's no need to bother with the formality of a version number on your class - it's just a nuisance holdover from days of Java yore.
IT'S A TRAP!
Now that I've found myself well into a new project with this lazy philosophy, I'm starting to run into problems. I have a client of my EJB that uses one of these Serializable objects, and I'm finding that when I make the most trivial changes to my shared classes, I need to compile both the server and the client components. The two components that were supposed to be loosely coupled are now hopelessly intertwined. So I did some further research on how the JVM computes the ad-hoc serialVersionUID at runtime when it isn't provided.
This article over at JavaWorld does a far better and more thorough job of explaining it than I will. In a nutshell, backward-compatability with respect to serialization and de-serialization is a lot less fragile than the cases that the serialVersionUID generation is protecting you against. That version generation algorithm computes an SHA hash based on the class name, sorted member variables, modifiers, and interfaces.
In reality, serialization and de-serialization generally only breaks when one of the following things happens to your class (from the aforementioned article at JavaWorld):
To ensure that your components which use Serialization have minimal runtime dependencies on each other, you have two options:
If you do a lot of ORM or EJB remoting, you probably deal with a lot of Serializable classes. And you're probably used to the annoying warning message that you see all the time in your IDE when you're working with Serializable classes:
The serializable class BlaBlaBla does not declare a static final serialVersionUID field of type long BlaBlaBla.java myProject/src/main/java/us/mikedesjardins/foo/domain/entity line 44
If you're like me, you roll your eyes and politely add a @SuppressWarnings("serial") to the top of the class definition (or, worse, you just shut the warning message off in your IDE altogether. Even I don't do that!). You reason with yourself that current versions of Java conveniently and automatically compute the serialVersionUID at run-time, so there's no need to bother with the formality of a version number on your class - it's just a nuisance holdover from days of Java yore.
IT'S A TRAP!
Now that I've found myself well into a new project with this lazy philosophy, I'm starting to run into problems. I have a client of my EJB that uses one of these Serializable objects, and I'm finding that when I make the most trivial changes to my shared classes, I need to compile both the server and the client components. The two components that were supposed to be loosely coupled are now hopelessly intertwined. So I did some further research on how the JVM computes the ad-hoc serialVersionUID at runtime when it isn't provided.
This article over at JavaWorld does a far better and more thorough job of explaining it than I will. In a nutshell, backward-compatability with respect to serialization and de-serialization is a lot less fragile than the cases that the serialVersionUID generation is protecting you against. That version generation algorithm computes an SHA hash based on the class name, sorted member variables, modifiers, and interfaces.
In reality, serialization and de-serialization generally only breaks when one of the following things happens to your class (from the aforementioned article at JavaWorld):
- Delete fields
- Change class hierarchy
- Change non-static to static
- Change non-transient to transient
- Change type of a primitive field
To ensure that your components which use Serialization have minimal runtime dependencies on each other, you have two options:
- Declare a specific serialVersionUID, and update it whenever you make a change that breaks backward compatability.
- Don't rely on any classes for use as transfer objects which will potentially change. This one is pretty obvious, but sometimes you will be surprised down the road at which classes are modified more often than others.
- Don't use your own objects at all when transferring data. Instead, rely on classes like Integers, Strings, or HashMaps to shuttle data around among components. (Obviously, protocols like SOAP and REST rely on XML documents for this to ensure maximum de-coupling, but you're presumably using something like EJB remoting to avoid the complexity or overhead of these protocols).
Serialization
Java (programming language)
Object (computer science)
Data (computing)
IT
Integrated development environment
career
Strings
Dependency
Overhead (computing)
Web Protocols
Opinions expressed by DZone contributors are their own.
Comments