Currently the serializable checker is only triggered when an NotSerializableException was thrown. Means that @WicketDontSerialize annotated beams will not get detected only by changing the SerializableChecker. Perhaps an IObjectStreamFactory that return an ObjectInputStream doing the check? Would work, and user can plug by Objects.setObjectStreamFactory(new ObjectInputStreamThatChecksFor WicketDontSerializeAnnotation());
On Tue, Jan 25, 2011 at 1:31 PM, Martin Grigorov <martin.grigo...@gmail.com>wrote: > Hi, > > Someone just asked in ##wicket something like: "for some reason my entity > is > serialized. it is wrapped in LDM, but still something went wrong and > instead > just the entity id, the whole entity is serialized" > > https://gist.github.com/795052 > > Here are suggest introducing an annotation which serves like JSR-305's > @NotNill - @WicketDontSerialize. > I.e. if an object which class is annotated with this marker is sent to > SerializableChecker#check() then throw an exception with the nice path to > the object saying "this class may be Serializable but it shouldn't be > serialized". > This way hopefully the user will see when there is a leak reference which > ties the object in the serialization. > > Writing this email I realize that we can make it even better by extending > the checker to use pluggable sub-checkers: checker for "implements > Serializable", checker based on an annotation, based on a black/white list, > or some other logic. This way the user app can pass a checker that > disallows > classes coming from third party libs (i.e. cannot be annotated). > In DEV mode it can be replaced with no-op checker. > > What do you think ? > > martin-g > -- Pedro Henrique Oliveira dos Santos
