Okay,I admit that this one should have totally been obvious to me long ago. But I’m still a bit of a JEE newcomer (been doing it for almost five years), so perhaps I can be forgiven.
If you do a lot of ORM or EJB remoting, you probably deal with a lot of Serializable classes. And you’re probably used to the annoying warning message that you see all the time in your IDE when you’re working with Serializable classes:
The serializable class BlaBlaBla does not declare a static final serialVersionUID field of type long BlaBlaBla.java myProject/src/main/java/us/mikedesjardins/foo/domain/entity line 44
If you’re like me, you roll your eyes and politely add a @SuppressWarnings(“serial”) to the top of the class definition (or, worse, you just shut the warning message off in your IDE altogether. Even I don’t do that!). You reason with yourself that current versions of Java conveniently and automatically compute the serialVersionUID at run-time, so there’s no need to bother with the formality of a version number on your class – it’s just a nuisance holdover from days of Java yore.
IT’S A TRAP!
Now that I’ve found myself well into a new project with this lazy
philosophy, I’m starting to run into problems. I have a client of my EJB
that uses one of these Serializable objects, and I’m finding that when I
make the most trivial changes to my shared classes, I need to compile
both the server and the client components. The two components that were
supposed to be loosely coupled are now hopelessly intertwined. So I did
some further research on how the JVM computes the ad-hoc
serialVersionUID at runtime when it isn’t provided.
[This article over at JavaWorld does a far better and more thorough job of explaining it than I will][1]. In a nutshell, backward-compatability with respect to serialization and de-serialization is a lot less fragile than the cases that the serialVersionUID generation is protecting you against. That version generation algorithm computes an SHA hash based on the class name, sorted member variables, modifiers, and interfaces.
In reality, serialization and de-serialization generally only breaks when one of the following things happens to your class (from the aforementioned article at JavaWorld): * Delete fields * Change class hierarchy * Change non-static to static * Change non-transient to transient * Change type of a primitive field
Ensure Minimal Coupling Between
Components
To ensure that your components which use Serialization have minimal
runtime dependencies on each other, you have two options: * Declare a
specific serialVersionUID, and update it whenever you make a change that
breaks backward compatability. * Don’t rely on any classes for use as
transfer objects which will potentially change. This one is pretty
obvious, but sometimes you will be surprised down the road at which
classes are modified more often than others. * Don’t use your own
objects at all when transferring data. Instead, rely on classes like
Integers, Strings, or HashMaps to shuttle data around among components.
(Obviously, protocols like SOAP and REST rely on XML documents for this
to ensure maximum de-coupling, but you’re presumably using something
like EJB remoting to avoid the complexity or overhead of these
protocols).
