To use serialPersistentFields
correctly, it must be declared private
, static
, and final
.
The Java Object Serialization Specification allows developers to manually define Serializable fields for a class by specifying them in the serialPersistentFields
array. This feature will only work if serialPersistentFields
is declared as private
, static
, and final
.
Example 1: The following declaration of serialPersistentFields
will not be used to define Serializable
fields because it is not private
, static
, and final
.
class List implements Serializable {
public ObjectStreamField[] serialPersistentFields = { new ObjectStreamField("myField", List.class) };
...
}
[1] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 485
[2] Sun Microsystems, Inc. Java Sun Tutorial