制作“课程”瞬态或可序列化但该类是可序列化的 [英] Make "class" transient or serializable BUT the class is serializable

问题描述

SonarQube 5.1在审核我的代码后标记了很多关键问题。但是，类本身和字段中引用的类也是可序列化的。引用的类通过类继承serializable接口。

SonarQube 5.1 marks a lot of critical issues after reviewing my code. However the class itself and the referenced class in the field is also serializable. The referenced class inherits the serializable interface through a class.

这是我的例子

public class A implements Serializable {
     private B b;  // -> Sonarcube markes this field as not serialzable
}

B类定义如下

public class B extends C {
 ....
}

C类定义如下

public abstract class C extends D {
 ....
}

定义D类

public abstract class D implements Serializable {
  ....
}

在同一个项目上运行FindBugs时看不到这些问题。
我不确定它是否是sonarcube中的错误，或者我的代码有其他一些问题（C，D或其他类别中的其他字段）

Running FindBugs on the same project does not see these problems. I am not sure if it is a bug in sonarcube or is my code has some other problems (other fields in the classes C,D or something else)

有人有线索吗？

推荐答案

可能是因为没有正确提供二进制文件。我的SonarQube配置遇到了类似的问题，然后我发现实现 Serializable 的类位于不同的模块和/或外部库中。

It is probably because the binary files are not provided correctly. I had a similar issue with my SonarQube configuration, then I discovered that the classes that implement Serializable are in different modules and/or in an external library.

为 sonar.java.binaries设置正确的值和 sonar.java.libraries 允许SonarQube找到二进制文件并正确确定这些类是否可序列化。

Setting correct values for sonar.java.binaries and sonar.java.libraries allow SonarQube to locate the binaries and correctly determine whether or not the classes are serializable.

这篇关于制作“课程”瞬态或可序列化但该类是可序列化的的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！