[weld-dev] Overly restrictive serialization requirements

[David Blevins]

I find CDI 1.0 section 6.6.4 and some of the TCK tests a little confusing.  I know serialization like the back of my hand and much of that section does not line up with actual serialization requirements.

The bottom line is that you can't statically check a class's serialization capabilities.  Non-serializable object reference types are ok.  Fields of java.lang.Object and other non-serialzable types are ok.  The reference type does not need to be serializable, just the object at the other end of the reference needs to be serializable.  Obviously you can't check that at deploy time, you need the instance.  You can't even check it at runtime as there are callbacks in the Serialization API that allow the instance to control it's own serialization.  If the class implements Serializable you just have to trust it will be when the time comes.

Small example:  https://gist.github.com/988120

What's the point of mistrusting a class that claims to be serializable and adding CDI-specific restrictions on its fields, methods and constructor types?


-David