topic Why does Activiti TaskListener extend java.io.Serializable in Alfresco Archive https://connect.hyland.com/t5/alfresco-archive/why-does-activiti-tasklistener-extend-java-io-serializable/m-p/218205#M171335 <HTML><HEAD></HEAD><BODY><SPAN>I would like to know the reason why Activiti TaskListener was made to extend java.io.Serializable.</SPAN><BR /><BR /><SPAN>Because TaskListener extends java.io.Serializable , if the implementation classes for TaskListener use references to other classes , the code review tool is suggesting the following :</SPAN><BR /><BR /><SPAN>"Fields in a Serializable class must themselves be either Serializable or transient even if the class is never explicitly serialized or deserialized. That's because under load, most J2EE application frameworks flush objects to disk, and an allegedly Serializable object with non-transient, non-serializable data members could cause program crashes, and open the door to attackers." </SPAN><BR /><BR /><BR /><SPAN>@Listener</SPAN><BR /><SPAN>public class ApproveRejectNotificationListener implements TaskListener {</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;private static final long serialVersionUID = 1L;</SPAN><BR /><BR /><SPAN>&nbsp;&nbsp;&nbsp;@Resource</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;private BPMTaskService bpmTaskService;&nbsp;&nbsp; //Noncompliant Code Example</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><BR /><SPAN>}</SPAN><BR /><BR /><SPAN>To fix the issue, I can make this variable transient. </SPAN><BR /><BR /><SPAN>But I want to know the rationale behind in making this TaskListener&nbsp; extend Serializable. This will allow us to make sure we have designed and implemented the TaskListener classes as expected by Activiti in our application and discover any edge case scenarios if any by&nbsp; violating the contracts .</SPAN><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /></BODY></HTML> Wed, 24 Feb 2016 21:21:57 GMT gkd_deepak 2016-02-24T21:21:57Z Why does Activiti TaskListener extend java.io.Serializable https://connect.hyland.com/t5/alfresco-archive/why-does-activiti-tasklistener-extend-java-io-serializable/m-p/218205#M171335 I would like to know the reason why Activiti TaskListener was made to extend java.io.Serializable.Because TaskListener extends java.io.Serializable , if the implementation classes for TaskListener use references to other classes , the code review tool is suggesting the following :"Fields in a Serial Wed, 24 Feb 2016 21:21:57 GMT https://connect.hyland.com/t5/alfresco-archive/why-does-activiti-tasklistener-extend-java-io-serializable/m-p/218205#M171335 gkd_deepak 2016-02-24T21:21:57Z Re: Why does Activiti TaskListener extend java.io.Serializable https://connect.hyland.com/t5/alfresco-archive/why-does-activiti-tasklistener-extend-java-io-serializable/m-p/218206#M171336 <HTML><HEAD></HEAD><BODY><SPAN>The rationale is that these classes can be in a distributed cache (swapping out the default process definition cache).</SPAN></BODY></HTML> Tue, 01 Mar 2016 20:10:06 GMT https://connect.hyland.com/t5/alfresco-archive/why-does-activiti-tasklistener-extend-java-io-serializable/m-p/218206#M171336 jbarrez 2016-03-01T20:10:06Z