SonarQube's java:S1948 rule flags fields in Serializable classes that are neither transient nor Serializable themselves, preventing NotSerializableException at runtime. Four strategies are covered: making the nested class implement Serializable (preferred for core state), declaring fields static (ideal for loggers and constants), using the transient keyword (for temporary or non-serializable fields), and handling Spring framework dependencies by marking injected services as transient. The transient approach requires re-initializing fields via readObject upon deserialization. For third-party non-serializable classes, wrapping in a DTO or using custom writeObject/readObject methods are recommended.
Table of contents
1. Introduction2. Understanding the Serialization Contract3. Reproducing the Sonar Warning4. Making the Field Serializable5. Using the static Modifier6. Leveraging the transient Keyword7. Handling Framework Dependencies8. ConclusionSort: