[JAVA-2131] Make all classes referenced by MongoException subclasses implement Serializable Created: 01/Mar/16  Updated: 01/Feb/24

Status: Backlog
Project: Java Driver
Component/s: Error Handling
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Scott Jungers Assignee: Unassigned
Resolution: Unresolved Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to JAVA-5305 com.mongodb.MongoWriteException is no... Waiting for Reporter

 Description   

WriteConcernResult - which is not serializable - is a member of of a serializable exception class, WriteConcernException. Can we make WriteConcernResult serializable?

Update

In scope of this ticket we will audit all MongoException subclasses and ensure that the object graph for each is completely serializable



 Comments   
Comment by Jeffrey Yemin [ 30/Nov/18 ]

I'm going to repurpose this ticket to require an audit of all classes nested in MongoException and its subclasses. I suspect WriteConcernResult is not the only offender.

Comment by Jeffrey Yemin [ 30/Nov/18 ]

That makes sense. I think we can do this easily so long as there is not a requirement to support deserialization using a different version of the class. That's where it starts to get tricky, and buggy.

Comment by Ian Springer [ 30/Nov/18 ]

We use Jackson for serialization in 90% of our project for the reasons you stated and others, but we use Hazelcast for remote task execution, which uses Java serialization by default. So currently if a WriteConcernException is thrown by a remote task, it fails to get reported back to the node that initiated the task. On the initiating node, rather than the actual exception, we get an ugly exception about the exception failing to serialize.

 

As antiquated and shitty as Java serialization may be, Java classes, particularly libraries, should still follow its contract. And since Throwable extends Serializable, this means all exceptions should implement the contract of Serializable, which means all non-transient fields on the exception class should also be Serializable.

Comment by Jeffrey Yemin [ 29/Nov/18 ]

I'm curious what the need is for your application to serialize exceptions.  Serialization framework has gone out of fashion of late as more and more security issues are found to exploit it.

See https://www.bleepingcomputer.com/news/security/oracle-plans-to-drop-java-serialization-support-the-source-of-most-security-bugs/, for example.

Generated at Thu Feb 08 08:56:24 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.