Inspectopedia Help

'readResolve()' or 'writeReplace()' not declared 'protected'

Reports classes that implement java.io.Serializable where the readResolve() or writeReplace() methods are not declared protected.

Declaring readResolve() and writeReplace() methods private can force subclasses to silently ignore them, while declaring them public allows them to be invoked by untrusted code.

If the containing class is declared final, these methods can be declared private.

Example:

class ClassWithSerialization implements Serializable { public Object writeReplace() { // warning: 'writeReplace()' not declared protected ... } }

Inspection Details

Available in:

IntelliJ IDEA 2023.3, Qodana for JVM 2023.3

Plugin:

Java, 233.SNAPSHOT

Last modified: 13 July 2023
'readObject()' or 'writeObject()' not declared 'private' 'record' contains ignored members