Wicket 6.0
Wicket 6.0 made it much easier to add common serialization checks to help development. A couple of the more frequently implemented checks were added as part of the core library. Adding new ones is simple:
Add this in your Application.init():
JavaSerializer javaSerializer = new JavaSerializer( getApplicationKey() ) { @Override protected ObjectOutputStream newObjectOutputStream(OutputStream out) throws IOException { IObjectChecker checker = new NotDetachedModelChecker(); IObjectChecker checker2 = new SerializableChecker.ObjectSerializationChecker(); return new CheckingObjectOutputStream(out, checker, checker2); } }; getFrameworkSettings().setSerializer( javaSerializer );
Note: The ObjectSerializationChecker is installed by the default JavaSerializer - you dont have to add the code above to get this functionality out of the box.
Adding your own custom checks is easy. Here's one we use that checks for PersistentObjects (our in house base class for DB entities) that have been persisted (an 'id' is assigned)
public class PersistentObjectsNotAllowedChecker implements IObjectChecker { @Override public Result check( Object object ) { if( object instanceof PersistentObject ) { PersistentObject persistentObject = (PersistentObject) object; if( persistentObject.getId() != null ) { return new Result( Result.Status.FAILURE, "Stored PersistentObjects are not allowed: " + persistentObject.getClass() .getName() + ":" + persistentObject .getId() + " - " + persistentObject.toString() ); } } return Result.SUCCESS; } @Override public List<Class<?>> getExclusions() { return null; } }
Earlier Wicket Versions
See http://wicketinaction.com/2011/11/detect-attached-models-and-entities/