What causes a NotSerializableException in Tomcat 7? [duplicate]

Answer 1

It is happening because somewhere in your code, you are storing a UserDAO in the session (or you are storing an object that has a reference to a UserDAO). Tomcat tries to serialize the full object graph of all active sessions when you shut it down, and then it tries to restore them when you start it back up. The crux of this is that Tomcat uses "normal" java object serialization, which requires all objects to be Serializable.

How to remedy:

1. Don't store non-serializable objects in the users session (generally a good practice).
2. Make your UserDAO serializable. Probably involves implementing the Serializable interface and marking your hibernateTemplate as transient as i don't think that HibernateTemplate is, in itself, serializable. You may have to add some code that re-initialize the hibernateTemplate on deserialization if you really want it to work.
3. Don't have Tomcat serializing sessions (add <Manager pathname="" /> to the context.xml, either in your own app or in the global tomcat context.xml in the conf/ directory, inside the <Context> element. This might be the best course of action for you, unless you really need sessions to be persisted across restarts.

Answer 2

UserDaoImpl must implement the java.io.Serializable interface if it is to be serialized (your stack trace indicates an attempt is made to write an instance of the class to an object stream).

The instance to be serialized, along with all objects in the object graph of that instance, must all be serializable.

From the javadocs for Serializable,

Serializability of a class is enabled by the class implementing the java.io.Serializable interface...When traversing a graph, an object may be encountered that does not support the Serializable interface. In this case the NotSerializableException will be thrown and will identify the class of the non-serializable object.

Note that there are exceptions to these rules. I recommend that you read the Java Object Serialization Specification for a full understanding of when object serialization takes place and it what it takes to avoid a NotSerializableException.

Answer 3

The other answers here explain serialization well. Since this is the first result in Google I wanted to add information that really helped me resolve the issue.

The exception message itself does not indicate which field in which class caused this issue. If you can't make a class serializable and need to add the transient keyword so Java does not try to serialize a field it can be tricky to figure out which field is causing the issue.

If you add the parameter -Dsun.io.serialization.extendedDebugInfo=true to Java/Tomcat when starting it the exception will be much more useful. Here is an example of what the exception message will look like:

java.io.NotSerializableException: za.co.abc.presentation.control.Three
 - field (class "za.co.abc.presentation.control.Two", name: "three", type: "class za.co.abc.presentation.control.Three")
 - object (class "za.co.abc.presentation.control.Two", za.co.abc.presentation.control.Two@fbbb20)
 - field (class "za.co.abc.presentation.control.One", name: "two", type: "class za.co.abc.presentation.control.Two")
 - object (class "za.co.abc.presentation.control.One", za.co.abc.presentation.control.One@17ee6c9)
 - field (class "za.co.abc.presentation.control.Trail", name: "one", type: "class za.co.abc.presentation.control.One")
 - root object (class "za.co.abc.presentation.control.Trail", {/click-tests/home.htm=home})

If you do use the transient keyword to make fields not serialize you probably have to then set those fields when the class is read. You have to implement the readObject() method to do that. Here is an example:

private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException {
    // magically read all non-transient fields from input stream and populate their values
    in.defaultReadObject();

    someTransientField = new NotSerializableClass();
}