Wicket 6.0
Wicket 6.0 made it much easier to add common serialization checks to help development. A couple of the more frequently implemented checks were added as part of the core library. Adding new ones is simple:
Add this in your Application.init():
JavaSerializer javaSerializer = new JavaSerializer( getApplicationKey() ) { @Override protected ObjectOutputStream newObjectOutputStream(OutputStream out) throws IOException { IObjectChecker checker = new NotDetachedModelChecker(); IObjectChecker checker2 = new SerializableChecker.ObjectSerializationChecker(); return new CheckingObjectOutputStream(out, checker, checker2); } }; getFrameworkSettings().setSerializer( javaSerializer );
Adding your own custom checks is easy. Here's one we use that checks for PersistentObjects (our in house base class for DB entities)
public class PersistentObjectsNotAllowedChecker implements IObjectChecker { @Override public Result check( Object object ) { if( object instanceof PersistentObject ) { PersistentObject persistentObject = (PersistentObject) object; if( persistentObject.getId() != null ) { return new Result( Result.Status.FAILURE, "Stored PersistentObjects are not allowed: " + persistentObject.getClass() .getName() + ":" + persistentObject .getId() + " - " + persistentObject.toString() ); } } return Result.SUCCESS; } @Override public List<Class<?>> getExclusions() { return null; } }
Earlier Wicket Versions
See http://wicketinaction.com/2011/11/detect-attached-models-and-entities/