Expand Authors Top

If you have a few years of experience in the Java ecosystem and you’d like to share that with the community, have a look at our Contribution Guidelines.

Expanded Audience – Frontegg – Security (partner)
announcement - icon User management is very complex, when implemented properly. No surprise here.

Not having to roll all of that out manually, but instead integrating a mature, fully-fledged solution - yeah, that makes a lot of sense.
That's basically what Frontegg is - User Management for your application. It's focused on making your app scalable, secure and enjoyable for your users.
From signup to authentication, it supports simple scenarios all the way to complex and custom application logic.

Have a look:

>> Elegant User Management, Tailor-made for B2B SaaS

NPI – JPA Buddy – JPA (partner)
announcement - icon

JPA is huge! It covers nearly every aspect of communication between relational databases and the Java application and is deeply integrated into all major frameworks.

If you're using IntelliJ, JPA Buddy is super helpful. The plugin gently guides you through the subtleties of the most popular JPA implementations, visually reminds you of JPA features, generates code that follows best practices, and integrates intelligent inspections to improve your existing persistence code.

More concretely, it provides powerful tooling to generate Spring Data JPA repositories and methods, Flyway Versioned Migrations, Liquibase Differential Changelogs, DDL and SQL statements, DTO objects, and MapStruct interfaces.

Oh, and it actually generates JPA entities from an existing database and gradually update the data model as the database evolves! Yeah.

>> Become a lot more productive with JPA Buddy

November Discount Launch 2022 – Top
We’re finally running a Black Friday launch. All Courses are 30% off until tomorrow:


November Discount Launch 2022 – TEMP TOP (NPI)
We’re finally running a Black Friday launch. All Courses are 30% off until tomorrow:


1. Introduction

In this tutorial, we'll discuss how JPA entities and the Java Serializable interface blend. First, we'll take a look at the java.io.Serializable interface and why we need it. After that, we'll take a look at the JPA specification and Hibernate as its most popular implementation.

2. What Is the Serializable Interface?

Serializable is one of the few marker interfaces found in core Java. Marker interfaces are special case interfaces with no methods or constants.

Object serialization is the process of converting Java objects into byte streams. We can then transfer these byte streams over the wire or store them in persistent memory. Deserialization is the reverse process, where we take byte streams and convert them back into Java objects. To allow object serialization (or deserialization), a class must implement the Serializable interface. Otherwise, we'll run into java.io.NotSerializableException. Serialization is widely used in technologies such as RMI, JPA, and EJB.

3. JPA and Serializable

Let's see what the JPA specification says about Serializable and how it pertains to Hibernate.

3.1. JPA Specification

One of the core parts of JPA is an entity class. We mark such classes as entities (either with the @Entity annotation or an XML descriptor). There are several requirements that our entity class must fulfill, and the one we're most concerned with, according to the JPA specification, is:

If an entity instance is to be passed by value as a detached object (e.g., through a remote interface), the entity class must implement the Serializable interface.

In practice, if our object is to leave the domain of the JVM, it'll require serialization.

Each entity class consists of persistent fields and properties. The specification requires that fields of an entity may be Java primitives, Java serializable types, or user-defined serializable types.

An entity class must also have a primary key. Primary keys can be primitive (single persistent field) or composite. Multiple rules apply to a composite key, one of which is that a composite key is required to be serializable.

Let's create a simple example using Hibernate, H2 in-memory database, and a User domain object with UserId as a composite key:

public class User {
    @EmbeddedId UserId userId;
    String email;
    // constructors, getters and setters

public class UserId implements Serializable{
    private String name;
    private String lastName;
    // getters and setters

We can test our domain definition using the integration test:

public void givenUser_whenPersisted_thenOperationSuccessful() {
    UserId userId = new UserId();
    User user = new User(userId, "[email protected]");


    User userDb = entityManager.find(User.class, userId);
    assertEquals(userDb.email, "[email protected]");

If our UserId class does not implement the Serializable interface, we'll get a MappingException with a concrete message that our composite key must implement the interface.

3.2. Hibernate @JoinColumn Annotation

Hibernate official documentation, when describing mapping in Hibernate, notes that the referenced field must be serializable when we use referencedColumnName from the @JoinColumn annotation. Usually, this field is a primary key in another entity. In rare cases of complex entity classes, our reference must be serializable.

Let's extend the previous User class where the email field is no longer a String but an independent entity. Also, we'll add an Account class that will reference a user and has a field type. Each User can have multiple accounts of different types. We'll map Account by email since it's more natural to search by email address:

public class User {
    @EmbeddedId private UserId userId;
    private Email email;

public class Email implements Serializable {
    private long id;
    private String name;
    private String domain;

public class Account {
    private long id;
    private String type;
    @JoinColumn(referencedColumnName = "email")
    private User user;

To test our model, we'll write a test where we create two accounts for a user and query by an email object:

public void givenAssociation_whenPersisted_thenMultipleAccountsWillBeFoundByEmail() {
    // object creation 


    List userAccounts = entityManager.createQuery("select a from Account a join fetch a.user where a.user.email = :email")
      .setParameter("email", email)
    assertEquals(userAccounts.size(), 2);

If the Email class does not implement the Serializable interface, we'll get MappingException again, but this time with a somewhat cryptic message: “Could not determine type”.

3.3. Exposing Entities to the Presentation Layer

When sending objects over the wire using HTTP, we usually create specific DTOs (data transfer objects) for this purpose. By creating DTOs, we decouple internal domain objects from external services. If we want to expose our entities directly to the presentation layer without DTOs, then entities must be serializable.

We use the HttpSession object to store relevant data that help us identify users across multiple page visits to our website. The web server can store session data on a disk when shutting down gracefully or transfer session data to another web server in clustered environments. If an entity is part of this process, then it must be serializable. Otherwise, we'll run into NotSerializableException.

4. Conclusion

In this article, we covered the basics of Java serialization and saw how it comes into play in JPA. First, we went over the JPA specification's requirements regarding Serializable. After that, we looked into Hibernate as the most popular implementation of JPA. In the end, we covered how JPA entities work with web servers.

As usual, all code presented in this article can be found over on GitHub.

November Discount Launch 2022 – Bottom
We’re finally running a Black Friday launch. All Courses are 30% off until tomorrow:


Persistence footer banner
Comments are closed on this article!