Do I still need to implement Serializable when using Hibernate?


#1

Do I still need to implement Serializable?
What are the reasons for doing so in Hibernate?
If I do so, how can it be exploited?


#2

Do I still need to implement Serializable?

For entities, no. It’s not needed by Hibernate.

Only for Embeddable Types you might want to implement Serializable, especially if they are used as @EmbeddedId.

What are the reasons for doing so in Hibernate?

Because the id might be used as a key in the 2nd-level cache entries.

If I do so, how can it be exploited?

An exploit is related to security and I’m not sure how Serializable might impact security. Try to elaborate.