...
In the absence of sensitive data, a class can be serialized by implementing the java.io.Serializable interface. By doing so, the class indicates that no security issues may result from the object's serialization. Note that any sub classes will also inherit this interface and will thus be serializable.
Not all classes can When serialization is unavoidable, it is still possible to have classes that cannot implement serializable. This condition is common when there are references to nonserializable non-serializable objects within the contained methods. The following compliant solution avoids this issue and also protects sensitive data members from getting serialized accidently. The basic idea is to declare the target member as transient so that it is not included in the list of fields to be serialized, whenever default serialization is being used.
...