CONTENTS | PREV | NEXT | Java Object Serialization Specification |
For serializable objects, thereadObjectNoData
method allows a class to control the initialization of its own fields in the event that a subclass instance is deserialized and the serialization stream does not list the class in question as a superclass of the deserialized object. This may occur in cases where the receiving party uses a different version of the deserialized instance's class than the sending party, and the receiver's version extends classes that are not extended by the sender's version. This may also occur if the serialization stream has been tampered; hence,readObjectNoData
is useful for initializing deserialized objects properly despite a "hostile" or incomplete source stream.private void readObjectNoData() throws ObjectStreamException;Each serializable class may define its ownreadObjectNoData
method. If a serializable class does not define areadObjectNoData
method, then in the circumstances listed above the fields of the class will be initialized to their default values (as listed in section 4.5.5 of The JavaTM Language Specification, Second Edition); this behavior is consistent with that ofObjectInputStream
prior to version 1.4 of the JavaTM 2 SDK, Standard Edition, when support forreadObjectNoData
methods was introduced. If a serializable class does define areadObjectNoData
method and the aforementioned conditions arise, thenreadObjectNoData
will be invoked at the point during deserialization when a class-definedreadObject
method would otherwise be called had the class in question been listed by the stream as a superclass of the instance being deserialized.