站内搜索: 请输入搜索关键词
当前页面: 在线文档首页 > JDK 5 Documentation v1.4.1, Java 2 SDK 英文文档

Java Object Serialization Specification: - Security in Object Serialization - JDK 5 Documentation v1.4.1, Java 2 SDK 英文文档

CONTENTS | PREV | NEXT Java Object Serialization Specification


A.7 Preventing Overwriting of Externalizable Objects

Objects which implement the Externalizable interface must provide a public readExternal method. Since this method is public, it can be called at arbitrary times by anyone with access to the object. To prevent overwriting of the object's internal state by multiple (illegal) calls to readExternal, implementors may choose to add checks to insure that internal values are only set when appropriate:

    public synchronized void readExternal(ObjectInput in)
        throws IOException, ClassNotFoundException
    {
        if (! initialized) {
            initialized = true;

            // read in and set field values ...
        } else {
            throw new IllegalStateException();
        }
    }



CONTENTS | PREV | NEXT
Copyright © 1997-2001 Sun Microsystems, Inc. All Rights Reserved.