- 浏览: 728706 次
- 性别:
- 来自: 上海
文章分类
- 全部博客 (419)
- 杂软粉墨 (2)
- 创意灵感 (3)
- 经验记录 (137)
- 开源轨迹 (2)
- sip-communicator (2)
- 闲侃杂谈 (8)
- 问题交流 (24)
- 概念模式 (32)
- 难点备案 (5)
- JwChat (1)
- 中国象棋 (1)
- 教育探索 (6)
- 英语研究 (58)
- 星际争霸 (1)
- 电信知识 (1)
- 软件架构 (3)
- 哲学探索 (26)
- 算法灵魂 (8)
- 近视探索 (6)
- 数学数学 (3)
- 牛角钻尖 (23)
- 至强文言 (3)
- 数据结构 (1)
- 宇宙物理 (2)
- 网络架构 (3)
- 游戏领域 (4)
- 图形处理 (2)
- 修炼之路 (8)
- 读书天地 (20)
- 编解乱码 (2)
- 概念探索 (8)
- 格物致知 (1)
- 其它语言 (1)
- 测试领域 (3)
- 文化风流 (1)
- JQuery (1)
- 網頁領域 (1)
- Unix/Linux (1)
- Inside JVM (1)
- 异常分析 (1)
最新评论
-
suyujie:
引用
HTML <a> 标签灰显禁用 -
suyujie:
HTML <a> 标签灰显禁用 -
suyujie:
HTML <a> 标签灰显禁用 -
suyujie:
HTML <a> 标签灰显禁用 -
iamzhoug37:
您能说一下"局部变量不受文本顺序限制" 是 ...
声明前为什么能赋值却不能输出,都是使用
import java.io.ByteArrayInputStream; import java.io.InputStream; import java.io.ObjectInputStream; public class ElvisImpersonator { // Byte stream could not have come from real Elvis instance! private static final byte[] serializedForm = new byte[] { (byte) 0xac, (byte) 0xed, 0x00, 0x05, 0x73, 0x72, 0x00, 0x05, 0x45, 0x6c, 0x76, 0x69, 0x73, (byte) 0x84, (byte) 0xe6, (byte) 0x93, 0x33, (byte) 0xc3, (byte) 0xf4, (byte) 0x8b, 0x32, 0x02, 0x00, 0x01, 0x4c, 0x00, 0x0d, 0x66, 0x61, 0x76, 0x6f, 0x72, 0x69, 0x74, 0x65, 0x53, 0x6f, 0x6e, 0x67, 0x73, 0x74, 0x00, 0x12, 0x4c, 0x6a, 0x61, 0x76, 0x61, 0x2f, 0x6c, 0x61, 0x6e, 0x67, 0x2f, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3b, 0x78, 0x70, 0x73, 0x72, 0x00, 0x0c, 0x45, 0x6c, 0x76, 0x69, 0x73, 0x53, 0x74, 0x65, 0x61, 0x6c, 0x65, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x01, 0x4c, 0x00, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x74, 0x00, 0x07, 0x4c, 0x45, 0x6c, 0x76, 0x69, 0x73, 0x3b, 0x78, 0x70, 0x71, 0x00, 0x7e, 0x00, 0x02 }; public static void main(String[] args) { // Initializes ElvisStealer.impersonator and returns // the real Elvis (which is Elvis.INSTANCE) Elvis elvis = (Elvis) deserialize(serializedForm); Elvis impersonator = ElvisStealer.impersonator; elvis.printFavorites(); impersonator.printFavorites(); } // Returns the object with the specified serialized form private static Object deserialize(byte[] sf) { try { InputStream is = new ByteArrayInputStream(sf); ObjectInputStream ois = new ObjectInputStream(is); return ois.readObject(); } catch (Exception e) { throw new IllegalArgumentException(e); } } }
import java.io.ObjectStreamException; import java.io.Serializable; import java.util.Arrays; // Broken singleton - has nontransient object reference field! public class Elvis implements Serializable { public static final Elvis INSTANCE = new Elvis(); private Elvis() { } private String[] favoriteSongs = { "Hound Dog", "Heartbreak Hotel" }; public void printFavorites() { System.out.println(Arrays.toString(favoriteSongs)); } private Object readResolve() throws ObjectStreamException { return INSTANCE; } }
import java.io.Serializable; public class ElvisStealer implements Serializable { static Elvis impersonator; private Elvis payload; private Object readResolve() { // Save a reference to the "unresolved" Elvis instance impersonator = payload; // Return an object of correct type for favorites field return new String[] { "A Fool Such as I" }; } private static final long serialVersionUID = 0; }
from effective java 2nd Item 77
it prints out:
[Hound Dog, Heartbreak Hotel]
[A Fool Such as I]
and try to figure out why it prints [A Fool Such as I].
answer: as when it is being deserialized, the Elvis class is chosed to be instantiated, and its non-transient field favoriteSongs has been changed to [A Fool Such as I].
yes, the detailed question is why it still prints out: [Hound Dog, Heartbreak Hotel], hasn't the field favoriteSongs been totally replaced by [A Fool Such as I] ? and what did it steal?
here's a little bit complementary explanation:
It is often convenient to serialize objects for convenient communication or to save them for later use. However, deserialized data or code can often be modified without using the provided accessor functions if it does not use cryptography to protect itself. Furthermore, any cryptography would still be client-side security - which is of course a dangerous security assumption.
An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the non-transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
The opposite operation of the serialization is called deserialization i.e. to extract the data from a series of bytes is s known as deserialization which is also called inflating or unmarshalling .
The given program shows how to read any data or contents from the serialized object or file. It takes a file name and then converts into java object. If any exception occurs during reading the serialized file, it is caught in the catch block.
In computer science , in the context of data storage and transmission, serialization is the process of converting a data structure or object into a format that can be stored (for example, in a file or memory buffer, or transmitted across a network connection link) and "resurrected" later in the same or another computer environment.[ 1] When the resulting series of bits is reread according to the serialization format, it can be used to create a semantically identical clone of the original object. For many complex objects, such as those that make extensive use of references , this process is not straightforward.
This process of serializing an object is also called deflating or marshalling an object.[ 2] The opposite operation, extracting a data structure from a series of bytes, is deserialization (which is also called inflating or unmarshalling ).
发表评论
-
NullPointerException in ternary operator
2013-01-19 00:01 1072java代码: Integer i = null; ... -
why concrete class must implement abstract method while abstract class need not
2011-05-11 13:27 1473yes, just as the title...why co ... -
why can inner class be instantiated in this way?
2011-04-06 10:24 969public class Outer { pub ... -
into native source code
2011-03-23 23:09 909once there was a problem occurr ... -
about Thread.join method
2011-03-23 08:09 1228import java.util.Timer; import ... -
why is static inner class singleton thread safe?
2011-03-15 09:03 1418http://en.wikipedia.org/wiki/In ... -
why string concatenation yields no interned one
2011-03-14 16:48 1082public class Test { public st ... -
why can bit mask suppress sign extention
2011-03-10 09:16 1140yes, bit mask can suppress sign ... -
About gc two objects which are inter referenced to each other
2011-03-08 11:00 998my workmate told me such a sena ... -
circumvents exception checking
2011-03-03 11:02 928import java.io.IOException; ... -
关于维基中singleton pattern的一段
2011-02-24 10:00 1062Another notable difference is t ... -
why List hasn't clone method but the ArrayList has
2011-02-16 15:27 1125List list = new ArrayList(); ... -
deep copy
2011-02-16 15:20 978static public Object deepCopy(O ... -
Java is Pass-by-Value
2011-02-14 13:28 1031This often heard saying is not ... -
不是说字符串不可变吗
2011-02-14 11:28 866from csdn: http://topic.csdn.ne ... -
没有实现抽象方法的具体类居然编译通过了
2011-02-04 22:29 934来自csdn: http://topic.csdn.net/ ... -
关于iterator的fail-fast
2011-01-20 11:15 955是使用集合的iterator后,再改变就可能抛出这个异常 ... -
生成几个String的问题
2011-01-11 16:26 979public class Test extends java. ... -
无符号右移>>>
2011-01-11 15:46 2306public class Test { public st ... -
Struts2之log信息不出的问题
2010-12-30 11:18 2968刚开始学习Struts2的时候,用的是maven方式,但是却不 ...
相关推荐
离线安装包,亲测可用
Java ---- enum --- 枚举类案例
opc enum 32_64安装包
资源分类:Python库 所属语言:Python 资源全名:enum34-1.1.3-py2.py3-none-any.whl 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
资源分类:Python库 所属语言:Python 资源全名:enum34-0.9.1.tar.gz 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
资源分类:Python库 所属语言:Python 资源全名:aenum-2.0.1-py2-none-any.whl 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
资源分类:Python库 所属语言:Python 资源全名:django-enumfields-0.8.0.tar.gz 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
python库。 资源全名:named_enum-1.1.0.tar.gz
官方离线安装包,亲测可用。使用rpm -ivh [rpm完整包名] 进行安装
maven-properties-enum-plugin-1.0.1.jar
资源来自pypi官网。 资源全名:cpp-enum-class-string-idl-0.0.1.tar.gz
资源来自pypi官网。 资源全名:aenum-1.2.1.tar.gz
官方离线安装包,亲测可用。使用rpm -ivh [rpm完整包名] 进行安装
资源全名:aenum-2.0.10-py3-none-any.whl
资源来自pypi官网。 资源全名:aenum-2.0.6-py2-none-any.whl
资源来自pypi官网。 资源全名:data_enum-2.0.1-py3-none-any.whl