1. The readObject method is effectively another public constructor, and it demands all of the same care as any other constructor. Just as a constructor must check its arguments for validity and make defensive copies of parameters where appropriate so must a readObject method.
2. The problem arises when readObject is presented with a byte stream that is artificially constructed to generate an object that violates the invariants of its class.
3. When an object is deserialized, it is critical to defensively copy any field containing an object reference that a client must not possess. Note that the defensive copy should be performed prior to the validity check.
4. Do not use the writeUnshared and readUnshared methods. They are typically faster than defensive copying, but they don’t provide the necessary safety guarantee.
5. There is one other similarity between readObject methods and constructors, concerning nonfinal serializable classes. A readObject method must not invoke an overridable method, directly or indirectly. If this rule is violated and the method is overridden, the overriding method will run before the subclass’s state has been deserialized. A program failure is likely to result.
6. Here, in summary form, are the guidelines for writing a bulletproof readObject method:
1) For classes with object reference fields that must remain private, defensively copy each object in such a field. Mutable components of immutable classes fall into this category.
2) Check any invariants and throw an InvalidObjectException if a check fails. The checks should follow any defensive copying.
3) If an entire object graph must be validated after it is deserialized, use the ObjectInputValidation interface.
4) Do not invoke any overridable methods in the class, directly or indirectly.
相关推荐
Item 88: Write readObject methods defensively Item 89: For instance control, prefer enum types to readResolve Item 90: Consider serialization proxies instead of serialized instances
CArchive的 和>> 操作符用于简单数据类型的读写,对于CObject派生类的对象的存取要使用ReadObject()和WriteObject()。使用CArchive的ReadClass()和WriteClass()还可以进行类的读写,如: //存储CAboutDlg类 ...
KryoCocoa 是 Kryo 高性能 Java 序列化框架的 Objective-C 移植版本,兼容 Java 版本...SomeClass *someObject = [kryo readObject:input ofClass:[SomeClass class]]; [input close]; 标签:KryoCocoa
java实验1-实现搜索引擎的倒排索引数据结构 实验1知识点: 集合类的使用如ArrayList,HashMap ◦对这些集合类的操作包括...具体使用方法,请见hust.cs.javacourse.search.util.FileUtils类的read方法和write方法 设计
(4) 运用反序列化手段,调用java.io.ObjectInputStream对象的 readObject()方法。 1.new方法显式调用构造方法; 2.反射方法无论是反射类还是反射构造方法都是通过构造方法构建对象; 3.通过对一个原有对象...
at org.bouncycastle.openssl.PEMReader.readObject(Unknown Source) at org.whispersystems.textsecuregcm.push.RetryingApnsClient.initializePrivateKey(RetryingApnsClient.java:135) at org.whispersystems....
今天在国外网站上淘到一个很好用的AS3的BASE64类 感觉写得简洁而强大。很好,赶快放上来。 调用代码: ... //编码和解码字符串 ... readObject (); trace ( obj . name + "(" + obj . url + ")" );
write/readObject fast-fail subList iterator forEach sort removeIf Vector different with ArrayList 2018/3/26 ChangeLogs LinkedList ctor-2 addFirst addLast addAll add indexOf lastIndexOf peek 获取第一个...
C ++的字节数组序列化 描述 用于C ++类或任何类型数据的多用途字节数组序列化库。 这个库提供了一种方法,可以轻松地序列化用于网络目的的类或将它们保存到二进制文件中(即使在这种情况下您最好使用json或xml) ...
JSONObject obj = JSON.readObject(json, true); // Second argument is whether or not to print errors第二个是使用字符串: String json = "...";JSONObject obj;try (JSONInputStream in = new JSONInputStream...
支持AS3的ByteArray序列化对象的AMF格式编码、解码( readObject、writeObject )。 支持AS3的ByteArray的compress、uncompress压缩算法:DEFLATE、LZIB、LZMA。 支持直接修改AS3的ByteArray字节流内编码的对象。 ...
支持AS3的ByteArray序列化对象的AMF格式编码、解码( readObject、writeObject )。 支持AS3的ByteArray的compress、uncompress压缩算法:DEFLATE、LZIB、LZMA。 支持直接修改AS3的ByteArray字节流内编码的对象。 ...
修改了 ReadObject方法,经过测试.出于性能的考虑和使用的方便 内部采用了DataContractSerializer 序列化. bool ReadObject(out object obj) 变成了bool ReadObject(out T obj); 继承与FormatClassAttibutes的数据包...
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1297) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351) at theqq.server$MyThread.run(server.java:157)
kaishi = (游戏类) savewan1.readObject(); wan2 = (用户类) savewan2.readObject(); savewan1.close(); savewan2.close(); } catch (ClassNotFoundException e) { System.out.println("类型...
Kryo 是一个快速高效的Java对象图形序列...SomeClass someObject = kryo.readObject(input, SomeClass.class); input.close();API文档:http://tool.oschina.net/apidocs/apidoc?api=kyro-2.21 标签:Kryo
1、 java.util.HashMap 重写了 readObject 方法: 2、 java.net.URL 对象的 hashCode 在计算时会调用 get
static methods的形 式呈現,例如 sort() , max(), min(), copy(), fill()。圖 5是兩個運用實例,其 語法和 C++完全相同:使用 generic algorithms時並不需要以角括號( )為「參 數化型別」做任何具體指定。這...
protected boolean write(List<T> list, File file) { FileOutputStream fos = null; ObjectOutputStream oos = null; try { fos = new FileOutputStream(file); oos = new ObjectOutputStream(fos); oos....