1. The serialization proxy pattern is reasonably straightforward. First, design a private static nested class of the serializable class that concisely represents the logical state of an instance of the enclosing class. This nested class, known as the serialization proxy, should have a single constructor, whose parameter type is the enclosing class. This constructor merely copies the data from its argument: it need not do any consistency checking or defensive copying. By design, the default serialized form of the serialization proxy is the perfect serialized form of the enclosing class. Both the enclosing class and its serialization proxy must be declared to implement Serializable. Then add the following writeReplace method to the enclosing class:
// writeReplace method for the serialization proxy pattern private Object writeReplace() { return new SerializationProxy(this); }
The presence of this method causes the serialization system to emit a SerializationProxy instance instead of an instance of the enclosing class. In other words, the writeReplace method translates an instance of the enclosing class to its serialization proxy prior to serialization. With this writeReplace method in place, the serialization system will never generate a serialized instance of the enclosing class, but an attacker might fabricate one in an attempt to violate the class’s invariants. To guarantee that such an attack would fail, merely add this readObject method to the enclosing class:
// readObject method for the serialization proxy pattern private void readObject(ObjectInputStream stream) throws InvalidObjectException { throw new InvalidObjectException("Proxy required"); }
Finally, provide a readResolve method on the SerializationProxy class that returns a logically equivalent instance of the enclosing class. The presence of this method causes the serialization system to translate the serialization proxy back into an instance of the enclosing class upon deserialization. This readResolve method creates an instance of the enclosing class using only its public API. It largely eliminates the extralinguistic character of serialization, because the deserialized instance is created using the same constructors, static factories, and methods as any other instance.
2. There is another way in which the serialization proxy pattern is more powerful than defensive copying. The serialization proxy pattern allows the deserialized instance to have a different class from the originally serialized instance.
3. EnumSet has no public constructors, only static factories. From the client’s perspective, they return EnumSet instances, but in fact, they return one of two subclasses, depending on the size of the underlying enum type. If the underlying enum type has sixty-four or fewer elements, the static factories return a RegularEnumSet; otherwise, they return a JumboEnumSet:
// EnumSet's serialization proxy private static class SerializationProxy <E extends Enum<E>> implements Serializable { // The element type of this enum set. private final Class<E> elementType; // The elements contained in this enum set. private final Enum[] elements; SerializationProxy(EnumSet<E> set) { elementType = set.elementType; elements = set.toArray(EMPTY_ENUM_ARRAY); } private Object readResolve() { EnumSet<E> result = EnumSet.noneOf(elementType); for (Enum e : elements) result.add((E)e); return result; } private static final long serialVersionUID = 362491234563181265L; }
4. The serialization proxy pattern has two limitations. It is not compatible with classes that are extendable by their clients. Also, it is not compatible with some classes whose object graphs contain circularities: if you attempt to invoke a method on an object from within its serialization proxy’s readResolve method, you’ll get a ClassCastException, as you don’t have the object yet, only its serialization proxy.
相关推荐
目录如下: 1 Introduction 2 Creating and Destroying Objects Item 1: Consider static factory methods instead of constructors ...Item 90: Consider serialization proxies instead of serialized instances
此压缩包包含12个项目,每个项目都着重讲解Boost::Serialization一个方面的使用技巧,有详细的代码介绍具体使用方法。
C++基于Qt,OpenCV,Dlib的人脸识别GUI系统源码.windows上用Qt打开.pro运行即可 linux上需要重新编译人脸识别动态库,将facerecog.cpp加入工程 使用说明 GUI界面有四个按钮,对应按键的功能 展示 ...
.NET框架中,System.Xml.Serialization 命名空间包含着用来将对象序列化为XML的文本或流的对象。
feat: impl serialization for compiled expression by @killme2008 in #524, close #451 The expression serialize example fix: elsif parser by @killme2008 in #574, close #554 #566 (fix): check innerClazz ...
资源来自pypi官网。 资源全名:oslo.serialization-2.2.0.tar.gz
System.Runtime.Serialization.DLL
sirenix.serialization.dll
Qt5.15.2静态编译MSVC2019 32位 mysql opensll Release版,里面有个libmysql.dll动态库需放置程序运行目录中。
资源分类:Python库 所属语言:Python 资源全名:oslo.serialization-2.21.0-py2.py3-none-any.whl 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
Kotlin serialization consists of a compiler plugin, which automatically produces visitor code for classes, and runtime library, which uses generated code to serialize objects without reflection. ...
System.Runtime.Serialization.dll System.Runtime.Serialization.dll System.Runtime.Serialization.dll
hystrix-serialization-1.5.18.jar
Puzzle 78: Reflection Infection Puzzle 79: It's a Dog's Life Puzzle 80: Further Reflection Puzzle 81: Charred Beyond Recognition Puzzle 82: Beer Blast Puzzle 83: Dyslexic Monotheism Puzzle 84: Rudely ...
如何设置JWT 在应用程序的根目录中创建一个Procfile.dev并向其中添加以下行。 webpacker: ./bin/webpack-... ActionController::API include ::ActionController::Serialization respond_to :jsonend将以下gem添加到j
kotlinx-serialization-compiler-plugin.jar
要使用.NET进行对象的序列化,必须在解决方案中添加System.Xml的引用,并且在类文件中引入System.Xml.Serialization命名空间。这样就可以在文件中使用序列化所需要的各种特性了。 Imports System.Xml....
资源分类:Python库 所属语言:Python 资源全名:baiji-serialization-1.0.1.tar.gz 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
资源分类:Python库 所属语言:Python 资源全名:baiji-serialization-1.0.2.tar.gz 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059