Lesezeichen  1

  •  

    public class User implements Serializable { //class attributes, constructors, setters and getters as shown above /** * Always treat de-serialization as a full-blown constructor, by validating the final state of the de-serialized object. */ private void readObject(ObjectInputStream aInputStream) throws ClassNotFoundException, IOException { // perform the default de-serialization first aInputStream.defaultReadObject(); // make defensive copy of the mutable Date field dateOpened = new Date(dateOpened.getTime()); // ensure that object state has not been corrupted or tampered with malicious code //validateUserInfo(); } /** * This is the default implementation of writeObject. Customize as necessary. */ private void writeObject(ObjectOutputStream aOutputStream) throws IOException { //ensure that object is in desired state. Possibly run any business rules if applicable. //checkUserInfo(); // perform the default serialization for all non-transient, non-static fields aOutputStream.defaultWriteObject(); } }
    vor 5 Jahren von @jil
     
     
  • ⟨⟨
  • 1
  • ⟩⟩