The serialization proxy pattern is reasonably straightforward. First design a private static nested class of the serializable class. This nested class, known as the serialization proxy, should have a single constructor, whose parameter type is the enclosing class. This constructor merely copies the data from its argument: it need not do any consistency checking or defensive copying. By design, the default serialized form of the serialization proxy is the perfect serialized form of the enclosing class. Both the enclosing class and its serialization proxy must be declared to implement Serialible.
private Object writeReplace(){
return new SerializationProxy(this);
}
The presence of this method causes the serialization system to emit a SerilizationProxy instance instead of an instance of the enclosing class. In other words, the writeReplace method translates an instance of the enclosing class to its serialization proxy prior to serialization.
With the writeReplace method in place, the serialization system will never generate a serialized instance of the enclosing class, but an attacker might fabricate one in an attempt to violate the class's invariants. To guarantee that such an attack would fail, merely add this readObject method to the enclosing class:
private void readObject(ObjectInputStream stream) throws InvalidObjectException{
throw new InvalidObjectException("Proxy required");
}
Finally, provide a readResolve method on the SerializationProxy class that returns a logically equivalent instance of the enclosing class. The presence of this method causes the serialization system to translate the serialization proxy back into an enclosing class upon deserialization.
This readResolve method creates an instance of the enclosing class using only its public API, and therein lies the beauty of the pattern. It largely eliminates the extralinguistic character of serialization, because the deserialized instance is created using the same constructors, static factories, and methods as any other instance. This fees you from having to separately ensure that deserialized instances obey the class's invariants. If the class's static factories or constructors establish these invariants, and its instance methods maintain them, you've ensured that the invariants will be maintained by serializaiton as well.
Here is the readResolve method for Period.SerializationProxy above:
private Object readResolve(){
return new Period(start,end);
}
In summary, consider the serialization proxy pattern whenever you find yourself having to write a readObject or writeObject method on a class that is not extendable by its clients. This pattern is perhaps the easiest way to robustly serialize objects with nontrivial invariants.
分享到:
相关推荐
目录如下: 1 Introduction 2 Creating and Destroying Objects Item 1: Consider static factory methods instead of constructors ...Item 90: Consider serialization proxies instead of serialized instances
《深入理解System.Runtime.Serialization.DLL及其在.NET框架中的作用》 在.NET框架中,`System.Runtime.Serialization`命名空间是处理序列化和反序列化的核心组件,而`System.Runtime.Serialization.dll`则是这个...
sirenix.serialization.dll
kotlinx-serialization-compiler-plugin.jar
Kotlin serialization consists of a compiler plugin, which automatically produces visitor code for classes, and runtime library, which uses generated code to serialize objects without reflection. ...
放在bin文件夹 解决 System.Runtime.Serialization.Json无法引用的问题
**PyPI 官网下载 | oslo.serialization-2.2.0.tar.gz** PyPI(Python Package Index)是Python开发者获取和分享开源软件包的主要平台。`oslo.serialization` 是一个在PyPI上发布的Python库,它专注于数据序列化和反...
hystrix-serialization-1.5.18.jar
Boost.Serialization库是C++社区广泛使用的序列化工具,它提供了丰富的功能来处理各种类型的对象,包括智能指针。在C++11及更高版本中,智能指针(如`std::unique_ptr`,`std::shared_ptr`和`std::scoped_ptr`)被...
Boost::Serialization是C++库中的一个模块,它提供了一种序列化和反序列化对象的能力。这个库使得能够将复杂的C++对象结构保存到文件、数据库或者网络流中,然后在需要时重新加载,这对于数据持久化、版本控制以及跨...
【Kotlinx.Serialization详解】 Kotlinx.Serialization是一个强大的开源库,专门为Kotlin编程语言提供了跨平台的序列化解决方案。这个库允许开发者将数据对象转换成字节流或JSON等不同格式,反之亦然,这对于数据...
.net2.0版本的json操作类 ...System.Web.Script.Serialization的json操作类,位于3.0以上的System.Web.Extensions类库中. 本项目是从System.Web.Extensions中剥离出System.Web.Script.Serialization的完整项目
akka-kryo-serialization, 基于Kryo的Akka序列化 akka-kryo-serialization-- Scala 和Akka基于kryo的序列化程序这个库为 Scala 和Akka提供定制的基于kryo的序列化程序。 它可以用于更高效的akka远程处理。它还可以...
数据的序列化和反序列化 Serialization DeSerialization
- 整个代码由一个头文件组成 json.hpp,没有子项目,没有依赖关系,没有复杂的构建系统,使用起来非常方便 - 语法直观,就像写普通的c++代码 - 不止用起来似c++习惯和风格,更是使用 C++ 11 标准编写 ...
Installation and use of of cereal is fully documented on the main web page, but this is a quick and dirty version: Download cereal and place the headers somewhere your code can see them Write ...
Fast-serialization,也叫FST(Faster Simple SerializationFast-serialization,也叫FST(Faster Simple Serialization),是一个Java快速对象序列化的开发包。这个库的设计目标是提供比JDK原生序列化更快的速度和...
资源分类:Python库 所属语言:Python 资源全名:oslo.serialization-2.21.0-py2.py3-none-any.whl 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059