`
z_wang
  • 浏览: 4883 次
最近访客 更多访客>>
社区版块
存档分类
最新评论

Consider serialization proxies instead of serialized instances

    博客分类:
  • Java
 
阅读更多
The serialization proxy pattern is reasonably straightforward. First design a private static nested class of the serializable class. This nested class, known as the serialization proxy, should have a single constructor, whose parameter type is the enclosing class. This constructor merely copies the data from its argument: it need not do any consistency checking or defensive copying. By design, the default serialized form of the serialization proxy is the perfect serialized form of the enclosing class. Both the enclosing class and its serialization proxy must be declared to implement Serialible.

private Object writeReplace(){
    return new SerializationProxy(this);
}


The presence of this method causes the serialization system to emit a SerilizationProxy instance instead of an instance of the enclosing class. In other words, the writeReplace method translates an instance of the enclosing class to its serialization proxy prior to serialization.

With the writeReplace method in place, the serialization system will never generate a serialized instance of the enclosing class, but an attacker might fabricate one in an attempt to violate the class's invariants. To guarantee that such an attack would fail, merely add this readObject method to the enclosing class:

private void readObject(ObjectInputStream stream) throws InvalidObjectException{
    throw new InvalidObjectException("Proxy required");
}


Finally, provide a readResolve method on the SerializationProxy class that returns a logically equivalent instance of the enclosing class. The presence of this method causes the serialization system to translate the serialization proxy back into an enclosing class upon deserialization.

This readResolve method creates an instance of the enclosing class using only its public API, and therein lies the beauty of the pattern. It largely eliminates the extralinguistic character of serialization, because the deserialized instance is created using the same constructors, static factories, and methods as any other instance. This fees you from having to separately ensure that deserialized instances obey the class's invariants. If the class's static factories or constructors establish these invariants, and its instance methods maintain them, you've ensured that the invariants will be maintained by serializaiton as well.

Here is the readResolve method for Period.SerializationProxy above:
private Object readResolve(){
    return new Period(start,end);
}


In summary, consider the serialization proxy pattern whenever you find yourself having to write a readObject or writeObject method on a class that is not extendable by its clients. This pattern is perhaps the easiest way to robustly serialize objects with nontrivial invariants.
分享到:
评论

相关推荐

    Effective Java 3rd edition(Effective Java第三版英文原版)附第二版

    目录如下: 1 Introduction 2 Creating and Destroying Objects Item 1: Consider static factory methods instead of constructors ...Item 90: Consider serialization proxies instead of serialized instances

    System.Runtime.Serialization.DLL.zip

    《深入理解System.Runtime.Serialization.DLL及其在.NET框架中的作用》 在.NET框架中,`System.Runtime.Serialization`命名空间是处理序列化和反序列化的核心组件,而`System.Runtime.Serialization.dll`则是这个...

    sirenix.serialization.dll

    sirenix.serialization.dll

    kotlinx-serialization-compiler-plugin.jar

    kotlinx-serialization-compiler-plugin.jar

    Android代码-kotlinx.serialization

    Kotlin serialization consists of a compiler plugin, which automatically produces visitor code for classes, and runtime library, which uses generated code to serialize objects without reflection. ...

    System.Runtime.Serialization.dll

    放在bin文件夹 解决 System.Runtime.Serialization.Json无法引用的问题

    PyPI 官网下载 | oslo.serialization-2.2.0.tar.gz

    **PyPI 官网下载 | oslo.serialization-2.2.0.tar.gz** PyPI(Python Package Index)是Python开发者获取和分享开源软件包的主要平台。`oslo.serialization` 是一个在PyPI上发布的Python库,它专注于数据序列化和反...

    hystrix-serialization-1.5.18.jar

    hystrix-serialization-1.5.18.jar

    C++11 下使用 Boost.Serialization 库实现智能指针的序列化

    Boost.Serialization库是C++社区广泛使用的序列化工具,它提供了丰富的功能来处理各种类型的对象,包括智能指针。在C++11及更高版本中,智能指针(如`std::unique_ptr`,`std::shared_ptr`和`std::scoped_ptr`)被...

    Boost::Serialization存储C++对象

    Boost::Serialization是C++库中的一个模块,它提供了一种序列化和反序列化对象的能力。这个库使得能够将复杂的C++对象结构保存到文件、数据库或者网络流中,然后在需要时重新加载,这对于数据持久化、版本控制以及跨...

    kotlinx.serialization,Kotlin跨平台/多格式序列化.zip

    【Kotlinx.Serialization详解】 Kotlinx.Serialization是一个强大的开源库,专门为Kotlin编程语言提供了跨平台的序列化解决方案。这个库允许开发者将数据对象转换成字节流或JSON等不同格式,反之亦然,这对于数据...

    System.Web.Script.Serialization.7z

    .net2.0版本的json操作类 ...System.Web.Script.Serialization的json操作类,位于3.0以上的System.Web.Extensions类库中. 本项目是从System.Web.Extensions中剥离出System.Web.Script.Serialization的完整项目

    akka-kryo-serialization, 基于Kryo的Akka序列化.zip

    akka-kryo-serialization, 基于Kryo的Akka序列化 akka-kryo-serialization-- Scala 和Akka基于kryo的序列化程序这个库为 Scala 和Akka提供定制的基于kryo的序列化程序。 它可以用于更高效的akka远程处理。它还可以...

    序列化和反序列化 Serialization

    数据的序列化和反序列化 Serialization DeSerialization

    JsonSerialization.hpp

    - 整个代码由一个头文件组成 json.hpp,没有子项目,没有依赖关系,没有复杂的构建系统,使用起来非常方便 - 语法直观,就像写普通的c++代码 - 不止用起来似c++习惯和风格,更是使用 C++ 11 标准编写 ...

    A C++11 library for serialization

    Installation and use of of cereal is fully documented on the main web page, but this is a quick and dirty version: Download cereal and place the headers somewhere your code can see them Write ...

    Fast-serialization 也叫FST ava快速对象序列化的开发包

    Fast-serialization,也叫FST(Faster Simple SerializationFast-serialization,也叫FST(Faster Simple Serialization),是一个Java快速对象序列化的开发包。这个库的设计目标是提供比JDK原生序列化更快的速度和...

    Python库 | oslo.serialization-2.21.0-py2.py3-none-any.whl

    资源分类:Python库 所属语言:Python 资源全名:oslo.serialization-2.21.0-py2.py3-none-any.whl 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059

Global site tag (gtag.js) - Google Analytics