...
| Code Block | ||
|---|---|---|
| ||
public class Ser implements Serializable {
private final long serialVersionUID = 123456789;
private Ser() {
// Initialize
}
public static void writeObject(final ObjectOutputStream stream)
throws IOException {
stream.defaultWriteObject();
}
public static void readObject(final ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
}
}
|
Similarly, omitting the static keyword is insufficient to make this example secure; Note that there are two things wrong with the signatures of writeObject() and readObject() in this Noncompliant Code Example: (1) the method is declared public instead of private, and (2) the method is declared static instead of non-static. Since the method signatures do not exactly match the required signatures, the JVM will not detect the two methods, resulting in failure to use the custom serialized form.
...