...
| Code Block | ||
|---|---|---|
| ||
public final class SecureCreditCard implements java.io.Serializable {
//private internal state
private String credit_card;
private static final String DEFAULT = "DEFAULT";
public SecureCreditCard() {
//initialize credit_card to default value
credit_card = DEFAULT;
}
//allows callers to modify (private) internal state
public void changeCC(String newCC) {
if (credit_card.equals(newCC)) {
// no change
return;
} else {
// check permissions to modify credit_card
performSecurityManagerCheck();
validateInput(newCC);
credit_card = newCC;
}
}
// readObject correctly enforces checks during deserialization
private readObject(java.io.ObjectInputStream in) {
defaultReadObject();
// if the deserialized name does not match the default value normally
// created at construction time, duplicate the checks
if (!DEFAULT.equals(credit_card)) {
performSecurityManagerCheck();
validateInput(credit_card);
}
}
// allows callers to retrieve internal state
public String getValue() {
// check permission to get value
securityManagerCheckperformSecurityManagerCheck();
return somePublicValue;
}
// writeObject correctly enforces checks during serialization
private void writeObject(java.io.ObjectOutputStream out) {
// duplicate check from getValue()
securityManagerCheckperformSecurityManagerCheck();
out.writeObject(credit_card);
}
}
|
...