Classes that implement the Externalizable interface must provide the readExternal() and writeExternal() methods. These methods have package-private or public access, and so they can be called by trusted and untrusted code alike. Consequently, programs must ensure that these methods execute only when intended and that they cannot overwrite the internal state of objects at arbitrary points during program execution.
...
| Code Block | ||
|---|---|---|
| ||
public void readExternal(ObjectInput in)
throws IOException, ClassNotFoundException {
// Read instance fields
this.name = (String) in.readObject();
this.UID = in.readInt();
//...
}
|
...
| Code Block | ||
|---|---|---|
| ||
private final Object lock = new Object();
private boolean initialized = false;
public void readExternal(ObjectInput in)
throws IOException, ClassNotFoundException {
synchronized (lock) {
if (!initialized) {
// Read instance fields
this.name = (String) in.readObject();
this.UID = in.readInt();
//...
initialized = true;
} else {
throw new IllegalStateException();
}
}
}
|
...
Failure to prevent the overwriting of an externalizable objects object can corrupt the state of the object.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="611f9c963a93dec3-7aea01a9-4d934feb-9abf8946-adba9e6cdb0d2e81c5890f50"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7fafaf5c7b5d65a1-6ef8ac92-46f04e59-8d999504-6abd4b1ee6a4b16c44260b3d"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | Serialization Specification, A.7, Preventing Overwriting of Externalizable Objects | ]]></ac:plain-text-body></ac:structured-macro> |
...