Classes that implement the Externalizable interface must provide the readExternal() and writeExternal() methods. These methods have package access or are public, and so they can be called by trusted and hostile code alike. Consequently, programs must ensure that these methods execute only when intended, and that they cannot overwrite the internal state of objects at arbitrary points during program execution.
...
| Code Block | ||
|---|---|---|
| ||
private final Object lock = new Object();
private boolean initialized = false;
public void readExternal(ObjectInput in)
throws IOException, ClassNotFoundException {
synchronized (lock) {
if (!initialized) {
// Read instance fields
this.name = (String)in.readObject();
this.UID = in.readInt();
//...
initialized = true;
} else {
throw new IllegalStateException();
}
}
}
|
...