If a class implements Externalizable, the readExternal and writeExternal methods have to must be provided. Unfortunately, these methods are public and thus , therefore, can be called by hostile code which can potentially overwrite the internal state of the object at any point during program execution.
...
This thread-safe solution allows the first caller to check the initialized flag following after which , the instance fields are populated. Finally, the flag is set to true so that the fields cannot be overwritten.
...