Chap11 (2)
04 (515)
Forsyth negocjator
Terry Pratchett Witches Abroad v1.1
Chalker Jack L Zmierzch przy Studni Dusz
Lackey Mercedes Cena magii
abc.com.pl 9
Silm6
Issac Asimov Fundacja (4)
[ Pobierz całość w formacie PDF ]
.[ Add Comment ]One way to prevent sensitive parts ofyour object from being serialized is to implement your class asExternalizable, as shown previously.Then nothing is automaticallyserialized and you can explicitly serialize only the necessary parts insidewriteExternal( ).[ Add Comment ]If you’re working with aSerializable object, however, all serialization happens automatically.Tocontrol this, you can turn off serialization on a field-by-field basis using thetransientkeyword, which says “Don’t bother saving or restoringthis—I’ll take care of it.”[ Add Comment ]For example, consider a Loginobject that keeps information about a particular login session.Supposethat, once you verify the login, you want to store the data, but without thepassword.The easiest way to do this is by implementingSerializable and marking the passwordfield as transient.Here’s what it looks like://: c11:Logon.java// Demonstrates the "transient" keyword.import java.io.*;import java.util.*;public class Logon implements Serializable {private Date date = new Date();private String username;private transient String password;Logon(String name, String pwd) {username = name;password = pwd;}public String toString() {String pwd =(password == null) ? "(n/a)" : password;return "logon info: \n " +"username: " + username +"\n date: " + date +"\n password: " + pwd;}public static void main(String[] args)throws IOException, ClassNotFoundException {Logon a = new Logon("Hulk", "myLittlePony");System.out.println( "logon a = " + a);ObjectOutputStream o =new ObjectOutputStream(new FileOutputStream("Logon.out"));o.writeObject(a);o.close();// Delay:int seconds = 5;long t = System.currentTimeMillis()+ seconds * 1000;while(System.currentTimeMillis() < t);// Now get them back:ObjectInputStream in =new ObjectInputStream(new FileInputStream("Logon.out"));System.out.println("Recovering object at " + new Date());a = (Logon)in.readObject();System.out.println( "logon a = " + a);}} ///:~You can see that the date andusername fields are ordinary (not transient), and thus areautomatically serialized.However, the password is transient, andso is not stored to disk; also the serialization mechanism makes no attempt torecover it.The output is:[ Add Comment ]logon a = logon info:username: Hulkdate: Sun Mar 23 18:25:53 PST 1997password: myLittlePonyRecovering object at Sun Mar 23 18:25:59 PST 1997logon a = logon info:username: Hulkdate: Sun Mar 23 18:25:53 PST 1997password: (n/a)When the object is recovered, thepassword field is null.Note that toString( ) mustcheck for a null value of password because if you try to assemblea String object using the overloaded ‘+’ operator, andthat operator encounters a null reference, you’ll get aNullPointerException.(Newer versions of Java might contain code to avoidthis problem.)[ Add Comment ]You can also see that the datefield is stored to and recovered from disk and not generated anew.[ Add Comment ]Since Externalizable objects donot store any of their fields by default, the transient keyword is foruse with Serializable objects only.[ Add Comment ]An alternative to ExternalizableIf you’re not keen on implementingthe Externalizable interface, there’sanother approach.You can implement the Serializable interface and add(notice I say “add” and not “override” or“implement”) methods calledwriteObject( ) andreadObject( ) thatwill automatically be called when the object is serialized and deserialized,respectively.That is, if you provide these two methods they will be usedinstead of the default serialization [ Pobierz całość w formacie PDF ]
