Skip to main content

What are the precautions for implementing Serializable?

In Effective Java Programming Language Guide, Joshua Bloch wrote many thoughts about serialization. Here is a summary of some precautions recommended:
  • If you do not get to the effort to design a custom serialized form, but merely accept the default, the class's private and package instance fields becomes part of its exported API. In this way, it decreases the flexibility to change a class's implementation once it has been released.
  • Serial versions UIDs are automatically generated based on the name of the class, the names of their interfaces, and of all public and protected members. If a change is made to the class but you do not provide a custom serial UID the compatibility will be broken.
  • Serialization is a extralinguistic mechanism, deserialization is a hidden constructor. All the invariants for an object should be checked in the process of deserializing an object, as a constructor would do.
  • Classes design for inheritance should rarely implement serializable. Doing otherwise places a burden into the programmer extending the class.
  • Inner classes should rarely implement Serializable. Their synthetics fields and names are not specified.
  • The default serialization process deals with the physical representation of an object. It also describes the topology of the objects referenced from the object to be serialized. But what is really important to serialize is the logical data of the object.
  • Disadvantages of using the default serialization when the physical representation of an object differs greatly form the logical:
    • It permanently ties the exported API to the internal representation
    • It can consume excessive time or space
    • it can overflows.
  • A stream of bytes to be deserialized could have been tampered with to change the immutability of an object, or to provide references to private data. This is a security risk. To avoid it, checks the validity (invariants) of the deserialized object within the readObject method. Also is critical to defensively copy any field containing an object reference that a client must not posses.
  • Typesafe enum and singletons should use readResolve to ensure their characteristics when deserialized.

Click below links to know more
Labels:

Comments

  1. AnonymousAugust 17, 2010 at 1:39 AM

    this is a very interesting article thank you
    http://www.thejavacode.com

    ReplyDelete

Post a Comment

Popular posts from this blog

WebSphere MQ Interview Questions

What is MQ and what does it do? Ans. MQ stands for MESSAGE QUEUEING. WebSphere MQ allows application programs to use message queuing to participate in message-driven processing. Application programs can communicate across different platforms by using the appropriate message queuing software products. What is Message driven process? Ans . When messages arrive on a queue, they can automatically start an application using triggering. If necessary, the applications can be stopped when the message (or messages) have been processed. What are advantages of the MQ? Ans. 1. Integration. 2. Asynchrony 3. Assured Delivery 4. Scalability. How does it support the Integration? Ans. Because the MQ is independent of the Operating System you use i.e. it may be Windows, Solaris,AIX.It is independent of the protocol (i.e. TCP/IP, LU6.2, SNA, NetBIOS, UDP).It is not required that both the sender and receiver should be running on the same platform What is Asynchrony? Ans. With messag...
11 comments
Continue Reading >>>>

WebSphere MQ Interview Questions

What is MQ and what does it do? Ans. MQ stands for MESSAGE QUEUEING. WebSphere MQ allows application programs to use message queuing to participate in message-driven processing. Application programs can communicate across different platforms by using the appropriate message queuing software products. What is Message driven process? Ans . When messages arrive on a queue, they can automatically start an application using triggering . If necessary, the applications can be stopped when the message (or messages) have been processed. What are advantages of the MQ? Ans. 1. Integration. 2. Asynchrony 3. Assured Delivery 4. Scalability. How does it support the Integration? Ans . Because the MQ is independent of the Operating System you use i.e. it may be Windows, Solaris,AIX.It is independent of the protocol (i.e. TCP/IP, LU6.2, SNA, NetBIOS, UDP).It is not required that both the sender and receiver should be running on the same platform What is Asynchrony? Ans. With message queuing, the ex...
Post a Comment
Continue Reading >>>>

WebSphere MQ Series Tutorial

MQ Series : - It is an IBM web sphere product which is evolved in 1990’s. MQ series does transportation from one point to other. It is an EAI tool (Middle ware) VERSIONS :-5.0, 5.1, 5.3, 6.0, 7.0(new version). The currently using version is 6.2 Note : - MQ series supports more than 35+ operating systems. It is platform Independent. For every OS we have different MQ series software’s. But the functionality of MQ series Default path for installing MQ series is:- C: programfiles\IBM\Eclipse\SDK30 C: programfiles\IBM\WebsphereMQ After installation it will create a group and user. Some middleware technologies are Tibco, SAP XI. MQ series deals with two things, they are OBJECTS, SERVICES. In OBJECTS we have QUEUES CHANNELS PROCESS AUTHENTICATION QUERY MANAGER. In SERVICES we have LISTENERS. Objects : - objects are used to handle the transactions with the help of services. QUEUE MANAGER maint...
1 comment
Continue Reading >>>>