Java Reference
In-Depth Information
to know the order in which to invoke
get
you can use
get
or
put
to access
fields in any order any number of times.
20.8.7. The
Externalizable
Interface
The
Externalizable
interface extends
Serializable
. A class that imple-
ments
Externalizable
takes complete control over its serialized state, as-
suming responsibility for all the data of its superclasses, any versioning
issues, and so on. You may need this, for example, when a repository
for serialized objects mandates restrictions on the form of those objects
that are incompatible with the provided serialization mechanism. The
Externalizable
interface has two methods:
public interface Externalizable extends Serializable {
void writeExternal(ObjectOutput out)
throws IOException;
void readExternal(ObjectInput in)
throws IOException, ClassNotFoundException;
}
These methods are invoked when the object is serialized and deserial-
ized, respectively. They are normal public methods, so the exact type of
the object determines which implementation will be used. Subclasses of
an externalizable class will often need to invoke their superclass's imple-
mentation before serializing or deserializing their own statein contrast
to classes that use normal serialization.
You should note that the methods of the interface are public and so
can be invoked by anyone at anytime. In particular, a malicious pro-
gram might invoke
readExternal
to make an object overwrite its state
from some serialized stream, possibly with invented content. If you are
designing classes where such security counts you have to take this into
account either by not using
Externalizable
or by writing your
readExtern-
al
method to be only invoked once, and never at all if the object was
created via one of your constructors.
