我们可以拒绝序列化的java对象,而不是给出transient关键字

前端之家收集整理的这篇文章主要介绍了我们可以拒绝序列化的java对象,而不是给出transient关键字前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我们可以通过使用transient关键字来避免序列化字段.
有没有其他的方法呢?

解决方法

http://java.sun.com/javase/6/docs/platform/serialization/spec/security.html

SUMMARY:Preventing Serialization of
Sensitive Data Fields containing
sensitive data should not be
serialized; doing so exposes their
values to any party with access to the
serialization stream. There are
several methods for preventing a field
from being serialized:

  1. Declare the field as private transient.
  2. Define the serialPersistentFields
    field of the class in question,and
    omit the field from the list of
    field descriptors.
  3. Write a class-specific serialization
    method (i.e.,writeObject or
    writeExternal) which does not write
    the field to the serialization
    stream (i.e.,by not calling
    ObjectOutputStream.defaultWriteObject).

这里有一些链接.

Declaring serialPersistenetFields.

Serialization architecture specification.

Security in Object Serialization.

原文链接:https://www.f2er.com/java/123859.html

猜你在找的Java相关文章