...
| Code Block | ||
|---|---|---|
| ||
public void readExternal(ObjectInput in)
throws IOException, ClassNotFoundException {
// Read instance fields
this.name = (String)in.readObject();
this.UID = in.readInt();
//...
}
|
...
This compliant solution protects against multiple initialization through the use of a Boolean flag that is set after the instance fields have been populated. It also protects against race conditions by synchronizing on a private lock object (see rule LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code).
| Code Block | ||
|---|---|---|
| ||
private final Object lock = new Object();
private boolean initialized = false;
public void readExternal(ObjectInput in)
throws IOException, ClassNotFoundException {
synchronized (lock) {
if (!initialized) {
// Read instance fields
this.name = (String)in.readObject();
this.UID = in.readInt();
//...
initialized = true;
} else {
throw new IllegalStateException();
}
}
}
|
Note that this compliant solution is insufficient inadequate to protect sensitive data.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="81e0587b1a20491c-921500b4-45104ef5-866aafbd-05fe7bb40a9951d16f930f14"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ef61313d1a069496-b732f27c-439d471e-9b5dab88-1db8261c8ff6d58b728eb863"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | " Serialization specification: Specification, A.7, Preventing Overwriting of Externalizable Objects " | ]]></ac:plain-text-body></ac:structured-macro> |
...