tags:

views:

1606

answers:

2
+2  Q: 

Java serialization: readObject() vs. readResolve()

The book Effective Java and other sources provide a pretty good explanation on how and when to use the readObject() method when working with serializable Java classes. The readResolve() method, on the other hand, remains a bit of a mystery. Basically all documents I found either mention only one of the two or mention both only individually.

Questions that remain unanswered are:

  • What is the difference between the two methods?
  • When should which method be implemented?
  • How should readResolve() be used, especially in terms of returning what?

I hope you can shed some light on this matter.

+3  A: 

readResolve is used for replacing the object read from the stream. The only use I've ever seen for this is enforcing singletons; when an object is read, replace it with the singleton instance. This ensures that nobody can create another instance by serializing and deserializing the singleton.

Michael Myers  2009-07-22 21:31:23
There is a number of way for malicious code (or even data) to get around that.
Tom Hawtin - tackline  2009-07-22 21:33:28
Ooh, tell me more! >:D
Michael Myers  2009-07-22 21:36:05
Yes, please explain. Flyweight patterns rely on this working, so how can it break?
Steve Armstrong  2010-03-18 15:46:52
Josh Bloch talks about the conditions under which this breaks in effective Java 2nd ed. Item 77. He mentions about this in this talk he gave in Google IO couple of years back (some times towards the end of the talk): http://www.youtube.com/watch?v=pi_I7oD_uGI
calvinkrishy  2010-09-18 03:26:12
+1  A: 

readResolve is called after readObject has returned (conversely writeResolve is called before writeObject and probably on a different object). The object the method returns replaces this object returned to the user of ObjectInputStream.readObject and any further back references to the object in the stream. It is mostly used for serial proxies (see Effective Java, 2nd Ed, IIRC).

Tom Hawtin - tackline  2009-07-22 21:32:29

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java