Wednesday, 4 November 2015

What is Transient Variable?


Transient variable :- In Java, a transient variable is one which would not be saved during serialization. This is mostly the case when a variable is sensitive enough that it should not be saved during serialization, such as a password. Even when such variable is private in the object, once it is serialized it is possible to read it inside a file or over a network. The keyword 'transient' is solution for such variables that are not required to be serialized.

Another way to prevent sensitive part of your object from being serialized is to implement your class as Externalizable. Then nothing is automatically serialized and you can explicitly serialize only the necessary parts inside writeExternal ( ) method.

If you are working with Serializable object , all serialization happens automatically. To control this, you can turn off serialization field-by-field basis using the transient keyword.


For example:- Consider a Login object that keeps information about a particular session .Suppose that, once you verify login , you want to store the data , but without the password .The easiest way to do this is by implementing Serializable and marking the password field as transient.

 import java.io.FileInputStream;  
 import java.io.FileNotFoundException;  
 import java.io.FileOutputStream;  
 import java.io.IOException;  
 import java.io.ObjectInputStream;  
 import java.io.ObjectOutputStream;  
 import java.io.Serializable;  
 import java.util.Date;  
 /**  
  * @author Dixit  
  *  
  */  
 public class Login implements Serializable{  
      private static final long serialVersionUID = 1L;  
      private Date date=new Date();  
      private String userName;  
      private transient String password;  
      Login(String userName,String password)  
      {  
           this.userName=userName;  
           this.password=password;  
      }  
      public String toString()  
      {  
           String pwd=(password==null) ? "(n/a)" : password;  
           return "login info : \n  "+"UserName: "+userName+  
                     "\n Date :"+date+  
                     "\n Password : "+pwd;  
      }  
      /**  
       * @param args  
       * @throws IOException   
       * @throws FileNotFoundException   
       * @throws ClassNotFoundException   
       */  
      public static void main(String[] args) throws FileNotFoundException, IOException, ClassNotFoundException {  
           Login login=new Login("Ashish", "magic");  
           System.out.println("login: "+login);  
           ObjectOutputStream out=new ObjectOutputStream(new FileOutputStream("Login.out"));  
           out.writeObject(login);  
           out.close();  
           try {  
                Thread.sleep(5000);  
           } catch (InterruptedException e) {  
                // TODO Auto-generated catch block  
                e.printStackTrace();  
           }  
           ObjectInputStream in=new ObjectInputStream(new FileInputStream("Login.out"));  
           System.out.println("Recovering object at : "+new Date());  
           login=(Login) in.readObject();  
           System.out.println("login : "+ login );  
      }  
 }  


You can see that date and username are ordinary and are automatically serialized.However, the password is transient, and so is not stored to disk. also the serialization mechanism makes no attempt to recover it.


Ouput:

 login: login info :   
   UserName: Ashish  
  Date :Wed Nov 04 19:40:10 IST 2015  
  Password : magic  
 Recovering object at : Wed Nov 04 19:40:16 IST 2015  
 login : login info :   
   UserName: Ashish  
  Date :Wed Nov 04 19:40:10 IST 2015  
  Password : (n/a)  

When the object is recovered, the password field is null. Note that the toString ( ) method checks for a null value of password


Enjoy Reading

No comments:

Post a Comment