Transient variable
:- In Java, a transient variable is one which would not be saved during serialization.
This is mostly the case when a variable is sensitive enough that it should not
be saved during serialization, such as a password. Even when such variable is
private in the object, once it is serialized it is possible to read it inside a
file or over a network. The keyword 'transient' is solution for such variables
that are not required to be serialized.
Another way to prevent sensitive part of your object from
being serialized is to implement your class as Externalizable. Then nothing is
automatically serialized and you can explicitly serialize only the necessary
parts inside writeExternal ( ) method.
If you are working with Serializable object , all
serialization happens automatically. To control this, you can turn off
serialization field-by-field basis using the transient keyword.
For example:- Consider a Login object that keeps information about a particular session .Suppose
that, once you verify login , you want to store the data , but without the
password .The easiest way to do this is by implementing Serializable and
marking the password field as transient.
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.util.Date;
/**
* @author Dixit
*
*/
public class Login implements Serializable{
private static final long serialVersionUID = 1L;
private Date date=new Date();
private String userName;
private transient String password;
Login(String userName,String password)
{
this.userName=userName;
this.password=password;
}
public String toString()
{
String pwd=(password==null) ? "(n/a)" : password;
return "login info : \n "+"UserName: "+userName+
"\n Date :"+date+
"\n Password : "+pwd;
}
/**
* @param args
* @throws IOException
* @throws FileNotFoundException
* @throws ClassNotFoundException
*/
public static void main(String[] args) throws FileNotFoundException, IOException, ClassNotFoundException {
Login login=new Login("Ashish", "magic");
System.out.println("login: "+login);
ObjectOutputStream out=new ObjectOutputStream(new FileOutputStream("Login.out"));
out.writeObject(login);
out.close();
try {
Thread.sleep(5000);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
ObjectInputStream in=new ObjectInputStream(new FileInputStream("Login.out"));
System.out.println("Recovering object at : "+new Date());
login=(Login) in.readObject();
System.out.println("login : "+ login );
}
}
You can see that date
and username are ordinary and are
automatically serialized.However, the password
is transient, and so is not
stored to disk. also the serialization mechanism makes no attempt to recover
it.
Ouput:
login: login info :
UserName: Ashish
Date :Wed Nov 04 19:40:10 IST 2015
Password : magic
Recovering object at : Wed Nov 04 19:40:16 IST 2015
login : login info :
UserName: Ashish
Date :Wed Nov 04 19:40:10 IST 2015
Password : (n/a)
When the object is recovered, the password field is null. Note that the toString ( ) method checks for a null value of password
Enjoy Reading
No comments:
Post a Comment