Thanks to visit codestin.com
Credit goes to www.tutorialspoint.com

Java - ObjectInputStream enableResolveObject() method

Previous
Quiz
Next

Description

The Java ObjectInputStream enableResolveObject() method controls whether object replacement is allowed during deserialization. When enabled (true), the resolveObject(Object obj) method is called for each deserialized object, allowing modification or substitution of the object before returning it. enableResolveObject(true) must be called inside a subclass of ObjectInputStream. When enabled, resolveObject(Object obj) is triggered to modify objects before they are returned.

Declaration

Following is the declaration for java.io.ObjectInputStream.enableResolveObject() method −

protected boolean enableResolveObject(boolean enable)

Parameters

enable − true for enabling use of resolveObject for every object being deserialized

Return Value

This method returns the previous setting before this method was invoked.

Exception

SecurityException − If a security manager exists and its checkPermission method denies enabling the stream to allow objects read from the stream to be replaced.

Example - Replacing Null Values During Deserialization

The following example shows the usage of Java ObjectInputStream enableResolveObject() method. This example replaces null values in a deserialized object.

ObjectInputStreamDemo.java

package com.tutorialspoint;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;

class Employee implements Serializable {
   private static final long serialVersionUID = 1L;
   String name;
   String department;

   public Employee(String name, String department) {
      this.name = name;
      this.department = department;
   }

   @Override
   public String toString() {
      return "Employee{name='" + name + "', department='" + department + "'}";
   }
}

// Custom ObjectInputStream to enable object resolution
class CustomObjectInputStream extends ObjectInputStream {
   public CustomObjectInputStream(InputStream in) throws IOException {
      super(in);
      enableResolveObject(true); // Enable object resolution
   }

   @Override
   protected Object resolveObject(Object obj) {
      if (obj instanceof Employee) {
         Employee emp = (Employee) obj;
         if (emp.department == null) {
            emp.department = "Unknown"; // Replace null with default value
         }
         return emp;
      }
      return obj;
   }
}

public class ObjectInputStreamDemo {
   public static void main(String[] args) {
      try {
         // Serialize object with a null department
         ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("employee.dat"));
         oos.writeObject(new Employee("John Doe", null));
         oos.close();

         // Deserialize using custom ObjectInputStream
         CustomObjectInputStream ois = new CustomObjectInputStream(new FileInputStream("employee.dat"));
         Employee emp = (Employee) ois.readObject();
         ois.close();

         System.out.println("Deserialized Employee: " + emp);
      } catch (IOException | ClassNotFoundException e) {
         e.printStackTrace();
      }
   }
}

Output

Let us compile and run the above program, this will produce the following result−

Deserialized Employee: Employee{name='John Doe', department='Unknown'}

Explanation

  • Writes an Employee object to a file with a null department.

  • Uses CustomObjectInputStream with enableResolveObject(true).

  • resolveObject() replaces null department with "Unknown" before returning the object.

Example - Replacing an Old Object with a New Object

The following example shows the usage of Java ObjectInputStream enableResolveObject() method. This example substitutes deprecated objects with new ones.

ObjectInputStreamDemo.java

package com.tutorialspoint;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;

class OldUser implements Serializable {
   private static final long serialVersionUID = 1L;
   String username;

   public OldUser(String username) {
      this.username = username;
   }

   @Override
   public String toString() {
      return "OldUser{username='" + username + "'}";
   }
}

class NewUser implements Serializable {
   private static final long serialVersionUID = 1L;
   String username;
   String role;

   public NewUser(String username, String role) {
      this.username = username;
      this.role = role;
   }

   @Override
   public String toString() {
      return "NewUser{username='" + username + "', role='" + role + "'}";
   }
}

// Custom ObjectInputStream to replace OldUser with NewUser
class UserObjectInputStream extends ObjectInputStream {
   public UserObjectInputStream(InputStream in) throws IOException {
      super(in);
      enableResolveObject(true);
   }

   @Override
   protected Object resolveObject(Object obj) {
      if (obj instanceof OldUser) {
         OldUser oldUser = (OldUser) obj;
         return new NewUser(oldUser.username, "User"); // Convert OldUser to NewUser
      }
      return obj;
   }
}

public class ObjectInputStreamDemo {
   public static void main(String[] args) {
      try {
         // Serialize OldUser object
         ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("user.dat"));
         oos.writeObject(new OldUser("john_doe"));
         oos.close();

         // Deserialize and replace OldUser with NewUser
         UserObjectInputStream ois = new UserObjectInputStream(new FileInputStream("user.dat"));
         NewUser user = (NewUser) ois.readObject();
         ois.close();

         System.out.println("Deserialized User: " + user);
      } catch (IOException | ClassNotFoundException e) {
         e.printStackTrace();
      }
   }
}

Output

Let us compile and run the above program, this will produce the following result−

Deserialized User: NewUser{username='john_doe', role='User'}

Explanation

  • Serializes an OldUser object.

  • Uses UserObjectInputStream to replace OldUser with NewUser.

  • During deserialization, resolveObject() transforms the object.

Example - Masking Sensitive Data During Deserialization

The following example shows the usage of Java ObjectInputStream enableResolveObject() method. This example masks sensitive data, like passwords, during deserialization.

ObjectInputStreamDemo.java

package com.tutorialspoint;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;

class Account implements Serializable {
   private static final long serialVersionUID = 1L;
   String username;
   String password; // Sensitive field

   public Account(String username, String password) {
      this.username = username;
      this.password = password;
   }

   @Override
   public String toString() {
      return "Account{username='" + username + "', password='" + password + "'}";
   }
}

// Custom ObjectInputStream to mask passwords
class AccountObjectInputStream extends ObjectInputStream {
   public AccountObjectInputStream(InputStream in) throws IOException {
      super(in);
      enableResolveObject(true);
   }

   @Override
   protected Object resolveObject(Object obj) {
      if (obj instanceof Account) {
         Account account = (Account) obj;
         account.password = "******"; // Mask the password
         return account;
      }
      return obj;
   }
}

public class ObjectInputStreamDemo {
   public static void main(String[] args) {
      try {
         // Serialize an account with a password
         ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("account.dat"));
         oos.writeObject(new Account("user123", "mypassword"));
         oos.close();

         // Deserialize with masked password
         AccountObjectInputStream ois = new AccountObjectInputStream(new FileInputStream("account.dat"));
         Account account = (Account) ois.readObject();
         ois.close();

         System.out.println("Deserialized Account: " + account);
      } catch (IOException | ClassNotFoundException e) {
         e.printStackTrace();
      }
   }
}

Output

Let us compile and run the above program, this will produce the following result−

Deserialized Account: Account{username='user123', password='******'}

Explanation

  • Serializes an Account object with a real password.

  • Uses enableResolveObject(true) to modify the object before returning it.

  • resolveObject() replaces the actual password with "******" before returning.

java_io_objectinputstream.htm
Print Page
Previous
Next
Advertisements