Prevent Fields From Being Serialized

Prevent Fields From Being Serialized

Objects are made serializable by implementing the interface. In general, when you serialize an object instance, all of the instance’s fields are considered to be part of its state, and will be serialized. For example:

 public class UserDef extends Object implements Serializable {	public String userid;	public String password;	public String fullName;}  //  public class UserDef extends Object

When an instance of this class is serialized, the values of the userid, password, and full name fields will all be serialized (or marshaled). However, in some cases, you may want to indicate that a field should not be included as part of the object’s state and should not be serialized. This may be because the information is sensitive (such as a password) or that the field does not represent data that should be persistent. When one of these conditions is true, you should add the transient modifier to the field’s definition, as in this example:

 	public transient String password;

With this modification, the password field will be not marshaled when the object is serialized (written). Deserializing (reading) an instance of the object will then produce an instance with the password field set to null. Using this technique, you can protect sensitive data and prevent extraneous information from being included in the serialization of the object.


Share the Post: