Exploit Serialization To Perform Deep Copy

Exploit Serialization To Perform Deep Copy

The clone() method of java.lang.Object class makes a shallow copy of anobject i.e. a copy that excludes the objects that the to-be-cloned object contains. Therefore, to produce a deep copy of your complex objects, you have to write your own clone() method so that you take care of copying every contained object. This, depending on the complexity of your objects, may entail a lot of code. Java’s serialization mechanism provides a neat workaround to this situation.

To take advantage of serialization, you have to ensure that your objects and all their contained objects are serializable. The following code demonstrates deep copy via serialization:

 public class DeepCopyMaker {             private DeepCopyMaker()	{		//I made constructor private so that DeepCopyMaker could notbe created	}                         static public Object makeDeepCopy(Object obj2DeepCopy) throwsException             { 		//obj2DeepCopy must be serializable             	ObjectOutputStream outStream = null;                         ObjectInputStream inStream = null;                         try                         { 			ByteArrayOutputStream byteOut = 	                                    new ByteArrayOutputStream();                                     outStream = newObjectOutputStream(byteOut);                                     // serialize and write obj2DeepCopy tobyteOut                                    outStream.writeObject(obj2DeepCopy); 			//always flush your stream                                    outStream.flush();                                     ByteArrayInputStream byteIn =      	                               newByteArrayInputStream(byteOut.toByteArray());                                    inStream = newObjectInputStream(byteIn);                                     // read the serialized, and deep copied,object and return it                                     return inStream.readObject(); 		}                         catch(Exception e)                         {                         	//handle the exception			//it is not a bad idea to throw the exception, sothat the caller of the 			//method knows something went wrong			throw(e);                         }                          finally                          { 			//always close your streams in finally clauses                          	outStream.close();                                     inStream.close();                           } 	} } 


Share the Post: