Menu
I've got a class Foo, it's Serializable. It represents a graphical object, and I want it to restore its handles to the state before serializing. All data is stored within the object, I just need a method to be called in the right moment. How can I achieve it? Is this possible in Java?
(I have my Foos in a List in Bar object, and in some other places - that's why I don't want to do it manually.)
822
For serializing the object, we call the writeObject() method of ObjectOutputStream class, and for deserialization we call the readObject() method of ObjectInputStream class. We must have to implement the Serializable interface for serializing the object.
ysoserial is a collection of utilities and property-oriented programming "gadget chains" discovered in common java libraries that can, under the right conditions, exploit Java applications performing unsafe deserialization of objects.
Serialization is a mechanism of converting the state of an object into a byte stream. Deserialization is the reverse process where the byte stream is used to recreate the actual Java object in memory. This mechanism is used to persist the object.
Classes that require special handling during the serialization and deserialization process must implement special methods with these exact signatures:
private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException; Implement this method, and call in.defaultReadObject(), and then do whatever custom logic you want.
Check the docs of java.io.Serializable for more details
85
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
