• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Jeanne Boyarsky
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Paul Clapham
  • Junilu Lacar
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Ganesh Patekar
  • Tim Moores
  • Pete Letkeman
  • Stephan van Hulst
  • Carey Brown
  • Tim Holloway
  • Joe Ess

encapsulation breaked ? ?  RSS feed

Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

private memebers of a class should never be accessible from outside the class. But how do the private methods of Book? Here's the full source code. ObjectInputStream / ObjectOutputStream is intercepting the private methods of Book. Do I call this violation of encapsulation?

import java.io.*;

class ReadingMaterial {
protected String author;
protected String subject;
protected int yearwritten;
public ReadingMaterial() {}

ReadingMaterial(String auth, String sub, int year) {
author = auth;
subject = sub;
yearwritten = year;

class Book extends ReadingMaterial implements Serializable {

int numpages;
String name;
boolean ishardcover;

Book(int pages, String n, boolean hardcover, String author,
String subject, int yearwritten)
super(author, subject, yearwritten);
numpages = pages;
name = n;
ishardcover = hardcover;

private void writeObject(ObjectOutputStream out) throws IOException {
System.out.println("Called private writeObject....");



private void readObject(ObjectInputStream in)
throws IOException, ClassNotFoundException {
System.out.println("Called private readObject....");

author = (String) in.readObject();
subject = (String) in.readObject();
yearwritten = in.readInt();

public String toString() {
return("Name: " + name + "\n" + "Author: " + author + "\n" + "Pages: "
+ numpages + "\n" + "Subject: " + subject + "\n" + "Year: " + yearwritten
+ "\n");

public class NonSerialSuperExample {

public static void main(String args[]) {

// create a Book object
Book bookorg = new Book(100, "How to Serialize", true, "R.R", "Serialization", 1997);
Book booknew = null;

// serialize the Book
try {
FileOutputStream fo = new FileOutputStream("tmp");
ObjectOutputStream so = new ObjectOutputStream(fo);
} catch (Exception e) {

// deserialize the Book
try {
FileInputStream fi = new FileInputStream("tmp");
ObjectInputStream si = new ObjectInputStream(fi);
booknew = (Book) si.readObject();
}catch (Exception e) {

System.out.println("Printing original book...");
System.out.println("Printing new book... ");
System.out.println("The original and new should be the same!");
Ranch Hand
Posts: 1847
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
no you don't

While you can cause encapsulation to become broken by serialisation and reflection you're when you do that on your own.
You're already breaking the design contract of the class as a user of that class, which means you're yourself in violation of the trust between the API developer and yourself.
Nishant Verma
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks !!
API has intercepted the private methods. That was my concern. Your answer helped me a lot. Sun recommends this for serialization - sensitive classes should never be serialized or the sensitive fields should be declared transient. Otherwise any other class can use the ObjectInputStream to read the sensitive fields.

[ June 24, 2006: Message edited by: Nishant Verma ]
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!