• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

encapsulation breaked ? ?  RSS feed

Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

private memebers of a class should never be accessible from outside the class. But how do the private methods of Book? Here's the full source code. ObjectInputStream / ObjectOutputStream is intercepting the private methods of Book. Do I call this violation of encapsulation?

import java.io.*;

class ReadingMaterial {
protected String author;
protected String subject;
protected int yearwritten;
public ReadingMaterial() {}

ReadingMaterial(String auth, String sub, int year) {
author = auth;
subject = sub;
yearwritten = year;

class Book extends ReadingMaterial implements Serializable {

int numpages;
String name;
boolean ishardcover;

Book(int pages, String n, boolean hardcover, String author,
String subject, int yearwritten)
super(author, subject, yearwritten);
numpages = pages;
name = n;
ishardcover = hardcover;

private void writeObject(ObjectOutputStream out) throws IOException {
System.out.println("Called private writeObject....");



private void readObject(ObjectInputStream in)
throws IOException, ClassNotFoundException {
System.out.println("Called private readObject....");

author = (String) in.readObject();
subject = (String) in.readObject();
yearwritten = in.readInt();

public String toString() {
return("Name: " + name + "\n" + "Author: " + author + "\n" + "Pages: "
+ numpages + "\n" + "Subject: " + subject + "\n" + "Year: " + yearwritten
+ "\n");

public class NonSerialSuperExample {

public static void main(String args[]) {

// create a Book object
Book bookorg = new Book(100, "How to Serialize", true, "R.R", "Serialization", 1997);
Book booknew = null;

// serialize the Book
try {
FileOutputStream fo = new FileOutputStream("tmp");
ObjectOutputStream so = new ObjectOutputStream(fo);
} catch (Exception e) {

// deserialize the Book
try {
FileInputStream fi = new FileInputStream("tmp");
ObjectInputStream si = new ObjectInputStream(fi);
booknew = (Book) si.readObject();
}catch (Exception e) {

System.out.println("Printing original book...");
System.out.println("Printing new book... ");
System.out.println("The original and new should be the same!");
Ranch Hand
Posts: 1847
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
no you don't

While you can cause encapsulation to become broken by serialisation and reflection you're when you do that on your own.
You're already breaking the design contract of the class as a user of that class, which means you're yourself in violation of the trust between the API developer and yourself.
Nishant Verma
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks !!
API has intercepted the private methods. That was my concern. Your answer helped me a lot. Sun recommends this for serialization - sensitive classes should never be serialized or the sensitive fields should be declared transient. Otherwise any other class can use the ObjectInputStream to read the sensitive fields.

[ June 24, 2006: Message edited by: Nishant Verma ]
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!