It shall be secure only for classes that do not override the toString() method of the Object class. If some class overrides, then there is high probability that you might identify 2 different instances for the same instance.
Use hashCode() instead....or even more simpler check with '=='.
nimo frey wrote:Is it secure to use the class.toString method for identifying an object.
Am I right?
No. You can try using the System#identityHashCode() method, but I don't think that will definitely identify an object apart from its identifier. The details of hashCode can vary from implementation to implementation, so that technique might give different results on different implementations.
I need the unique id of an instance for a JSF-Converter (to convert between string and object-instance). When getting the string back from front-end to back-end, then it is something like this: ''com.test.User@b9d1cf3f''. So I have thought that jsf internally stores the reference of instances as this string and not its hashcode. I have found out, that this string with "@b9d1cf3f" identifies my instance successfully and my converter works. But maybe I mixed up equals and identity..
However, I will use System.identityHashCode() instead of Object.hashCode() or ''com.test.User@b9d1cf3f''.