Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Java - ObjectOutputStream enableReplaceObject(boolean enable) method

Previous
Quiz
Next

Description

The Java ObjectOutputStream enableReplaceObject(boolean enable) method enables the stream to do replacement of objects in the stream. When enabled, the replaceObject method is called for every object being serialized.

If enable is true, and there is a security manager installed, this method first calls the security manager's checkPermission method with a SerializablePermission("enableSubstitution") permission to ensure it's ok to enable the stream to do replacement of objects in the stream.

Declaration

Following is the declaration for java.io.ObjectOutputStream.enableReplaceObject(boolean enable) method.

protected boolean enableReplaceObject(boolean enable)

Parameters

enable − boolean parameter to enable replacement of objects.

Return Value

This method returns the previous setting before this method was invoked.

Exception

SecurityException − If a security manager exists and its checkPermission method denies enabling the stream to do replacement of objects in the stream.

Example - Usage of ObjectOutputStream enableReplaceObject(boolean enable) method

The following example shows the usage of ObjectOutputStream enableReplaceObject(boolean enable) method.

ObjectOutputStreamDemo.java

package com.tutorialspoint;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;

public class ObjectOutputStreamDemo extends ObjectOutputStream {

   public ObjectOutputStreamDemo(OutputStream out) throws IOException {
      super(out);
   }

   public static void main(String[] args) {
      int i = 319874;
      
      try {
         // create a new file with an ObjectOutputStream
         FileOutputStream out = new FileOutputStream("test.txt");
         ObjectOutputStreamDemo oout = new ObjectOutputStreamDemo(out);

         // enable replacing objects and return the previous setting
         System.out.println("" + oout.enableReplaceObject(true));

         // write something in the file
         oout.writeInt(i);
         oout.writeInt(1653984);
         oout.flush();

         // close the stream
         oout.close();

         // create an ObjectInputStream for the file we created before
         ObjectInputStream ois = new ObjectInputStream(new FileInputStream("test.txt"));

         // read and print an int
         System.out.println("" + ois.readInt());

         // read and print an int
         System.out.println("" + ois.readInt());
      } catch (Exception ex) {
         ex.printStackTrace();
      }
   }
}

Output

Let us compile and run the above program, this will produce the following result −

false
319874
1653984

Example - Usage of ObjectOutputStream enableReplaceObject(boolean enable) method

The following example shows the usage of ObjectOutputStream enableReplaceObject(boolean enable) method.

ObjectOutputStreamDemo.java

package com.tutorialspoint;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;

public class ObjectOutputStreamDemo {
   public static void main(String[] args) throws IOException, ClassNotFoundException {
      try (ObjectOutputStream oos = new CustomOOS(new FileOutputStream("data1.ser"))) {
         oos.writeObject("ORIGINAL STRING");  // Replace this with another object

         ObjectInputStream ois = new ObjectInputStream(new FileInputStream("data1.ser"));
         System.out.println(" Replaced String: " + ois.readObject());
      }
   }

   static class CustomOOS extends ObjectOutputStream {
      public CustomOOS(OutputStream out) throws IOException {
         super(out);
         enableReplaceObject(true);
      }

      @Override
      protected Object replaceObject(Object obj) throws IOException {
         System.out.println("replaceObject called for: " + obj);
         if ("ORIGINAL STRING".equals(obj)) {
            return "REPLACED STRING";
         }
         return obj;
      }
   }
}

Output

Let us compile and run the above program, this will produce the following result−

replaceObject called for: ORIGINAL STRING
Replaced String: REPLACED STRING

Example - Masking sensitive fields like passwords

The following example shows the usage of ObjectOutputStream enableReplaceObject(boolean enable) method. We'll replace a User object with a copy that has the password set to null before serialization.

ObjectOutputStreamDemo.java

package com.tutorialspoint;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.Serializable;

public class ObjectOutputStreamDemo {
   public static void main(String[] args) throws IOException, ClassNotFoundException {
      User user = new User("alice", "secret123");

      try (ObjectOutputStream oos = new SanitizingOOS(new FileOutputStream("secure_user.ser"))) {
         oos.writeObject(user);  // Will be replaced with sanitized version
         ObjectInputStream ois = new ObjectInputStream(new FileInputStream("secure_user.ser"));
         System.out.println(" Replaced User: " + ois.readObject());
      }
   }

   static class SanitizingOOS extends ObjectOutputStream {
      public SanitizingOOS(OutputStream out) throws IOException {
         super(out);
         enableReplaceObject(true);
      }

      @Override
      protected Object replaceObject(Object obj) throws IOException {
         if (obj instanceof User u) {
            return new User(u.username, null);  // Strip the password
         }
         return obj;
      }
   }

   static class User implements Serializable {
      String username;
      String password;
      public User(String username, String password) {
         this.username = username;
         this.password = password;
      }

      @Override
      public String toString(){
         return "username = { " + this.username + " } + password = { " + this.password + " }";
      }
   }
}

Output

Let us compile and run the above program, this will produce the following result−

Replaced User: username = { alice } + password = { null }

Explanation

  • Password is removed. So, in the output, it is null, even though it was set initially.

java_io_objectoutputstream.htm
Print Page
Previous
Next
Advertisements