10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.io;
27
28 /**
29 * Serializability of a class is enabled by the class implementing the
30 * java.io.Serializable interface. Classes that do not implement this
31 * interface will not have any of their state serialized or
32 * deserialized. All subtypes of a serializable class are themselves
33 * serializable. The serialization interface has no methods or fields
34 * and serves only to identify the semantics of being serializable. <p>
35 *
36 * To allow subtypes of non-serializable classes to be serialized, the
37 * subtype may assume responsibility for saving and restoring the
38 * state of the supertype's public, protected, and (if accessible)
39 * package fields. The subtype may assume this responsibility only if
40 * the class it extends has an accessible no-arg constructor to
41 * initialize the class's state. It is an error to declare a class
42 * Serializable if this is not the case. The error will be detected at
43 * runtime. <p>
44 *
45 * During deserialization, the fields of non-serializable classes will
46 * be initialized using the public or protected no-arg constructor of
47 * the class. A no-arg constructor must be accessible to the subclass
48 * that is serializable. The fields of serializable subclasses will
49 * be restored from the stream. <p>
50 *
|
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.io;
27
28 /**
29 * Serializability of a class is enabled by the class implementing the
30 * java.io.Serializable interface.
31 *
32 * <p><strong>Warning: Deserialization of untrusted data is inherently dangerous
33 * and should be avoided. Untrusted data should be carefully validated according to the
34 * "Serialization and Deserialization" section of the
35 * {@extLink secure_coding_guidelines_javase Secure Coding Guidelines for Java SE}.
36 * {@extLink serialization_filter_guide Serialization Filtering} describes best
37 * practices for defensive use of serial filters.
38 * </strong></p>
39 *
40 * Classes that do not implement this
41 * interface will not have any of their state serialized or
42 * deserialized. All subtypes of a serializable class are themselves
43 * serializable. The serialization interface has no methods or fields
44 * and serves only to identify the semantics of being serializable. <p>
45 *
46 * To allow subtypes of non-serializable classes to be serialized, the
47 * subtype may assume responsibility for saving and restoring the
48 * state of the supertype's public, protected, and (if accessible)
49 * package fields. The subtype may assume this responsibility only if
50 * the class it extends has an accessible no-arg constructor to
51 * initialize the class's state. It is an error to declare a class
52 * Serializable if this is not the case. The error will be detected at
53 * runtime. <p>
54 *
55 * During deserialization, the fields of non-serializable classes will
56 * be initialized using the public or protected no-arg constructor of
57 * the class. A no-arg constructor must be accessible to the subclass
58 * that is serializable. The fields of serializable subclasses will
59 * be restored from the stream. <p>
60 *
|