final transient fields serialization

David M. Lloyd david.lloyd at
Thu Dec 3 15:41:41 UTC 2009

This is exactly the solution I present to users of JBoss Marshalling.  The 
access check performed verifies that the field being updated is a 
non-static instance field (final or otherwise, any access level) of the 
caller's class; IllegalAccessException is then not thrown at "runtime" when 
the field is changed.  Setting the field can be done via the same 
assortment of set methods found on Field (set, setByte, setBoolean, ...).


On 12/03/2009 04:57 AM, Tom Hawtin wrote:
> Peter Jones wrote:
>> Regarding a language solution, though, I don't see how to avoid making
>> a [...]
> `readObject` is a `psuedo-constructor`. Ideally it would be a real
> constructor (with choice of defaultReadObject/readFields similar to
> super), but that would require significant changes to the JLS.
> Similar problems appear for JAXB, ORMs, etc. Dependency Inject also has
> problems with construction. Construction often involves way too much
> boilerplate. There are lots of issues here, most I have little
> experience with.
>> So I think that the best hope is an improved reflective library
>> solution. Thinking out loud: say, a factory method that looks up a [...]
> I guess something like
> class MyClass implements Serializable {
> private final transient Thing thing;
> private static final FieldRead<Thing> THING_READER =
> FieldRead.newInstance("thing");
> ...
> private void readObject(...) ... {
> in.defaultReadObject();
> Thing thing = (Thing)in.readObject();
> THING_READER.set(thing);
> }
> }
> Gratuitous use of immediate caller. I just know people will attempt to
> take client supplied arguments. Best we can do is put a few static
> checks in javac and static analysis tools, and runtime checks into the
> serialisation mechanism.
> (Notes:
> FieldRead.newInstance
> - must be called by static initialiser
> (dynamic and perhaps static check).
> - static analysis (inc. javac) can check field name, type and assignment).
> - errors by unchecked exception
> - Dynamic check that called from readObject on this instance (can cheat).
> - Dynamic check for no reassignment.
> - Dynamic check after readObject call for definite assignment.
> - Could also add static checks as well.
> )
> Tom Hawtin

More information about the core-libs-dev mailing list