Explicit Serialization API and Security
Peter Firmstone
peter.firmstone at zeus.net.au
Sun Jan 4 11:07:10 UTC 2015
----- Original message -----
>
> On 01/04/2015 02:48 AM, Peter Firmstone wrote:
> > class B extends A {
> >
> > public final int cur;
> >
> > private static ReadSerial check(ReadSerial rs) {
> > A a = new A(rs);
>
> What to do if A is abstract?
:)
Create an anonymous instance, or create a static private unshared class that overrides it, for the purpose of validation and discard it.
The important thing is A must retain control of access to its internal state.
Cheers,
Peter.
>
> Regards, Peter
>
> > int cur = rs.getInt("cur");
> > if ( a.lower> cur || cur> a.upper )
> > throw new IllegalArgumentException(
> > "cur outside lower and upper bounds");
> > return rs;
> > }
> >
> > public B(ReadSerial rs) {
> > super(check(rs));
> > cur = rs.getInt("cur");
> > }
> > }
>
More information about the core-libs-dev
mailing list