RMI: are fields of remote object serialized and sent to client?
Question
I have the following code:
public class Foo implements SomeRemote {
private String verySecretString;
public void doSomething(){...}
}
As I understand foo will somehow be serialized and sent from RMI server to RMI client. So, can the client access anyway verySecretString ?
2 answers
solution1
2 2016-08-08 16:54:42
This is not how it works, you are supposed to expose a Remote interface instead of a class then manipulate the interface at client level this way the client has no idea of the implementation details.
So here you should rather have something like:
public interface MyService extends Remote {
void doSomething() throws RemoteException;
}
This is only what you know at the client level. At the sever level you will have your implementation Foo , something like:
public class Foo implements MyService {
private String verySecretString;
public void doSomething(){...}
}
Response Update:
If you don't want a field value to be serialized simply add the keyword transient to its declaration as next:
private transient String verySecretString;
solution2
1 ACCPTED 2016-08-08 20:36:28
As I understand foo will somehow be serialized and sent from RMI server to RMI client.
No. If Foo is an exported remote object it won't be sent anywhere. Its stub will be sent.
So, can the client access anyway verySecretString?
No.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.