Serializing private variables in java

Question

I have a question on serialization. If my class has private variables and there are no getters and setters, then how will the value of these variables be read by the Serializat

Answer 1

First, access permissions are the compile-time feature. the access is not controlled in runtime.

It may confuse you but try to do the following: create 2 versions of class A:

1

public class A {
    public foo() {
        System.out.println("hello");
    }
}

2

public class A {
    private foo() {
        System.out.println("hello");
    }
}

Now write class that calls new A().foo() and compile it with the first version of the class A. Then put the second version into classpath and run the application. It will work!

So, do not worry about the access permissions: they can always be bypassed.

If for instance you are using reflection to call private method foo() from you have to get the method and then call setAccessible(true):

Method m = A.class.getMethod("foo",
null); m.setAccessible(true);
m.invoke(new A(), null);

If we can access private methods from our code, be sure that JDK classes can do this even if they are written in java. BTW as far as I know standard java serialization is implemented as native code.