File Dialogs  «Prev  Next»


Lesson 9

Java File DialogBox Conclusion

In this module, you learned
  1. how to create a file dialog box to select a file
  2. how to specify which types of files the file dialog box will accept

Module java.desktop
Package java.awt
Class FileDialog
java.lang.Object
  java.awt.Component
    java.awt.Container
      java.awt.Window
        java.awt.Dialog
          java.awt.FileDialog

All Implemented Interfaces:
ImageObserver, MenuContainer, Serializable, Accessible

Serializable Interface Security Problems

Unlimited serialization would introduce potential security problems. For one thing, it allows unrestricted access to an object's private fields. By chaining an object output stream to a byte array output stream ByteArrayOutputStream, a hacker can convert an object into a byte array. The byte array can be manipulated and modified without any access protection or security manager checks. Then the byte array can be reconstructed into a Java object by using it as the source of a byte array input stream.
Security is not the only potential problem. Some objects exist only as long as the current program is running. A java.net.Socket object represents an active connection to a remote host. Suppose a socket is serialized to a file, and the program exits. Later the socket is deserialized from the file in a new program, but the connection it represents no longer exists. Similar problems arise with
  1. file descriptors,
  2. I/O streams, and
  3. other classes.

For these and other reasons, Java does not allow instances of arbitrary classes to be serialized. You can only serialize instances of classes that implement the java.io.Serializable interface. By implementing this interface, a class indicates that it may be serialized without undue problems.
public interface Serializable

Class may be serialized

This interface does not declare any methods or fields and it serves purely to indicate that a class may be serialized. You should recall, however, that subclasses of a class that implements a particular interface also implement that interface by inheritance. Thus, many classes that do not explicitly declare that they implement Serializable are in fact serializable. For instance, java.awt.Component implements Serializable. Therefore, its direct and indirect subclasses, including Button, Scrollbar, TextArea, List, Container, Panel, java.applet.Applet, all subclasses of Applet, and all Swing components may be serialized. java.lang.Throwable implements Serializable. Therefore, all exceptions and errors are serializable.

In the next module, you will learn how to handle textual data using readers and writers. By text I do not just mean the ASCII text we are all familiar with, but more complicated text based on many different character sets like ISO Latin-1, Unicode, UTF-8, Big 5 Chinese, Hangul, Arabic, Hebrew, Cyrillic, Greek, the Adobe Symbol font, and many more.