public class User implements Serializable {
//class attributes, constructors, setters and getters as shown above
/**
* Always treat de-serialization as a full-blown constructor, by validating the final state of the de-serialized object.
*/
private void readObject(ObjectInputStream aInputStream) throws ClassNotFoundException, IOException
{
// perform the default de-serialization first
aInputStream.defaultReadObject();
// make defensive copy of the mutable Date field
dateOpened = new Date(dateOpened.getTime());
// ensure that object state has not been corrupted or tampered with malicious code
//validateUserInfo();
}
/**
* This is the default implementation of writeObject. Customize as necessary.
*/
private void writeObject(ObjectOutputStream aOutputStream) throws IOException {
//ensure that object is in desired state. Possibly run any business rules if applicable.
//checkUserInfo();
// perform the default serialization for all non-transient, non-static fields
aOutputStream.defaultWriteObject();
}
}
REQUEST: Only when the request comes directly from the client
FORWARD: Only when the request has been forwarded to a component (see Transferring Control to Another Web Component)
INCLUDE: Only when the request is being processed by a component that has been included (see Including Other Resources in the Response)
ERROR: Only when the request is being processed with the error page mechanism (see Handling Servlet Errors)
You can direct the filter to be applied to any combination of the preceding situations by selecting multiple dispatcher types. If no types are specified, the default option is REQUEST.