2. it
  3. 如何破解单例模式,如何防止破解

如何破解单例模式,如何防止破解

mac2024-10-18  4

1. 破解单例模式

  可以通过反射和反序列化的方式来破解除枚举方式以外的单例模式。

2. 如何防止破解

2.1 对于反序列化方式

  在单例模式下,添加一个readResolve()方法,在方法体里返回这个对象。在反序列化时,会自动调用这个方法,从而避免了生成新的对象。 示例:

public class Singleton implements Serializable { private static final long serialVersionUID = 1L; private Singleton(){ } private static Singleton instance = new Singleton();; public static Singleton getInstance(){ return instance; } //在序列化时会自动调用该方法 /*private Object readResolve(){ return instance; }*/ public static void main(String[] args) throws IOException, ClassNotFoundException{ Singleton instance1 = Singleton.getInstance(); //序列表 FileOutputStream fos = new FileOutputStream("E:\\aa.txt"); ObjectOutputStream oos = new ObjectOutputStream(fos); oos.writeObject(instance1); oos.close(); //反序列化 FileInputStream fis = new FileInputStream("E:\\aa.txt"); ObjectInputStream ois = new ObjectInputStream(fis); Singleton instance2 = (Singleton)ois.readObject(); System.out.println(instance1==instance2); } }

2.2 对于反射放式

  对于反射,只需要在构造方法中添加判断来达到防止反射生成新对象

import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; public class Singleton2 { private Singleton2(){ if(instance!=null){ throw new RuntimeException(); } } private static final Singleton2 instance = new Singleton2(); public static Singleton2 getInstance(){ return instance; } public static void main(String[] args) throws ClassNotFoundException, NoSuchMethodException, SecurityException, InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException { Singleton2 s1 = Singleton2.getInstance(); Singleton2 s2 = Singleton2.getInstance(); System.out.println(s1==s2); //通过反射构造对象 Class<Singleton2> clazz = (Class<Singleton2>)Class.forName("com.zm.resingleton.Singleton2"); Constructor<Singleton2> declaredConstructor = clazz.getDeclaredConstructor(null); declaredConstructor.setAccessible(true); //true:取消 Java 语言访问检查 false:对java语言实施访问检查 Singleton2 instance1 = declaredConstructor.newInstance(); Singleton2 instance2 = declaredConstructor.newInstance(); System.out.println(instance1==instance2); } }
最新回复(0)