原创

通过序列化和反序列化攻击单例

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;

public class Test {
public static void main(String[] args) {
Singleton s1 = Singleton.getInstance();
Singleton s2 = null;

FileOutputStream fos = null;
try{
fos = new FileOutputStream("SeriableSingleton.obj");
ObjectOutputStream oos = new ObjectOutputStream(fos);
oos.writeObject(s1);
oos.flush();
oos.close();

FileInputStream fis = new FileInputStream("SeriableSingleton.obj");
ObjectInputStream ois = new ObjectInputStream(fis);
s2 = (Singleton) ois.readObject();
ois.close();

System.out.println(s1 == s2);


}catch (Exception e){
e.printStackTrace();
}
}
}


正文到此结束
本文目录