encapsulation breaked ? ?

Ranchers

private memebers of a class should never be accessible from outside the class. But how do the private methods of Book? Here's the full source code. ObjectInputStream / ObjectOutputStream is intercepting the private methods of Book. Do I call this violation of encapsulation?

import java.io.*;

class ReadingMaterial {
protected String author;
protected String subject;
protected int yearwritten;
public ReadingMaterial() {}

ReadingMaterial(String auth, String sub, int year) {
author = auth;
subject = sub;
yearwritten = year;
}
}

class Book extends ReadingMaterial implements Serializable {

int numpages;
String name;
boolean ishardcover;

Book(int pages, String n, boolean hardcover, String author,
String subject, int yearwritten)
{
super(author, subject, yearwritten);
numpages = pages;
name = n;
ishardcover = hardcover;
}

private void writeObject(ObjectOutputStream out) throws IOException {
System.out.println("Called private writeObject....");

out.defaultWriteObject();

out.writeObject(author);
out.writeObject(subject);
out.writeInt(yearwritten);
}

private void readObject(ObjectInputStream in)
throws IOException, ClassNotFoundException {
System.out.println("Called private readObject....");
in.defaultReadObject();

author = (String) in.readObject();
subject = (String) in.readObject();
yearwritten = in.readInt();
}

public String toString() {
return("Name: " + name + "\n" + "Author: " + author + "\n" + "Pages: "
+ numpages + "\n" + "Subject: " + subject + "\n" + "Year: " + yearwritten
+ "\n");
}
}

public class NonSerialSuperExample {

public static void main(String args[]) {

// create a Book object
Book bookorg = new Book(100, "How to Serialize", true, "R.R", "Serialization", 1997);
Book booknew = null;

// serialize the Book
try {
FileOutputStream fo = new FileOutputStream("tmp");
ObjectOutputStream so = new ObjectOutputStream(fo);
so.writeObject(bookorg);
so.flush();
} catch (Exception e) {
System.out.println(e);
System.exit(1);
}

// deserialize the Book
try {
FileInputStream fi = new FileInputStream("tmp");
ObjectInputStream si = new ObjectInputStream(fi);
booknew = (Book) si.readObject();
}catch (Exception e) {
System.out.println(e);
System.exit(1);
}

System.out.println();
System.out.println("Printing original book...");
System.out.println(bookorg);
System.out.println("Printing new book... ");
System.out.println(booknew);
System.out.println("The original and new should be the same!");
System.out.println();
}
}

no you don't

While you can cause encapsulation to become broken by serialisation and reflection you're when you do that on your own.
You're already breaking the design contract of the class as a user of that class, which means you're yourself in violation of the trust between the API developer and yourself.

Jeroen
Thanks !!
API has intercepted the private methods. That was my concern. Your answer helped me a lot. Sun recommends this for serialization - sensitive classes should never be serialized or the sensitive fields should be declared transient. Otherwise any other class can use the ObjectInputStream to read the sensitive fields.

regards
Nishant
[ June 24, 2006: Message edited by: Nishant Verma ]