An immutable object is an object which state is guaranteed to stay identical over its entire lifetime. This is really a good definition. Isn’t it? It means that the state of object once initialized, can never be changed anyhow.
Normally immutability in java is achieved through following steps :
- Don’t provide mutator methods for any field
- Make all fields final and private
- Don’t allow subclasses by declaring the class final itself
- Return deep cloned objects with copied content for all mutable fields in class
Please note that while it is possible to implement immutability without "final" keyword, its use makes that purpose explicit, to the human (the software developer) and the machine (the compiler).
Java also has its share of immutable classes which are primarily String class and wrapper classes. In this post, we will understand the need of immutability for String class.
1) Security : The first and undeniably most important reason is security. Well, its not only about your application, but even for JDK itself. Java class loading mechanism works on class names passed as parameters, then these classes are searched in class path. Imagine for a minute, Strings were mutable, then anybody could have injected its own class-loading mechanism with very little effort and destroyed or hacked in any application in a minute.
Well, I think in this case java didn't have got any popularity today and nobody would be using it. It means Strings were immutable that’s why java is still around in the game.
Well, I think in this case java didn't have got any popularity today and nobody would be using it. It means Strings were immutable that’s why java is still around in the game.
2) Performance : I believe that it is not the immutability of String class that gives it performance, rather it is string pool which works silently behind the scene. But at the same time, string pool is not a possibility without making String class immutable. So, it all again comes down to immutability of String class which allowed string pools, and thus better performance.
3) Thread safety: Immutable objects are safe when shared between multiple threads in multi-threaded applications. Just understand and learn it. There is no super logic. If something can’t be changed, then even thread can not change it.
As String class is main building block of java programming language, because of its use in class loading mechanism, it was indeed a must use case to prevent the String class from being dirty in case of multiple thread. Immutability does the magic here.
I get this post from the below link
http://howtodoinjava.com/2013/08/12/java-interview-question-why-strings-are-immutable/
This article is really good, I have learn new things from this article regarding String Immutability . If possible provide more details on String Immutability Vs Security so that it is crystal clear .
ReplyDeleteThanks in Advance .
Hi Shekar
ReplyDeletepublic class MyApi {
final String myUrl;
public MyApi(String urlString) {
// Verify that urlString points to an approved server
if (!checkApprovedUrl(urlString)) throw new IllegalArgumentException();
myUrl = urlString;
}
}
Were String mutable, this would lead to a subtle exploit: an attacker would pass a good URL, wait for a few microseconds, and then set the URL to point to an attack site.
Since storing without copying is a reasonably common practice, and because strings are among the most commonly used data types, leaving strings mutable would open up many APIs that are not written yet open to a serious security problem. Making strings immutable closes this particular security hole for all APIs, including the ones that are not written yet.
Hope this gives you the idea of security through immutablity .