单例模式的实现方式及如何有效防止防止反射和反序列化
方式一:饿汉式(静态常量)
public class Singleton { private final static Singleton SINGLETON = new Singleton(); private Singleton(){ } public void doAction(){ //TODO 实现你需要做的事 } public static Singleton getInstance(){ return SINGLETON; } }
测试用例:
public class Test { public static void main(String[] args) { Signleton singleton1 = Singleton.getInstance(); Signleton singleton2 = Singleton.getInstance(); System.out.println("两个singleton对象是否是同一个对象:"+ (singleton1 == singleton2) ); System.out.println("singleton1的hashCode:"+singleton1.hashCode()); System.out.println("singleton2的hashCode:"+singleton2.hashCode()); } }
运行结果:
两个singleton对象是否是同一个对象:true singleton1的hashCode:366712642 singleton2的hashCode:366712642
优点:
- 代码实现简单
- 利用类加载机制避免了多线程同步问题
缺点:
- 在类加载时就完成了实例化,没有达到Lazy loading的效果,有可能造成内存浪费
方式二:饿汉式(静态代码块)
public class Singleton { private final static Singleton SINGLETON; static{ SINGLETON = new Singleton(); } private Singleton(){ } public void doAction(){ //TODO 实现你需要做的事 } public static Singleton getInstance(){ return SINGLETON; } }
测试用例:
public class Test { public static void main(String[] args) { Signleton singleton1 = Singleton.getInstance(); Signleton singleton2 = Singleton.getInstance(); System.out.println("两个singleton对象是否是同一个对象:"+ (singleton1 == singleton2) ); System.out.println("singleton1的hashCode:"+singleton1.hashCode()); System.out.println("singleton2的hashCode:"+singleton2.hashCode()); } }
运行结果:
两个singleton对象是否是同一个对象:true singleton1的hashCode:366712642 singleton2的hashCode:366712642
这种实现方式优缺点和方式一是一样的,也是利用了类加载,唯一不同的就是将实例化的过程放在了静态代码块中。
方式三:懒汉式(线程不安全)
public class Singleton { private static Singleton singleton; private Singleton(){ } public void doAction(){ //TODO 实现你需要做的事 } public static Singleton getInstance(){ if (singleton == null) { singleton = new Singleton(); } return singleton; } }
测试代码:
public class Test { public static void main(String[] args) { //多线程获取对象,存在线程不安全问题 Thread thread1 = new Thread(new Runnable() { public void run() { Singleton singleton1 = Singleton.getInstance(); System.out.println("singleton1的hashCode:"+singleton1.hashCode()); } }); Thread thread2 = new Thread(new Runnable() { public void run() { Singleton singleton2 = Singleton.getInstance(); System.out.println("singleton2的hashCode:"+singleton2.hashCode()); } }); thread1.start(); thread2.start(); } }
运行结果:
第一次运行结果: singleton2的hashCode:1813990537 singleton1的hashCode:1813990537 第二次运行结果: singleton1的hashCode:1813990537 singleton2的hashCode:1481479505
从两次运行结果来看,我们发现singleton1与singleton2的hashCode存在相同和不想同的两种情况,这就已经证明了这种方式的线程不安全性
优点:
- 起到了Lazy loading效果,适合在单线程环境中使用
缺点:
- 在多线程环境中存在线程不安全问题
方式四:懒汉式(方法同步)
public class Singleton { private static Singleton singleton; private Singleton(){ } public void doAction(){ //TODO 实现你需要做的事 } public synchronized static Singleton getInstance(){ if (singleton == null) { singleton = new Singleton(); } return singleton; } }
测试用例(可多做几次测试):
public class Test { public static void main(String[] args) { //多线程获取对象,线程安全问题 Thread thread1 = new Thread(new Runnable() { public void run() { Singleton singleton1 = Singleton.getInstance(); System.out.println("singleton1的hashCode:"+singleton1.hashCode()); } }); Thread thread2 = new Thread(new Runnable() { public void run() { Singleton singleton2 = Singleton.getInstance(); System.out.println("singleton2的hashCode:"+singleton2.hashCode()); } }); thread1.start(); thread2.start(); } }
运行结果:
第一次运行结果: singleton1的hashCode:1947425526 singleton2的hashCode:1947425526 第二次运行结果: singleton1的hashCode:1430007319 singleton2的hashCode:1430007319
从两次运行结果来看,我们发现singleton1与singleton2的hashCode是一样的,说明这种方法是线程安全的
优点:
- 实现了Lazy loading想过
- 避免了多线程同步问题
缺点:
- 效率太低,每个线程在执行getInstance()方法都要进行同步。实际上这个方法只要执行一次实例化就行,当实例化完成,后面的线程是通不过if判断的
方式五:懒汉式(实例化代码同步)
public class Singleton { private static Singleton singleton; public Singleton() { } public void doAction(){ //TODO 实现你需要做的事 } public static Singleton getInstance(){ if (singleton == null) { synchronized (Singleton.class) { singleton = new Singleton(); } } return singleton; } }
测试用例:
public class Test { public static void main(String[] args) { //多线程获取对象,存在线程不安全问题 Thread thread1 = new Thread(new Runnable() { public void run() { Singleton singleton1 = Singleton.getInstance(); System.out.println("singleton1的hashCode:"+singleton1.hashCode()); } }); Thread thread2 = new Thread(new Runnable() { public void run() { Singleton singleton2 = Singleton.getInstance(); System.out.println("singleton2的hashCode:"+singleton2.hashCode()); } }); thread1.start(); thread2.start(); } }
运行结果:
singleton2的hashCode:1813990537
singleton1的hashCode:1430007319
从两次运行结果来看,我们发现singleton1与singleton2的hashCode是不相同的,证明这种方式是线程不安全的
有点:
- 实现了Lazy loading的现过
- 相对于第四种的同步,该方法的效率得到了提升
缺点:
- 在多线程环境中存在线程不安全问题
方式六:双重检测
public class Singleton { private static Singleton singleton; private Singleton(){ } public void doAction(){ //TODO 实现你需要做的事 } public static Singleton getInstance(){ if (singleton == null) { synchronized (Singleton.class) { if (singleton == null) { singleton = new Singleton(); } } } return singleton; } }
测试用例:
public class Test { public static void main(String[] args) { //多线程获取对象,线程安全 Thread thread1 = new Thread(new Runnable() { public void run() { Singleton singleton1 = Singleton.getInstance(); System.out.println("singleton1的hashCode:"+singleton1.hashCode()); } }); Thread thread2 = new Thread(new Runnable() { public void run() { Singleton singleton2 = Singleton.getInstance(); System.out.println("singleton2的hashCode:"+singleton2.hashCode()); } }); thread1.start(); thread2.start(); } }
运行结果:
singleton2的hashCode:1481479505
singleton1的hashCode:1481479505
优点:
- 线程安全
- 实现Lazy loading
- 效率较高
方式七:静态内部类
public class Singleton { public Singleton() { } public void doAction(){ //TODO 实现你需要做的事 } private static class SingletonInstance{ private final static Singleton SINGLETON = new Singleton(); } public static Singleton getInstance(){ return SingletonInstance.SINGLETON; } }
测试用例:
public class Test { public static void main(String[] args) { //多线程获取对象,线程安全 Thread thread1 = new Thread(new Runnable() { public void run() { Singleton singleton1 = Singleton.getInstance(); System.out.println("singleton1的hashCode:"+singleton1.hashCode()); } }); Thread thread2 = new Thread(new Runnable() { public void run() { Singleton singleton2 = Singleton.getInstance(); System.out.println("singleton2的hashCode:"+singleton2.hashCode()); } }); thread1.start(); thread2.start(); } }
运行结果:
singleton2的hashCode:1481479505
singleton1的hashCode:1481479505
这种方式利用了类装载机制来保证初始化实例时只有一个线程,静态内部类在Singleton被装载时并不会立即实例化,而是在调用getInstance()时才会装载静态内部类,从而完成Singleton实例化。由于类的静态属性只会在第一次加载类的时候进行初始化,这里我们通过JVM加载类时的线程安全的特性来保证了线程安全
优点:
- 利用JVM加载静态内部类的机制保证多线程安全
- 实现Lazy loading效果
- 效率高
方式八:使用枚举(《Effective Java》作者的Josh Bloch提倡的方式)
public enum Singleton { INSTANCE; public void doAction(){ //TODO 实现你需要做的事 } }
测试用例:
public class Test { public static void main(String[] args) { //多线程获取对象,线程安全 Thread thread1 = new Thread(new Runnable() { public void run() { Singleton singleton1 = Singleton.INSTANCE; System.out.println("singleton1的hashCode:"+singleton1.hashCode()); } }); Thread thread2 = new Thread(new Runnable() { public void run() { Singleton singleton2 = Singleton.INSTANCE; System.out.println("singleton2的hashCode:"+singleton2.hashCode()); } }); thread1.start(); thread2.start(); } }
运行结果:
singleton2的hashCode:321306952
singleton1的hashCode:321306952
优点:
- 线程安全(枚举实例的创建默认就是线程安全的)
- 不会因为序列化而产生新实例
- 防止反射攻击
破环单例模式的三种方式:反射,序列化,克隆
以双重检测方式为例测试反射,序列化,克隆是否能破环单例模式:
public class Singleton implements Serializable,Cloneable{ private static final long serialVersionUID = 6125990676610180062L; private static Singleton singleton; private Singleton(){ } public void doAction(){ //TODO 实现你需要做的事 } public static Singleton getInstance(){ if (singleton == null) { synchronized (Singleton.class) { if (singleton == null) { singleton = new Singleton(); } } } return singleton; } @Override protected Object clone() throws CloneNotSupportedException { return super.clone(); } }
测试用例:
public class DestroySingleton { public static void main(String[] args) throws Exception { //通过getInstance()获取 Singleton singleton = Singleton.getInstance(); System.out.println("singleton的hashCode:"+singleton.hashCode()); //通过反射获取 Constructor<Singleton> constructor = Singleton.class.getDeclaredConstructor(); constructor.setAccessible(true); Singleton reflex = constructor.newInstance(); System.out.println("reflex的hashCode:"+reflex.hashCode()); //通过克隆获取 Singleton clob = (Singleton) Singleton.getInstance().clone(); System.out.println("clob的hashCode:"+clob.hashCode()); //通过序列化,反序列化获取 ByteArrayOutputStream bos = new ByteArrayOutputStream(); ObjectOutputStream oos = new ObjectOutputStream(bos); oos.writeObject(Singleton.getInstance()); ByteArrayInputStream bis = new ByteArrayInputStream(bos.toByteArray()); ObjectInputStream ois = new ObjectInputStream(bis); Singleton serialize = (Singleton) ois.readObject(); if (ois != null) ois.close(); if (bis != null) bis.close(); if (oos != null) oos.close(); if (bos != null) bos.close(); System.out.println("serialize的hashCode:"+serialize.hashCode()); } }
运行结果:
singleton的hashCode:366712642 reflex的hashCode:1829164700 clob的hashCode:2018699554 serialize的hashCode:990368553
运行结果表明通过getInstance()、反射、克隆、序列化这四种方式得到的Singleton对象的hashCode是不一样的,此时单例模式已然被破环
如何防止反射、克隆、序列化对单例模式的破环
1、防止反射破环(虽然构造方法已私有化,但通过反射机制使用newInstance()方法构造方法也是可以被调用):
- 首先定义一个全局变量开关isFristCreate默认为开启状态
- 当第一次加载时将其状态更改为关闭状态
2、防止克隆破环
- 重写clone(),直接返回单例对象
3、防止序列化破环
- 添加readResolve(),返回Object对象
public class Singleton implements Serializable,Cloneable{ private static final long serialVersionUID = 6125990676610180062L; private static Singleton singleton; private static boolean isFristCreate = true;//默认是第一次创建 private Singleton(){ if (isFristCreate) { synchronized (Singleton.class) {
if (isFristCreate) {
isFristCreate = false;
} } }else{ throw new RuntimeException("已然被实例化一次,不能在实例化"); } } public void doAction(){ //TODO 实现你需要做的事 } public static Singleton getInstance(){ if (singleton == null) { synchronized (Singleton.class) { if (singleton == null) { singleton = new Singleton(); } } } return singleton; } @Override protected Singleton clone() throws CloneNotSupportedException { return singleton; } private Object readResolve() { return singleton; } }
测试用例:
public class DestroySingleton { public static void main(String[] args) throws Exception { //通过getInstance()获取 Singleton singleton = Singleton.getInstance(); System.out.println("singleton的hashCode:"+singleton.hashCode()); //通过克隆获取 Singleton clob = (Singleton) Singleton.getInstance().clone(); System.out.println("clob的hashCode:"+clob.hashCode()); //通过序列化,反序列化获取 ByteArrayOutputStream bos = new ByteArrayOutputStream(); ObjectOutputStream oos = new ObjectOutputStream(bos); oos.writeObject(Singleton.getInstance()); ByteArrayInputStream bis = new ByteArrayInputStream(bos.toByteArray()); ObjectInputStream ois = new ObjectInputStream(bis); Singleton serialize = (Singleton) ois.readObject(); if (ois != null) ois.close(); if (bis != null) bis.close(); if (oos != null) oos.close(); if (bos != null) bos.close(); System.out.println("serialize的hashCode:"+serialize.hashCode()); //通过反射获取 Constructor<Singleton> constructor = Singleton.class.getDeclaredConstructor(); constructor.setAccessible(true); Singleton reflex = constructor.newInstance(); System.out.println("reflex的hashCode:"+reflex.hashCode()); } }
运行结果:
singleton的hashCode:366712642 clob的hashCode:366712642 serialize的hashCode:366712642 Exception in thread "main" java.lang.reflect.InvocationTargetException at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at designPatterns.singleton.doublecheck.DestroySingleton.main(DestroySingleton.java:33) Caused by: java.lang.RuntimeException: 已然被实例化一次,不能在实例化 at designPatterns.singleton.doublecheck.Singleton.<init>(Singleton.java:16) ... 5 more
从运行结果上看重写clone(),添加readResolve()后通过克隆和序列化得到的对象的hashCode与从getInstance()得到的对象得而hashCode值相同,而通过反射运行得到的结果符合预想的报错;因为以上三种手段对防止单例被破坏起作用了,至于枚举为什么能做到防止反射,克隆及序列化对单例的破坏将留在下次分享
如有写的不对的地方请书友们及时指出,谨诚拜谢!!
