Java serialization Mechanism

Original article: rising moon
Http://special.education.blog.163.com/blog/static/46615082201212372948794/

Serialization in Java

. What is serialization?

The lifetime of an object is usually terminated with the termination of the program that generates the object. Sometimes, you may need to save the object state and restore the object as needed. We can record the state of an object for future regeneration. Persistence ). An object Records itself by writing a value describing its own State. This process is called serialization-continuity ). The main task of serialization is to write the value of the object instance variable. If the variable is a reference to another object, the referenced object will also be serialized. This process is recursive. serialization may involve a single line of complex tree structures, including the original object, and so on. The hierarchy of object ownership is called graph ).

2. serialization objective

The goal of Java object Singleton is to provide a set of features for the Java Runtime Environment, as shown below:

1) Keep objects serialized as simple as possible, but provide a way for them to be extended or customized according to developers' requirements.

2) the serialization mechanism should strictly abide by the Java object model. All the information about the security characteristics of the type should be stored in the serialized state of the object.

3) The object serialization mechanism should support Java object persistence.

4) the serialization mechanism of objects should have sufficient scalability to support remote method calls (RMI) of objects ).

5) Object serialization should allow the object to define its own format, that is, its own data stream representation, which can be achieved through external interfaces.

Ii. serialization Method
Since jdk1.1, Java provides the object serialization mechanism. in the IO package, the interface serialization is used as a tool for serializing objects. Only objects of serialization classes can be serialized.

The serializable interface does not have any methods. When a class declaration needs to implement the serializable interface, it only indicates that the class participates in the serialization protocol, and no special method is required. The following example shows how to serialize objects.

1. Define a serializable object

To serialize a class object, you must implement the serializable interface. We define a class student as follows:
Class student implements serializable {

// 1 first defines a class student and implements the serializable interface.

Int ID;

String name;

Int age;

Transient string department;

// Keywords in the Java language [Reserved Words], used to indicate that a domain is not part of the object's serialization.

 

Public student (int id, string name, int age, string Department ){

This. ID = ID;

This. Name = Name;

This. Age = age;

This. Department = Department;

}

}

2. Construct the input/output stream of the object

To serialize an object, it must be associated with a certain object output/input stream. The object state is saved through the object output stream, and the object state is restored through the object input stream.

In the java. Io package, objectinputstream and objectoutputstream are provided to extend the data stream function to read/write objects. In objectinputstream, The readobject () method can be used to directly read an object. In objectoutputstream, The writeobject () method can be used to directly Save the object to the output stream.

Package com. GWSSI. Study. pkg3;

Import java. Io .*;

Public class objectser {

Public static void main (string ARGs []) throws ioexception, classnotfoundexception {

Student Stu = new student (101972040, "Yaoming", 27, "basketball ");

Fileoutputstream fo = new fileoutputstream ("data. Ser ");

Objectoutputstream so = new objectoutputstream (FO );

Try {

// 2 Save the student object to the file data. Ser through the writeobject () method of the object output stream

So. writeobject (Stu );

So. Close ();

} Catch (ioexception e ){

System. Out. println (E );

}

Stu = NULL;

Fileinputstream Fi = new fileinputstream ("data. Ser ");

Objectinputstream Si = new objectinputstream (FI );

Try {

// 3 read the stored student object from the file data. Ser using the readobjcet () method of the home input stream

Stu = (student) Si. readobject ();

Si. Close ();

} Catch (ioexception ex ){

System. Out. println (Ex );

}

// 4 the running result shows that the object state can be correctly saved and restored through the serialization mechanism.

System. Out. println ("Student info :");

System. Out. println ("ID:" + Stu. ID );

System. Out. println ("name:" + Stu. Name );

System. Out. println ("Age:" + Stu. Age );

System. Out. println ("Dep:" + Stu. Department );

}

}
The running result is as follows:

Student info:
ID: 101972040
Name: Yaoming
Age: 27
Dep: NULL

 

In this example,

1 first define a class student and implement the serializable Interface

2. Use the writeobject () method of the object output stream to save the student object to the file data. Ser.

3. Read the stored student object from the file data. Ser using the readobjcet () method of the home input stream.

4. The running result shows that the object state can be correctly saved and restored through the serialization mechanism.

Iii. Considerations for serialization
1. serialize the elements that can be saved

Serializing can only save the non-static member traffic of an object, but cannot save any member methods and static member variables. serializing only saves the value of the variable, no modifiers for variables can be saved.

2. Transient keyword

For some types of objects, their statuses are instantaneous, and such objects cannot save their statuses. For example, a thread object or a fileinputstream object. For these fields, we must use the transient keyword to indicate them. Otherwise, the compiler will take measures.

In addition, serialization may involve storing objects on disks or developing data on the network, which may cause security problems. Because the data is outside the Java Runtime Environment and is not controlled by the Java security mechanism. These fields that need to be kept confidential should not be stored in permanent media or simply not stored without processing, in order to ensure security. The transient keyword should be added before these fields.