Serialization and deserialization of objects in Java RMI

Serialization and deserialization of objects in Java RMI.

Background:

In RMI distributed application systems, Java objects transmitted between servers and clients must be serializable objects. Non-serializable objects cannot be transmitted in object streams. Object serialization extends the core JAVA input/output class and supports objects. Object serialization supports converting object encoding and object encoding that can be accessed through them into byte streams. It also supports the complementary reconstruction of object images in the stream. Serialization is used for lightweight persistence and communication by means of socket or remote method call (RMI.

Serialization mechanism:

Serialization is divided into two parts: serialization and deserialization. Serialization is the first part of this process. Data is decomposed into word throttling for storage in files or transmitted over the network. Deserialization is to open the byte stream and reconstruct the object. Object serialization not only converts basic data types into byte representations, but also restores data. To recover data, you must have an object instance that recovers data. The serialization process in objectoutputstream is connected to the byte stream, including the object type and version information. During deserialization, JVM generates an object instance with the header information, and then copies the data in the object byte stream to the object data member.

Detailed solutions for the following serialization mechanism:

1. All objects saved to the disk obtain a serial number (1, 2, 3, etc)

2. When you want to save an object, first check whether the object is saved.

3. If you have saved the object before, you only need to write the tag "Same as the object with serial number x already saved". Otherwise, save the object.

The deserialization mechanism applies the same scheme, but it is just a read object.

Below we will explain in two parts:

Process object stream:

(Serialization and deserialization)

The Java. Io package has two classes for serialized objects. Objectoutputstream writes objects to byte streams, and objectinputstream reconstructs objects from byte streams.

Let's first understand the objectoutputstream class. Objectoutputstream class extends the dataoutput interface.

The writeobject () method is the most important method for Object serialization. If the object contains references from other objects, the writeobject () method recursively serializes these objects. Each objectoutputstream maintains a serialized object reference table to prevent sending multiple copies of the same object. (This is important) Because writeobject () can serialize the entire set of cross-referenced objects, the same objectoutputstream instance may be accidentally requested to serialize the same object. In this case, deserialization is performed instead of writing the object byte stream again.

Serialization implementation

The serializable interface is implemented for the class to be serialized. There is no method to implement this interface. implements serializable only aims to mark that the object can be serialized and then uses an output stream (such: fileoutputstream) to construct an objectoutputstream (Object stream) object. Then, you can use the writeobject (Object OBJ) method of the objectoutputstream object to write (that is, save its status) the object whose parameter is obj ), the input stream is used for recovery.

Custom serialization

During serialization, some intermediate data does not need to be serialized. We can declare it as a transient member. But sometimes we want to serialize a field, but its definition in the SDK is non-serializable class type. In this case, we must mark it as transient, but how can we recover data that cannot be written? Fortunately, the serialization mechanism provides the following method definitions for classes that contain such special problems:

Private void readobject (objectinputstream in) throws

Ioexception, classnotfoundexception;

Private void writeobject (objectoutputstream out) throws

Ioexception;

(Note: These methods must be private when defined, because you do not need to display the call, the serialization mechanism will automatically call)

With the above method, we can manually write and read data fields that you want to serialize but cannot be serialized.

The above section describes the serialization and deserialization knowledge. The following example shows how to apply serialization and deserialization in Java RMI.

In practice, Io Stream does not support serialization, so it cannot be directly transmitted to the client. Therefore, it must be transferred to the client through conversion. The following is an example I wrote.

Import Java. io. ioexception; <br/> Import Java. io. inputstream; <br/> Import Java. io. objectinputstream; <br/> Import Java. io. objectoutputstream; <br/> Import Java. io. serializable; <br/> @ suppresswarnings ("serial") <br/> public class dataset implements serializable {<br/> private transient inputstream is; <br/> private stringbuilder DATA = new stringbuilder (); </P> <p> Public dataset (inputstream is) {<br/> This. Is = is; <br/>}</P> <p> private void writeobject (objectoutputstream out) throws ioexception {<br/> out. defaultwriteobject (); <br/> int c =-1; <br/> byte [] buff = new byte [1024]; <br/> while (C = is. read (buff, 0, 1024 ))! =-1) {<br/> out. write (buff, 0, c); <br/>}< br/> private void readobject (objectinputstream in) throws ioexception, classnotfoundexception {<br/> in. defaultreadobject (); <br/> int c =-1; <br/> byte [] Buf = new byte [1024]; <br/> while (C = in. read (BUF, 0, 1024 ))! =-1) {<br/> data. append (new string (BUF, 0, C); <br/>}</P> <p> Public String tostring () {<br/> return data. tostring (); <br/>}< br/>}

For convenience, the above Code directly stores inputstream content in the string, which may cause string overflow.

 

Therefore, the following provides a security practice.

Import Java. io. bytearrayinputstream; <br/> Import Java. io. bytearrayoutputstream; <br/> Import Java. io. ioexception; <br/> Import Java. io. inputstream; <br/> Import Java. io. objectinputstream; <br/> Import Java. io. objectoutputstream; <br/> Import Java. io. serializable; <br/> @ suppresswarnings ("serial") <br/> public class dataset implements serializable {<br/> private transient inputstream is; <br/> Public Dataset (Inputstream is) {<br/> This. is = is; <br/>}</P> <p> Public inputstream getinputstream () {<br/> return is; <br/>}</P> <p> private void writeobject (objectoutputstream out) throws ioexception {<br/> out. defaultwriteobject (); <br/> int c =-1; <br/> byte [] buff = new byte [1024]; <br/> while (C = is. read (buff, 0, 1024 ))! =-1) {<br/> out. write (buff, 0, c); <br/>}< br/> private void readobject (objectinputstream in) throws ioexception, classnotfoundexception {<br/> in. defaultreadobject (); <br/> bytearrayoutputstream Bos = new bytearrayoutputstream (); <br/> int c =-1; <br/> byte [] Buf = new byte [1024]; <br/> while (C = in. read (BUF, 0, 1024 ))! =-1) {<br/> Bos. write (BUF, 0, c); <br/>}</P> <p> // recreate the input stream here. <br/> is = new bytearrayinputstream (Bos. tobytearray (); <br/>}</P> <p>}