Serialization of Java EE Objects (serialization)

A) When you want to write an object in memory to the hard disk;
b) When you want to use sockets to transfer objects on the network;
c) When you want to transfer objects through RMI;
To explain a little bit more: a) For example, your memory is not enough, the computer will be a part of the memory of the object temporarily saved to the hard disk, and then to use the time to read into the memory, the hard disk that part of the storage space is called virtual memory. In the case of you want to save a particular object to a file, I take it out every few days, then the implementation of the Serializable interface;
b) In the Java socket programming, you may sometimes want to transfer a certain class of objects, then also implement the serializable interface; the most common you transmit a string, it is the class inside the JDK, also implements the Serializable interface, So it can be transmitted over the network.
c) If you want to invoke a method of a remote object through a remote method call (RMI), such as a method of invoking another Computer B object in Computer A, you need to implement the serialization interface by obtaining a reference to the computer B target object through the Jndi service and transferring the object from B to a.

Http://www.cnblogs.com/vicenteforever/articles/1471775.html

First, the concept and purpose of serialization

1. What is serialization

The life of an object is usually terminated with the termination of the program that generated the object. Sometimes, you might need to save the state of an object and restore the object when you need it. We put the object's ability to record its state so that it can regenerate in the future. Known as the persistence of the object (persistence). The object records itself by writing a value describing its state, which is called the serialization of the object (serialization). The main task of serialization is to write out the value of the object instance variable. If the throughput is a reference to another object, the referenced object is also serialized. This process is recursive, and serialization may involve the single-line of a complex tree structure, including the original object, object objects, objects of objects, and so on. The hierarchical structure of object ownership is called a graph (graph).

2. Purpose of serialization

The goal of a single-line Java object is to provide a set of attributes for the Java runtime, as follows:

1) Try to keep the serialization of the object as simple as possible, but provide a way to expand or customize it according to the requirements of the developer.

2) The serialization mechanism should strictly abide by the Java object model. The serialization state of an object should have all the information about the security characteristics of the species.

3) The serialization mechanism of the object should support Java object persistence.

4) The serialization mechanism of an object should have sufficient scalability to support the object's remote method invocation (RMI).

5) object serialization should allow the object to define its own format, which is its own data flow representation, which can be done by an external interface.

Second, serialization method
Starting with JDK1.1, the Java language provides an object serialization mechanism in which the interface serialization is used as a tool for implementing the serialization of objects, and only objects that implement the serialization class can be serialized.

There is no method in the serializable interface. When a class declares that it is implementing the Serializable interface, it simply indicates that the class participates in the serialization protocol and does not need to implement any special methods. Here we show you how to serialize an object by using an example.

1. Defining a Serializable Object

A class that must implement the serializable interface if it is to enable its objects to be serialized. We define a class student as follows:

2. Import java.io.Serializable;
6. Public class Student implements Serializable {
10. int id; //Study No.
14. String name; //Name
18. int age; //Age
22. String Department; //Department
26. Public Student (int ID, string name, Int. Age, String department) {
30. this.id = ID;
34. this.name = name;
38. this.age = age;
42. this.department = Department;
46. }
50. }

2. Constructing the object's input/output stream

To serialize an object, it must be associated with a certain object output/input stream, save the state of the object through the object output stream, and restore the object state through the object input stream.

In the java.io package, ObjectInputStream and ObjectOutputStream are provided to extend the data flow capabilities to read-write objects. In ObjectInputStream, an object can be read directly using the ReadObject () method, and the object can be saved directly to the output stream using the WriteObject () method in ObjectOutputStream.

2. Import Java.io.FileInputStream;
4. Import Java.io.FileOutputStream;
6. Import java.io.IOException;
8. Import Java.io.ObjectInputStream;
10. Import Java.io.ObjectOutputStream;
14. Public class Objectser {
18. public static void Main (String args[]) throws IOException,
20. classnotfoundexception {
24. Student stu = new Student (981036, "liuming", " CSD");
28. FileOutputStream fo = new FileOutputStream ("Data.ser");
32. ObjectOutputStream so = new ObjectOutputStream (FO);
36. try {
40. So.writeobject (Stu);
44. So.close ();
48. } catch (IOException e) {
50. System.out.println (e);
52. }
56. Stu = null;
60. FileInputStream fi = new FileInputStream ("Data.ser");
64. ObjectInputStream si = new ObjectInputStream (FI);
68. try {
72. Stu = (Student) si.readobject ();
76. Si.close ();
80. } catch (IOException e)
84. {
86. System.out.println (e);
88. }
92. System.out.println ("Student Info:");
96. System.out.println ("ID:" + stu.id);
100. System.out.println ("Name:" + stu.name);
104. System.out.println ("Age:" + stu.age);
108. System.out.println ("DEP:" + stu.department);
112. }
116. }

The results of the operation are as follows:

Student Info:

id:981036

Name:liuming

Age:18

Dep:csd

             In this example, we first define a class student, The serializable interface is implemented, and then the student object is saved to the file Data.ser through the WriteObject () method of the object output stream. After that, the saved student object is read from the file Data.ser through the Readobjcet () method of the home input stream. As you can see from the running results, the state of the object can be saved and restored correctly by serialization mechanism.  

Iii. Considerations for serialization  
1. Serialization of the elements that can be saved  

              serialization can only hold non-static member values of the object, cannot save any member methods and static member variables, and serialization saves only the value of the variable, no modifier for the variable can be saved. &NBSP

2.transient keyword  

              for certain types of objects whose state is instantaneous, such an object cannot save its state. For example, a thread object or a FileInputStream object, we must use the Transient keyword for these fields, otherwise the compiler will report.  

             In addition, serialization may involve storing objects in the Developed data on disk or on the network, this can create security issues. Because the data is outside the Java Runtime Environment, it is not under the control of Java security. For those fields that require secrecy, they should not be stored on permanent media, or should not be saved simply and without processing, in order to ensure security. You should add the Transient keyword before these fields.

The following is an explanation of the transient keyword in the Java specification:
The transient marker is isn't fully specified by the Java Language specification it is used In object serialization to mark member variables this should not being serialized.

Here is an example of a transient application:

Serialization of Java EE Objects (serialization)