Introduction to Objectstream and serialization

ObjectInputStream and ObjectOutputStream Introduction

The role of ObjectInputStream and ObjectOutputStream is to support the serialization of basic data and objects.
Create a "file output stream" corresponding to the ObjectOutputStream object, which can provide persistent storage of "basic data or object", when we need to read "Basic data or object" of these stores, we can create "file input stream" The corresponding ObjectInputStream, which in turn reads out these "basic data or objects".
Note: Only objects that support the java.io.Serializable or java.io.Externalizable interface can be manipulated by Objectinputstream/objectoutputstream!

In this chapter, we study and discuss serialization in depth. Learning content, including the role of serialization, usage, usage, and in-depth study of the 2 ways Serializable and externalizable to achieve serialization.

1. Role and use of serialization

serialization, in order to save the state of the object, and the corresponding deserialization, you can read the state of the saved object .
In short: serialization/deserialization is a mechanism that Java provides for the state of a Save/restore object.

In general, we may use serialization in the following situations:
a) When you want to save the state of an object in memory in a file or in a database ;
b) when you want to use sockets to transfer objects on the network;
c) when you want to transfer objects through RMI.

When we introduced the serialization definition, we said "serialization/deserialization is specifically used to save/restore the state of the object".
from this, we know: serialization/deserialization, only the Save/restore object state is supported, that is, only the Save/restore class is supported member Variables , However, saving a member method of a class is not supported!
However, is serialization not the state of all the member variables of the class can be saved?
The answer is, of course, negative !
(01) serialization to static and transient variables is not automatically persisted .
The role of transient is that variables declared with transient are not automatically serialized.
(02) For sockets, the thread class does not support serialization. If there is a thread member in the interface that implements the serialization, the compilation error occurs when the class is serialized!
This is mainly based on resource allocation . If the Socket,thread class can be serialized but cannot be re-allocated after deserialization, there is no need to do so.

Below, we'll also look at "serialization of static and transient processing" through an example.

Now we are more sure that serialization does not save state for static and transient variables. But if we want to save static or transient variables, can we do that?
Of course! We can override two methods WriteObject () and ReadObject () in the class. The following procedure demonstrates how to manually save static and transient variables.

Detailed details through debug can be found in the following sequence of calls: WriteObject call WriteObject0 (obj, false) call Writeordinaryobject (obj, desc, unshared); Call Writeserialdata (obj, desc); Call Slotdesc.invokewriteobject (obj, this); Call Writeobjectmethod.invoke (obj, new object[]{ Out});visible is a reflection call.

"Serialization does not automatically save static and transient variables", so to save them, we need to read and write manually through WriteObject () and ReadObject ().

(01) Write the variable you want to save by using the WriteObject () method. The original definition of writeobject is in Objectoutputstream.java, which we can overwrite with the following example:

7. Externalizable and fully customizable serialization process

if a class is to be fully responsible for the serialization of their own , the Externalizable interface is implemented instead of the serializable interface.

the Externalizable interface definition consists of two methods writeexternal () and readexternal (). It is important to note that declaring a class to implement the Externalizable interface has a significant security risk. The Writeexternal () and Readexternal () methods are declared public, and malicious classes can use these methods to read and write object data. If the object contains sensitive information, take extra care.

Below, we modify the previous Serialtest1.java test program and change the box from "implement Serializable interface" to "Implement Externalizable interface".

Description :

(01) The class that implements the Externalizable interface does not automatically save the data as if the serializable interface is implemented.
(02) The class that implements the Externalizable interface must implement the Writeexternal () and the readexternal () interface!
Otherwise, the program will not compile properly!
(03) The class that implements the Externalizable interface must define a constructor without parameters !
Otherwise, the program will not compile properly!
The methods of Writeexternal () and readexternal () are public, not very safe!

Introduction to Objectstream and serialization