Two of the byte streams, ObjectInputStream and ObjectOutputStream, are specialized streams that let you read and write objects. Reading and writing objects is a process known as object serialization.
Writing Serialized classes It is only serialized when a class implements serialization interface. Therefore, if you want to implement serialization of a class object, this class must implement a serialization interface. In Java, as long as our class implements the java.io.serializable interface, you can use ObjectOutputStream's WriteObject () method to serialize an object; using ObjectInputStream's readObject () method, you can return the read Object object. The Serializable interface is an empty interface that does not include the definition of any method, does not require us to implement any way, its purpose is only to declare the object of this class is serialized. Simple sequence of categories as follows: imports java.io *; public class SerializeClass implements Serializable {int company_id; String company_name; String company_addr; public SerializeClass (int company_id, String company_name, String company_addr) {this.company_id = company_id; this.. company_name = company_name; this.company_addr = company_addr;} public String toString () {return "Company ID:" company_id "Company Name:" company_name "Company Address:" company_addr;} public void serialize (ObjectOutputStream s) throws Exception {s.writeObject (this);} public static SerializeClass deserialize (ObjectInputStream s) throws Exception, ClassNotFoundException {return (SerializeClass) s.readObject ();}}
/ * Test * / public void testSerialize () throws Exception {String filename = "bin / serializeclass.dat"; FileOutputStream out = null; ObjectOutputStream oout = null; out = new FileOutputStream (filename); oout = new ObjectOutputStream (out); SerializeClass ser = new SerializeClass (578, "3C", "ShenZhen"); ser.serialize (oout); oout.close (); out.close (); FileInputStream in = null; ObjectInputStream oin = null; in = new FileInputStream (FILENAME); OIN = New ObjectInputStream (in); serializeclass.deSerialize (OIN); system.out.println (deste); Oin.close (); in .close ();} Question 1) Implement SerializAble The change in the class of the interface becomes difficult (compatibility problem). If you want to keep down compatibility, this means requiring a new version of the old version of the old version sequenced data stream; if you want to keep up compatibility, this means requiring the old version of the new version of the new version of the data stream. . In particular, the problem of downward compatibility brings a problem that makes our code is difficult to change. In order to reach the old version of the data stream in the new version, the implementation of the class must preserve the implementation process of the old version. This is undoubtedly a slap in our own.
2) The test cost of the class that implements the class of the serializable interface has increased, when the new version is released, in order to maintain compatibility, your test amount will be the number of the number of times!
3) The default sequence type of grass rate may bring performance issues, even worse.
4) Serialization As an additional "constructor" might destroy data integrity, binding, or even, the object sequence sequence sequences serialized by the faked data stream may bring security hazards.
When a parent class implements the Serializable interface, his subclasses will automatically implement serialization.
1. When serialization encounters the problem of inheritance? All subclasses of the serialized class themselves are sequentially. However, if the parent class is non-serialized, the required subclasses can be sequentially, what should I do? "TO Allow Subtypes of Non-Serializable Classes To Be Serialized, The Subtype May Assume Responsibility for Saving and Restoring The State of To supertype's public, protected, and (if accessible) package fields. The subtype may assume this responsibility only if the class it extends has an accessible no-arg constructor to initialize the class's state. It is an error to declare a class Serializable if this is NOT THE CASE. The Error Will Be detected at runtime. "(Allows sub-type serialization of non-serialized classes, only when this class's extended subclass has an accessible parametric constructor to initialize the state of the class When the subclasses can be responsible for saving and restoring the state of the parent type public, protected and (if accessible) packets. Otherwise, the language declares that their subclasses will be sequentially, the error is running That is detected) that is, to prepare a sequential subclass to do two things to do for a parent class that does not implement the serializable interface: First, the parent class has a uncommon constructor. Public Class ParentClass {INT PARENTVALUE; Public ParentClass (); // If its subclass is required to be serialized, the non-parameter constructor is a must-be necessary public ParentClass (int ParentValue) {this.parentValue = ParentValue;} public string toString () {Return "Parent value:" ParentValue;}} The second, subclasses are responsible for serialization (reverse sequence) parental domain. Subclass sequence parent domains can be implemented by custom serialization. Customized Serialization Requirements must have a WriteObject and ReadObject method, and their definition must be as follows, and the defaultWriteObject method for the ObjectOutputStream class must first call the default serialization in the WriteObject method. Other serialization is processed afterwards; ReadObject The order of the method must be in the order in which the write is sequence, that is, first read the default serialization by the DefaultReadObject method of ObjectInputStream, and then read other custom serialization information sequentially. Private void writeObject (ObjectOutputStream S) throws ioException {s.defaultwriteObject (); // Customized Serialization Code}
private void readObject (ObjectInputStream s) throws IOException {s.defaultReadObject (); // customized deserialization code // followed by code to update the object, if necessary} if Serializable class contains the correct writeObject / readObject function performed serialization and deserialization time, writeObject / readObject will be invoked to replace the default serialization behavior public class ChildClass Extends ParantClass implements serializable {int subvalue; public ChildClass (int supervalue, int subvalue) {super (supervalue); This.SubValue = SubValue;} public string toString () {Return Super.toString () "Sub:" SubValue;
Private void writeObject (java.io.ObjectOutputstream out) throws ioException {out.defaultwriteObject (); // First serialized object out.writeint (superValue); // sequence the domain of the parent class}
private void readObject (java.io.ObjectInputStream in) throws IOException, ClassNotFoundException {in.defaultReadObject (); // first deserialized supervalue = in.readInt (); // then deserialized parent domain 2}} When will I accept the default Java serialization? Java default serialized behavior, Java saved everything about the object, that is, some of them are also saved without saving. In general, we just need to save logic data. We can use keyword transient to marke with keyword transient. The following is an example: import java.io. *; Public class serial usage_flag; string company_addr; transient boolean company_flag;} The company_flag field will not participate in serialization and reverse sequence, but also add it to it. The responsibility of the initial value. This is also one of the problems that are often caused by serialization. Because serialization is equivalent to a PUBLIC constructor that only accepts data streams, this object constructing method is outside language. But he is still a form of constructor. If your class cannot guarantee initialization through other aspects, you need an additional REDOBJECT method, first normal deserialization, and then initialize the field indicated by the Transient.
3. Compatibility issues 4. Data consistency issues and data constraints 5. Security issues
