Talk about serialization in J2SE (1)
Author: Favo yang
Favoyang@yahoo.com
A sense of understanding
A simple programming style is accumulated in Java, serialization as one of the most common functions, is particularly "simple" in Java. With the help of ObjectInputStream and ObjectOutputStream, we can easily realize serialization.
As long as our Class implements a java.io.serializable interface, you can use ObjectOutputStream's WriteObject () method to serialize an object; using ObjectInputStream's readObject () method, you can return the read Object object. The Serializable interface does not require us to implement any way.
The following is an example, it can give us a sense of understanding:
Serial implements a java.io.serializable interface, which is a class that requires serialization. We first construct a serial object serial1 and save it (serialize) in a file, then read (reverse sequencing) and print its content.
Package stream;
/ **
* @Author Favo yang
* /
Import java.io. *;
Public Class Serial Implements Serializable {
INT Company_ID;
String Company_addr;
Boolean Company_FLAG;
Public serial () {} // is different from C , no
Public serial (int company_id, string company_addr, boolean companies_flag) {
This.Company_ID = Company_ID;
THIS.COMPANY_ADDR = Company_ADDR;
this.company_flag = Company_FLAG;
}
Public static void main (String [] args) {
Serial Serial1 = New Serial (752, "Dayer Street # 5 building 02-287", false); // Construct a new object
FileInputStream in = NULL;
FileOutputStream out = null;
ObjectInputStream Oin = NULL;
ObjectOutputStream Oout = NULL;
Try {
OUT = New FileOutputStream ("5.txt");
Oout = New ObjectOutputStream (OUT);
Serial1.Serialize (Oout); // Serialization
Oout.close ();
Oout = NULL;
IN = New FileInputStream ("5.txt");
OIN = New ObjectInputStream (in);
Serial Serial2 = serial.deSerialize (OIN); // Reverse sequence
System.out.println (serial2); // Print Results
} catch (exception ex) {
EX.PrintStackTrace ();
} finally {
Try {
IF (in! = NULL) {
In.Close ();
}
IF (OIN! = NULL) {
Oin.close ();
}
IF (out! = null) {out.close ();
}
IF (Oout! = NULL) {
Oout.close ();
}
} catch (ioexception ex1) {
EX1.PRINTSTACKTRACE ();
}
}
}
/ **
* DeSerialize
* /
Public Static Serial Deserialize (ObjectInputStream Oin) throws Exception {
Serial s = (serial) Oin.ReadObject ();
Return S;
}
Public string toString () {
Return "DATA:" Company_ID "" Company_ADDR "" Company_FLAG;
}
/ **
* Serialize
* /
Public void serialize (ObjectOutputStream Oout) throws exception {
Oout.writeObject (this);
}
}
operation result:
Data: 752 Dayer Street # 5 building 02-287 False
Print correctly.
Now the serialization function has not been supported by J2ME, so we use DataInputStream, DataOutputStream to match RMS or network implementation in J2ME. For detailed introduction, see: Differences of this site:
"Java's basic data type and stream", "serialization mechanism in J2ME network"
Understand the risks and problems of serialization
In the previous article, we have seen the advantages of serialization, that is, simple serialization costs are very low, or there is nothing to achieve, as long as an interface is implemented. But if you simply use the example of the example above, you can have a bitterness in your program. You will quickly find the sequence of sequence:
n The change in the class that implements the class of the serializable interface is difficult (compatibility issues).
If you want to keep down compatibility, this means requiring a new version of the old version of the old version sequenced data stream; if you want to keep up compatibility, this means requiring the old version of the new version of the new version of the data stream. .
In particular, the problem of downward compatibility brings a problem that makes our code is difficult to change. In order to reach the old version of the data stream in the new version, the implementation of the class must preserve the implementation process of the old version. This is undoubtedly a slap in our own.
n The test cost of the class that implements the class of the serializable interface has increased.
You can imagine that when the new version is released, in order to maintain compatibility, your test will be the square of the number of times!
The NSH's acceptance of the default serialization method may bring performance issues, even worse.
n Serialization As an additional "constructor" might destroy data integrity, binding, even, a well-known object sequence sequences may bring security hazards.
After learning these possible risks, we encountered problems in serialization, how to avoid these risks? I summarize these risks as the following aspects:
1. When serialization encounters the problem of inheritance?
2. When will I accept the default Java serialization?
3. Compatibility
4. Data consistency issues and data constraints
5. Security issues
