Detailed explanation of Java serialization and deserialization (Serialization)

1. What is? Why?

Serialization (Serialization) is the process of transforming the state information of an object into a form that can be stored or transmitted, and deserialization is its inverse process.

Volatility of memory; Transmission needs; In some application scenarios, objects need to be persisted so that they can be read when needed.

2. API provided by JDK

writeObject (Object obj) method of java. io. ObjectOutputStream class

readObject () method of java. io. ObjectInputStream class

For Serializable, if writeObject and readObject are not overridden, the default method is called

Externalizable inherits Serializable with two more methods, writeExternal and readExternal, to control which fields need to be serialized

3. Implementation

Assume an Person class that implements an Serializable or Externalizable interface

import java.io.Serializable;

/**
 * @Author: pf_xu
 * @Date: 2019/3/5 12:37
 * @Version 1.0
 */
public class Person implements Serializable {

 private int age;
 private String name;

 public Person(int age, String name) {
 this.age = age;
 this.name = name;
 }

 public void setAge(int age) {
 this.age = age;
 }

 public void setName(String name) {
 this.name = name;
 }

 public int getAge() {
 return age;
 }

 public String getName() {
 return name;
 }

}

import java.io.Externalizable;
import java.io.IOException;
import java.io.ObjectInput;
import java.io.ObjectOutput;

/**
 * @Author: pf_xu
 * @Date: 2019/3/5 13:01
 * @Version 1.0
 */
public class SpecialPerson implements Externalizable {

 private int age;
 private String name;

 public SpecialPerson(){}

 public SpecialPerson(int age, String name) {
 this.age = age;
 this.name = name;
 }

 public void setAge(int age) {
 this.age = age;
 }

 public void setName(String name) {
 this.name = name;
 }

 public int getAge() {
 return age;
 }

 public String getName() {
 return name;
 }

 @Override
 public void writeExternal(ObjectOutput out) throws IOException {
 out.writeObject(age);
 out.writeObject(name);
 }

 @Override
 public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {
 this.age = (Integer) in.readObject();
 this.name = (String)in.readObject();
 }
}

import java.io.*;

/**
 * @Author: pf_xu
 * @Date: 2019/3/5 12:40
 * @Version 1.0
 */
public class SerializableDemo {
 public static void main(String[] args) throws IOException, ClassNotFoundException {

 Person person = new Person(10,"Simon");
 ObjectOutputStream oos1 = new ObjectOutputStream(new FileOutputStream("object1.out"));
 oos1.writeObject(person);
 ObjectInputStream ois1= new ObjectInputStream(new FileInputStream("object1.out"));
 Person re_person = (Person) ois1.readObject();
 System.out.println(re_person.getName()+"---"+re_person.getAge());

 SpecialPerson specialPerson = new SpecialPerson(30,"Daniel");
 ObjectOutputStream oos2 = new ObjectOutputStream(new FileOutputStream("object2.out"));
 oos2.writeObject(specialPerson);
 ObjectInputStream ois2= new ObjectInputStream(new FileInputStream("object2.out"));
 SpecialPerson re_specialPerson = (SpecialPerson)ois2.readObject();
 System.out.println(re_specialPerson.getName()+"---"+re_specialPerson.getAge());

 }
}

4. 1 Some details

1. Serialize ID

serialVersionUID If two classes have different ID, they cannot sequence or reverse each other (versioning can be applied, and different versions of classes are compatible or incompatible with each other)

2. Security

Because of its standardization, it has the risk of leakage (binary plaintext, which can be encrypted)