I. what is it? Why?
Serialization is the process of transforming the state information of an object into a form that can be stored or transmitted, and deserialization is its reverse process.
Memory volatility; transmission needs; some application scenarios need to persist objects for reading when needed.
II. API provided by JDK
writeObject(Object obj) method of java.io.ObjectOutputStream class
readObject() method of java.io.ObjectInputStream class
For Serializable, if writeObject and readObject are not overridden, the default method is called
Externalizable inherits Serializable and has two more methods: writeExternal and readExternal to control which fields need to be serialized
II. Implementation method
Suppose a Person class implements the Serializable or Externalizable interface
import java.io.Serializable; /** * @Author: pf_xu * @Date: 2019/3/5 12:37 * @Version 1.0 */ public class Person implements Serializable { private int age; private String name; public Person(int age, String name) { this.age = age; this.name = name; } public void setAge(int age) { this.age = age; } public void setName(String name) { this.name = name; } public int getAge() { return age; } public String getName() { return name; } }
import java.io.Externalizable; import java.io.IOException; import java.io.ObjectInput; import java.io.ObjectOutput; /** * @Author: pf_xu * @Date: 2019/3/5 13:01 * @Version 1.0 */ public class SpecialPerson implements Externalizable { private int age; private String name; public SpecialPerson(){} public SpecialPerson(int age, String name) { this.age = age; this.name = name; } public void setAge(int age) { this.age = age; } public void setName(String name) { this.name = name; } public int getAge() { return age; } public String getName() { return name; } @Override public void writeExternal(ObjectOutput out) throws IOException { out.writeObject(age); out.writeObject(name); } @Override public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { this.age = (Integer) in.readObject(); this.name = (String)in.readObject(); } }
import java.io.*; /** * @Author: pf_xu * @Date: 2019/3/5 12:40 * @Version 1.0 */ public class SerializableDemo { public static void main(String[] args) throws IOException, ClassNotFoundException { Person person = new Person(10,"Simon"); ObjectOutputStream oos1 = new ObjectOutputStream(new FileOutputStream("object1.out")); oos1.writeObject(person); ObjectInputStream ois1= new ObjectInputStream(new FileInputStream("object1.out")); Person re_person = (Person) ois1.readObject(); System.out.println(re_person.getName()+"---"+re_person.getAge()); SpecialPerson specialPerson = new SpecialPerson(30,"Daniel"); ObjectOutputStream oos2 = new ObjectOutputStream(new FileOutputStream("object2.out")); oos2.writeObject(specialPerson); ObjectInputStream ois2= new ObjectInputStream(new FileInputStream("object2.out")); SpecialPerson re_specialPerson = (SpecialPerson)ois2.readObject(); System.out.println(re_specialPerson.getName()+"---"+re_specialPerson.getAge()); } }
III. some details
1. Serialization ID
serialVersionUID if the IDs of the two classes are different, they cannot sequence and anti sequence each other (can be applied and version control, different versions of classes are compatible or incompatible with each other)
2. security
There is a risk of leakage due to its standardization (binary plaintext can be encrypted)