序列化

Java 提供了一种对象序列化的机制,该机制中,一个对象可以被表示为一个字节序列,该字节序列包括该对象的数据、有关对象的类型的信息和存储在对象中数据的类型。

简单的说,序列化是将运行时的内存数据,转换为可持久的硬盘数据(字节码),反序列化就是读取数据到内存.

java中的默认实现是通过ObjectInputStreamObjectOutputStream.

如果类实现了writeObjectreadObject则调用,否则通过ObjectInputStreamObjectOutputStreamdefaultWriteObjectdefaultReadObject来实现.

类本身实现的writeObjectreadObject可以用来对敏感信息进行加密解密.

ObjectOutputStream序列化对象:

public final void writeObject(Object x) throws IOException

ObjectInputStream反序列化对象:

public final Object readObject() throws IOException, ClassNotFoundException

使用注意点

  1. 序列化的类必须实现了Serializable接口

    Serializable只是一个接口标记类,代表可以进行序列化. 若对未实现该接口的类进行序列化,则会抛出java.io.NotSerializableException异常

  2. 反序列化校验

    反序列化时会校验当前环境中的class与序列化时的序列化版本号serialVersionUID 若未手动定义,则会根据参与序列化的属性自动生成唯一的编号. 一旦类属性发生变更而又未手动指定serialVersionUID,则会抛出java.io.InvalidClassException

  3. 关键词transient修饰的属性不会被序列化
  4. 手动设定序列化版本号
private static final long serialVersionUID = 1L;

具体实现

  1. 初探Java序列化(Serialization)
  2. 初探Java序列化-writeObject/readObject)

demo

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import lombok.Getter;
import lombok.Setter;

public class SerializeDemo {
    public static void main(String[] args) {
        serialize();
        unSerialize();

    }

    private static void serialize() {
        Employee e = new Employee();
        e.name = "Reyan Ali";
        e.address = "Phokka Kuan, Ambehta Peer";
        e.SSN = 11122333;
        e.number = 101;
        try {
            FileOutputStream fileOut = new FileOutputStream("~/tmp/employee.ser");
            ObjectOutputStream out = new ObjectOutputStream(fileOut);
            out.writeObject(e);
            out.close();
            fileOut.close();
            System.out.println("Serialized data is saved in ~/tmp/employee.ser");
        } catch (IOException i) {
            i.printStackTrace();
        }

    }

    private static void unSerialize() {
        Employee e = null;
        try {
            FileInputStream fileIn = new FileInputStream("~/tmp/employee.ser");
            ObjectInputStream in = new ObjectInputStream(fileIn);
            e = (Employee) in.readObject();
            in.close();
            fileIn.close();
        } catch (IOException i) {
            i.printStackTrace();
            return;
        } catch (ClassNotFoundException c) {
            System.out.println("Employee class not found");
            c.printStackTrace();
            return;
        }
        System.out.println("Deserialized Employee...");
        System.out.println("Name: " + e.name);
        System.out.println("Address: " + e.address);
        System.out.println("SSN: " + e.SSN);
        System.out.println("Number: " + e.number);

    }

    @Getter
    @Setter
    static class Employee implements Serializable {
        private static final long serialVersionUID = 1L;
        String name;
        String address;
        transient Integer SSN;
        Integer number;
    }
}