Object serialization is the ability to convert
in-memory objects to an external form that can be sent serially (a
byte at a time) and back again. The “and back again” may
happen at a later time, or in another JVM on another computer (even
one that has a different byte order); Java handles differences
between machines. ObjectInputStream
and
ObjectOutputStream
are specialized stream classes
designed to read and write objects. They can be used to save objects
to disk, as I’ll show here, and are also useful in passing
objects across a network connection, as I’ll show in Section 15.7. This fact was not lost on the designers of
the remote methods invocation, or RMI (see Chapter 22), which uses them for transporting the data
involved in remote method calls.
As you might imagine, if we pass an object such as
MyData
to the writeObject
method, and writeObject
notices that one of the
fields is itself an object such as a String
, that
data will get serialized properly. In other words,
writeObject
works
recursively. So, we will give it an
ArrayList
of data objects. The first is a
java.util.Date
, for versioning purposes. All
remaining objects are of type MyData
.
To be serializable, the data must implement the empty
Serializable
interface. Also, the keyword
transient
can be used
for any data that should not be serialized. You
might need to do this for security, or to prevent attempts to
serialize a reference to an object from a non-serializable class.
Here we use it to prevent the unencrypted
passwords from
being saved where they might be readable:
import java.io.*; import java.util.*; class MyData implements Serializable { String userName; String passwordCypher; transient String passwordClear; public MyData(String name, String clear) { userName = name; // Save the clear text p/w in the object, it won't get serialized passwordClear = clear; // So we must save the encryption! Encryption not shown here. passwordCypher = DES.encrypt(passwordClear); } } public class Serialize { protected static final String FILENAME = "serial.dat"; public static void main(String s[]) throws IOException { ArrayList v = new ArrayList( ); // Gather the data MyData u1 = new MyData("Ian Darwin", "secret_java_cook"); v.add(new Date( )); v.add(u1); v.add(new MyData("Abby Brant", "dujordian")); // Save the data to disk. ObjectOutputStream os = new ObjectOutputStream( new FileOutputStream(FILENAME)); os.writeObject(v); os.close( ); } }
There are many other ways to serialize objects, depending upon your interchange goals. One way would be to write the individual data members into an XML file (see Chapter 21).
18.191.93.12