Java 序列化與反序列化（Serialization）

1、什麼是？爲何須要？

序列化（Serialization）是將對象的狀態信息轉化爲能夠存儲或者傳輸的形式的過程，反序列化則爲其逆過程。

內存的易失性；傳輸須要；一些應用場景中須要將對象持久化下來，以便在須要的時候進行讀取。

2、JDK提供的API

java.io.ObjectOutputStream類的 writeObject(Object obj)方法

java.io.ObjectInputStream類的readObject()方法

對於Serializable，若是沒有重寫 writeObject和readObject，則調用默認的方法

Externalizable繼承了Serializable，多了2個方法：writeExternal和readExternal，用來控制須要序列化哪些字段

3、實現方法

假定一個Person類，實現了Serializable或Externalizable接口

import java.io.Serializable; /** * @Author: pf_xu * @Date: 2019/3/5 12:37 * @Version 1.0 */
public class Person implements Serializable { private int age; private String name; public Person(int age, String name) { this.age = age; this.name = name; } public void setAge(int age) { this.age = age; } public void setName(String name) { this.name = name; } public int getAge() { return age; } public String getName() { return name; } }

import java.io.Externalizable; import java.io.IOException; import java.io.ObjectInput; import java.io.ObjectOutput; /** * @Author: pf_xu * @Date: 2019/3/5 13:01 * @Version 1.0 */
public class SpecialPerson implements Externalizable { private int age; private String name; public SpecialPerson(){} public SpecialPerson(int age, String name) { this.age = age; this.name = name; } public void setAge(int age) { this.age = age; } public void setName(String name) { this.name = name; } public int getAge() { return age; } public String getName() { return name; } @Override public void writeExternal(ObjectOutput out) throws IOException { out.writeObject(age); out.writeObject(name); } @Override public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { this.age = (Integer) in.readObject(); this.name = (String)in.readObject(); } }

import java.io.*; /** * @Author: pf_xu * @Date: 2019/3/5 12:40 * @Version 1.0 */
public class SerializableDemo { public static void main(String[] args) throws IOException, ClassNotFoundException { Person person = new Person(10,"Simon"); ObjectOutputStream oos1 = new ObjectOutputStream(new FileOutputStream("object1.out")); oos1.writeObject(person); ObjectInputStream ois1= new ObjectInputStream(new FileInputStream("object1.out")); Person re_person = (Person) ois1.readObject(); System.out.println(re_person.getName()+"---"+re_person.getAge()); SpecialPerson specialPerson = new SpecialPerson(30,"Daniel"); ObjectOutputStream oos2 = new ObjectOutputStream(new FileOutputStream("object2.out")); oos2.writeObject(specialPerson); ObjectInputStream ois2= new ObjectInputStream(new FileInputStream("object2.out")); SpecialPerson re_specialPerson = (SpecialPerson)ois2.readObject(); System.out.println(re_specialPerson.getName()+"---"+re_specialPerson.getAge()); } }

4、一些細節

1.序列化ID

serialVersionUID  若是兩個類的ID不一樣，則不能互相序列與反序列（可應用與版本控制，不一樣版本的類相互兼容或者不兼容）

2.安全性

因爲其標準化致使其有泄露的風險（二進制明文，可採用加密的方法）