原文: https://howtodoinjava.com/java/serialization/custom-serialization-readobject-writeobject/

在某些情况下,您可能需要在 Java 中使用自定义序列化。 例如,您有遗留的 Java 类,由于任何原因都不愿意对其进行修改。 也可能存在一些设计约束。 甚至简单地说,该类将在将来的发行版中进行更改,这可能会破坏先前序列化对象的反序列化

  1. Table of Contents
  2. 1\. Custom Serialization
  3. 2\. Default Serialization with Added Validation
  4. 3\. Summary

1. Java 自定义序列化

在大多数情况下,当自定义 Java 序列化时,您将按顺序逐一写入字段。 它最常用的方法将覆盖默认的 Java 序列化进程。

假设我们有一个User对象,我们想自定义它的序列化过程。

  1. public class User implements Serializable {
  2. private static final long serialVersionUID = 7829136421241571165L;
  3. private String firstName;
  4. private String lastName;
  5. private int accountNumber;
  6. private Date dateOpened;
  7. public User(String firstName, String lastName, int accountNumber, Date dateOpened) {
  8. super();
  9. this.firstName = firstName;
  10. this.lastName = lastName;
  11. this.accountNumber = accountNumber;
  12. this.dateOpened = dateOpened;
  13. }
  14. public User() {
  15. super();
  16. }
  17. public final String getFirstName() {
  18. return firstName;
  19. }
  20. public final String getLastName() {
  21. return lastName;
  22. }
  23. public final int getAccountNumber() {
  24. return accountNumber;
  25. }
  26. public final Date getDateOpened() {
  27. return new Date(dateOpened.getTime());
  28. }
  29. public final void setFirstName(String aNewFirstName) {
  30. firstName = aNewFirstName;
  31. }
  32. public final void setLastName(String aNewLastName) {
  33. lastName = aNewLastName;
  34. }
  35. public final void setAccountNumber(int aNewAccountNumber) {
  36. accountNumber = aNewAccountNumber;
  37. }
  38. public final void setDateOpened(Date aNewDate) {
  39. Date newDate = new Date(aNewDate.getTime());
  40. dateOpened = newDate;
  41. }
  42. }

1.1 readObject()writeObject()方法

要自定义序列化和反序列化,请在此类中定义readObject()writeObject()方法。

  • writeObject()方法内部,使用ObjectOutputStream提供的writeXXX方法编写类属性。
  • readObject()方法内部,使用ObjectInputStream提供的readXXX方法读取类属性。
  • 请注意,读写方法中类属性的序列必须与相同。
  1. import java.io.IOException;
  2. import java.io.ObjectInputStream;
  3. import java.io.ObjectOutputStream;
  4. import java.io.Serializable;
  5. import java.util.Date;
  6. public class User implements Serializable {
  7. private static final long serialVersionUID = 7829136421241571165L;
  8. private String firstName;
  9. private String lastName;
  10. private int accountNumber;
  11. private Date dateOpened;
  12. public User(String firstName, String lastName, int accountNumber, Date dateOpened) {
  13. super();
  14. this.firstName = firstName;
  15. this.lastName = lastName;
  16. this.accountNumber = accountNumber;
  17. this.dateOpened = dateOpened;
  18. }
  19. public User() {
  20. super();
  21. }
  22. //Setters and Getters
  23. private void readObject(ObjectInputStream aInputStream) throws ClassNotFoundException, IOException
  24. {
  25. firstName = aInputStream.readUTF();
  26. lastName = aInputStream.readUTF();
  27. accountNumber = aInputStream.readInt();
  28. dateOpened = new Date(aInputStream.readLong());
  29. }
  30. private void writeObject(ObjectOutputStream aOutputStream) throws IOException
  31. {
  32. aOutputStream.writeUTF(firstName);
  33. aOutputStream.writeUTF(lastName);
  34. aOutputStream.writeInt(accountNumber);
  35. aOutputStream.writeLong(dateOpened.getTime());
  36. }
  37. }

现在,我们来测试代码。

1.2 测试自定义序列化

  1. package com.howtodoinjava.io.example;
  2. import java.io.FileInputStream;
  3. import java.io.FileOutputStream;
  4. import java.io.IOException;
  5. import java.io.ObjectInputStream;
  6. import java.io.ObjectOutputStream;
  7. import java.util.Calendar;
  8. import java.util.Date;
  9. public class TestCustomSerialization
  10. {
  11. public static void main(String[] args)
  12. {
  13. // Create new User object
  14. User myDetails = new User("Lokesh", "Gupta", 102825, new Date(Calendar.getInstance().getTimeInMillis()));
  15. // Serialization code
  16. try
  17. {
  18. FileOutputStream fileOut = new FileOutputStream("User.ser");
  19. ObjectOutputStream out = new ObjectOutputStream(fileOut);
  20. out.writeObject(myDetails);
  21. out.close();
  22. fileOut.close();
  23. }
  24. catch (IOException i)
  25. {
  26. i.printStackTrace();
  27. }
  28. // De-serialization code
  29. User deserializedUser = null;
  30. try
  31. {
  32. FileInputStream fileIn = new FileInputStream("User.ser");
  33. ObjectInputStream in = new ObjectInputStream(fileIn);
  34. deserializedUser = (User) in.readObject();
  35. in.close();
  36. fileIn.close();
  37. // verify the object state
  38. System.out.println(deserializedUser.getFirstName());
  39. System.out.println(deserializedUser.getLastName());
  40. System.out.println(deserializedUser.getAccountNumber());
  41. System.out.println(deserializedUser.getDateOpened());
  42. }
  43. catch (IOException ioe)
  44. {
  45. ioe.printStackTrace();
  46. }
  47. catch (ClassNotFoundException cnfe)
  48. {
  49. cnfe.printStackTrace();
  50. }
  51. }
  52. }

//输出

  1. Lokesh
  2. Gupta
  3. 102825
  4. Wed May 24 13:05:25 IST 2017

2. 覆盖默认序列化以添加验证

有时,您可能只需要执行任何特定的验证,或者在反序列化的对象上运行一些业务规则,而不会影响默认的 Java 序列化机制。 当您决定使用readObject()writeObject()方法时,这也是可能的。

在此用例中,可以在readObject()writeObject()方法中使用defaultReadObject()defaultWriteObject() - 启用默认的序列化和反序列化。 然后,您可以将您的自定义验证或业务规则插入读/写方法中。
这样,在默认的序列化和反序列化过程发生后,JVM 将立即自动调用验证方法。

  1. public class User implements Serializable {
  2. //class attributes, constructors, setters and getters as shown above
  3. /**
  4. * Always treat de-serialization as a full-blown constructor, by validating the final state of the de-serialized object.
  5. */
  6. private void readObject(ObjectInputStream aInputStream) throws ClassNotFoundException, IOException
  7. {
  8. // perform the default de-serialization first
  9. aInputStream.defaultReadObject();
  10. // make defensive copy of the mutable Date field
  11. dateOpened = new Date(dateOpened.getTime());
  12. // ensure that object state has not been corrupted or tampered with malicious code
  13. //validateUserInfo();
  14. }
  15. /**
  16. * This is the default implementation of writeObject. Customize as necessary.
  17. */
  18. private void writeObject(ObjectOutputStream aOutputStream) throws IOException {
  19. //ensure that object is in desired state. Possibly run any business rules if applicable.
  20. //checkUserInfo();
  21. // perform the default serialization for all non-transient, non-static fields
  22. aOutputStream.defaultWriteObject();
  23. }
  24. }

再次测试代码,您将看到以下输出:

  1. Lokesh
  2. Gupta
  3. 102825
  4. Wed May 24 13:10:18 IST 2017

3. 总结

如我们所见,自定义序列化在 Java 中非常容易,并且涉及非常简单的设计,即实现readObject()writeObject()方法; 并添加任何其他逻辑以支持应用程序业务逻辑。

尽管在大多数情况下,默认的序列化/反序列化就足够了; 在需要时仍应在 Java 应用程序中使用自定义序列化。

将我的问题放在评论部分。

学习愉快!