Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

serialization/deserialization mechanism

Tags:

java

serialization

deserialization

Say, I have a class X which has a field value, that is,

class X implements Serializable {
    private int value;
    // ...
}

Further it has getters and setters not displayed here. This class is serialized. At the deserialzation, end same class has value field and access specifier is public. Further, this class does not have getters and setters. So, my questions are:

  1. Does deserialization fail in case the access specifier of the field changes OR some or all of the methods go missing in the class at the deserialization end?
  2. What is the mechanism by which fields are assigned their values during deserialization?
like image 934
Mridul Vishal Avatar asked Dec 21 '11 07:12

Mridul Vishal

People also ask

Which methods are used during serialization and deserialization process?

For serializing the object, we call the writeObject() method of ObjectOutputStream class, and for deserialization we call the readObject() method of ObjectInputStream class. We must have to implement the Serializable interface for serializing the object.

Why do we need serialization and deserialization?

Well, serialization allows us to convert the state of an object into a byte stream, which then can be saved into a file on the local disk or sent over the network to any other machine. And deserialization allows us to reverse the process, which means reconverting the serialized byte stream to an object again.

How does deserialization work in Java?

How does Java deserialization work? When deserializing a byte stream back to an object it does not use the constructor. It simply creates an empty object and uses reflection to write the data to the fields. Just like with serialization, private and final fields are also included.

What is serialization in selenium?

What is Serialization? Serialization is a process where you convert an Instance of a Class (Object of a class) into a Byte Stream. This Byte Stream can then be stored as a file on the disk or can also be sent to another computer via the network.

2 Answers

Some good links The Java serialization algorithm revealed

1) does deserialization fail in case the access specifier of the field changes OR some or all of the methods go missing in the class at the deserialization end ?

Serialization happens using Using Reflection

Java Detects the changes to a class using the

private static final long serialVersionUID

The default involves a hashcode. Serialization creates a single hashcode, of type long, from the following information:

  • The class name and modifiers

  • The names of any interfaces the class implements

  • Descriptions of all methods and constructors except private methods and constructors

  • Descriptions of all fields except private, static, and private transient

The default behavior for the serialization mechanism is a classic "better safe than sorry" strategy. The serialization mechanism uses the suid, which defaults to an extremely sensitive index, to tell when a class has changed. If so, the serialization mechanism refuses to create instances of the new class using data that was serialized with the old classes.

2) what is the mechanism by which fields are assigned their values during deserialization ?

like image 191
Dead Programmer Avatar answered Nov 03 '22 00:11

Dead Programmer

The real details can be read in the Java Object Serialization Specification.

To answer your questions:

  1. Serialization has a basic sanity check to see if the serialization ends use the same version of a class: the serialVersionUID member must be equal. Read the section Stream Unique Identifiers to know more about it. Basically, it's a static value which you can either manage yourself by declaring it on your class, or let the compiler generate one for you. If the compiler generates it, ANY change to a class will result in a change of serialVersionUID and hence will make the deserialization fail if the ends do not have exactly the same classes. If you want to avoid this, declare the variable yourself and update it manually when a change to the class' member variables does make classes incompatible.

  2. The Java Virtual Machine does a lot of the magic here, it can access all internal state directly without the need for getters (fields marked transient or static aren't serialized though). Also, while the Serializable interface doesn't specify any methods to implement, there are a number of 'magic methods' which you can declare to influence the serialization process. Read section "The writeObject Method" and onwards to know more. Be aware though that you should use these sparingly as they might confuse any maintenance developers!

like image 43
JBert Avatar answered Nov 03 '22 00:11

JBert
Sign in to Comment

Related questions

Android TabView error?
Call a controller method within Play! template
Disable rename of a file in JFileChooser?
Set and get a static variable from two different classes in Java
Resize Control with Java JSplitPane
How do I configure the proxy settings so eclipse indigo can install new plugins
Generic java class that stores comparables
Get all file names in directory using JFileChooser?
Cannot connect to SQLServer database in Java application
Why doesn't the Graphics' draw method respect stroke attributes?
Android client for REST web service with basic security
Using quotes and double quotes in Java Runtime.getRuntime().exec(...)
How to detect if my application was launched from IntelliJ?
Java - how to check whether another (non-Java) process is running on Linux
Java Swing JLabel, HTML and custom fonts
Attachment of CSV content into a mail
Java generics type parameter hiding
php strtr equivalent in java
How to switch from HttpURLConnection to HttpClient
Creating a java server with rest

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!