Customized serialization in Java_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-04-02 20:23 出处：网络

I have the following class class UserAc开发者_如何学Gocount implements Serializable { public String username;

I have the following class

class UserAc开发者_如何学Gocount implements Serializable
{
    public String username;
    public String password;

    public UserAccount()
    {
        username = "defaultUsername";
        password = "defaultPassword";
    }

    public UserAccount(String u, String p)
    {
        username = u;
        password = p;
    }

    private void readObject(ObjectInputStream o) 
            throws IOException, ClassNotFoundException
    {
        //username = (String)o.readObject();
        o.defaultReadObject();
    }

    private void writeobject(ObjectOutputStream o) 
            throws IOException, ClassNotFoundException
    {
        //o.defaultWriteObject();

        o.writeObject(username);
    }

    public String toString()
    {
        return username + ", " + password;
    }
}

And I wrote the following snippet to serialize and de-serialize an instance of it.

ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream(new File("out.dat")));

out.writeObject(new UserAccount("test", "test2"));

out.close();

ObjectInputStream in = new ObjectInputStream(new FileInputStream(new File("out.dat")));

UserAccount u = (UserAccount)in.readObject();

in.close();

System.out.println(u);

I am customizing the serialization using the writeObject() hook, such that, I am only persisting the username. But when I read back the object, I do the default de-serialization.

I am expecting the output to be test, null while the out put is test, test2

Basically I am expecting the member password to be null since I did not persist it. Can anyone help me understand how password is initialized to test2.

I also verified that the call to the constructor was not made[I knew it wouldn't be made, but I checked nevertheless] during deserialization.

Thanks in advance.

Use the transient keyword to variables to make them not serialized. This might be another solution to skaffman's answer.

Reference: Why does Java have transient fields?

writeObject() doesn't replace the default serialization mechanism, it adds to it (allowing you to add additional data to the stream).

If you want a completely custom mechanism, consider implementing java.io.Externalizable instead of java.io.Serializable.

From the javadoc:

Only the identity of the class of an Externalizable instance is written in the serialization stream and it is the responsibility of the class to save and restore the contents of its instances. The writeExternal and readExternal methods of the Externalizable interface are implemented by a class to give the class complete control over the format and contents of the stream for an object and its supertypes. These methods must explicitly coordinate with the supertype to save its state. These methods supersede customized implementations of writeObject and readObject methods.