JDK源码剖析(1)-Serializable接口
1.为什么要序列化
序列化的定义:序列化是将对象状态转换为可保持或可传输的形式的过程。序列化的补集是反序列化,后者将流转换为对象。这两个过程一起保证数据易于存储和传输。
前提(二进制协议和文本协议)
所有的数据在底层的传输都是二进制流,这点是毋庸置疑的。文本协议一般是由一串ACSII字符组成的数据,这些字符包括数字,大小写字母、百分号,还有回车(\r),换行(\n)以及空格等等。
文本协议
文本协议设计的目的就是方便人们理解、读懂,要不然给你一串0101实在是令人难以理解,所以,协议中通常会加入一些特殊字符用于分隔以便人们理解。
二进制协议
二进制协议就是一串字节流,通常包括消息头(header)和消息体(body),消息头的长度固定,并且消息头包括了消息体的长度。这样就能够从数据流中解析出一个完整的二进制数据。
二进制协议,没有冗余字段,传输高效,方便解析(固定长度,并且可以直接比较字节),缺点就是定义的比较死,哪个位置有哪些东西,是什么意义是定义死的,场景单一。
以上前提来自作者:Javaer2Leader
原文链接:https://juejin.cn/post/7114186059885330469
来源:稀土掘金
常见的序列化格式包括:二进制格式,字节数组,json字符串,xml字符串
2.jdk官方的解释:
jdk源码 /*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*/
package java.io;
/**
* Serializability of a class is enabled by the class implementing the
* java.io.Serializable interface. Classes that do not implement this
* interface will not have any of their state serialized or
* deserialized. All subtypes of a serializable class are themselves
* serializable. The serialization interface has no methods or fields
* and serves only to identify the semantics of being serializable. <p>
*
* To allow subtypes of non-serializable classes to be serialized, the
* subtype may assume responsibility for saving and restoring the
* state of the supertype's public, protected, and (if accessible)
* package fields. The subtype may assume this responsibility only if
* the class it extends has an accessible no-arg constructor to
* initialize the class's state. It is an error to declare a class
* Serializable if this is not the case. The error will be detected at
* runtime. <p>
*
* During deserialization, the fields of non-serializable classes will
* be initialized using the public or protected no-arg constructor of
* the class. A no-arg constructor must be accessible to the subclass
* that is serializable. The fields of serializable subclasses will
* be restored from the stream. <p>
*
* When traversing a graph, an object may be encountered that does not
* support the Serializable interface. In this case the
* NotSerializableException will be thrown and will identify the class
* of the non-serializable object. <p>
*
* Classes that require special handling during the serialization and
* deserialization process must implement special methods with these exact
* signatures:
*
* <PRE>
* private void writeObject(java.io.ObjectOutputStream out)
* throws IOException
* private void readObject(java.io.ObjectInputStream in)
* throws IOException, ClassNotFoundException;
* private void readObjectNoData()
* throws ObjectStreamException;
* </PRE>
*
* <p>The writeObject method is responsible for writing the state of the
* object for its particular class so that the corresponding
* readObject method can restore it. The default mechanism for saving
* the Object's fields can be invoked by calling
* out.defaultWriteObject. The method does not need to concern
* itself with the state belonging to its superclasses or subclasses.
* State is saved by writing the individual fields to the
* ObjectOutputStream using the writeObject method or by using the
* methods for primitive data types supported by DataOutput.
*
* <p>The readObject method is responsible for reading from the stream and
* restoring the classes fields. It may call in.defaultReadObject to invoke
* the default mechanism for restoring the object's non-static and
* non-transient fields. The defaultReadObject method uses information in
* the stream to assign the fields of the object saved in the stream with the
* correspondingly named fields in the current object. This handles the case
* when the class has evolved to add new fields. The method does not need to
* concern itself with the state belonging to its superclasses or subclasses.
* State is saved by writing the individual fields to the
* ObjectOutputStream using the writeObject method or by using the
* methods for primitive data types supported by DataOutput.
*
* <p>The readObjectNoData method is responsible for initializing the state of
* the object for its particular class in the event that the serialization
* stream does not list the given class as a superclass of the object being
* deserialized. This may occur in cases where the receiving party uses a
* different version of the deserialized instance's class than the sending
* party, and the receiver's version extends classes that are not extended by
* the sender's version. This may also occur if the serialization stream has
* been tampered; hence, readObjectNoData is useful for initializing
* deserialized objects properly despite a "hostile" or incomplete source
* stream.
*
* <p>Serializable classes that need to designate an alternative object to be
* used when writing an object to the stream should implement this
* special method with the exact signature:
*
* <PRE>
* ANY-ACCESS-MODIFIER Object writeReplace() throws ObjectStreamException;
* </PRE><p>
*
* This writeReplace method is invoked by serialization if the method
* exists and it would be accessible from a method defined within the
* class of the object being serialized. Thus, the method can have private,
* protected and package-private access. Subclass access to this method
* follows java accessibility rules. <p>
*
* Classes that need to designate a replacement when an instance of it
* is read from the stream should implement this special method with the
* exact signature.
*
* <PRE>
* ANY-ACCESS-MODIFIER Object readResolve() throws ObjectStreamException;
* </PRE><p>
*
* This readResolve method follows the same invocation rules and
* accessibility rules as writeReplace.<p>
*
* The serialization runtime associates with each serializable class a version
* number, called a serialVersionUID, which is used during deserialization to
* verify that the sender and receiver of a serialized object have loaded
* classes for that object that are compatible with respect to serialization.
* If the receiver has loaded a class for the object that has a different
* serialVersionUID than that of the corresponding sender's class, then
* deserialization will result in an {@link InvalidClassException}. A
* serializable class can declare its own serialVersionUID explicitly by
* declaring a field named <code>"serialVersionUID"</code> that must be static,
* final, and of type <code>long</code>:
*
* <PRE>
* ANY-ACCESS-MODIFIER static final long serialVersionUID = 42L;
* </PRE>
*
* If a serializable class does not explicitly declare a serialVersionUID, then
* the serialization runtime will calculate a default serialVersionUID value
* for that class based on various aspects of the class, as described in the
* Java(TM) Object Serialization Specification. However, it is <em>strongly
* recommended</em> that all serializable classes explicitly declare
* serialVersionUID values, since the default serialVersionUID computation is
* highly sensitive to class details that may vary depending on compiler
* implementations, and can thus result in unexpected
* <code>InvalidClassException</code>s during deserialization. Therefore, to
* guarantee a consistent serialVersionUID value across different java compiler
* implementations, a serializable class must declare an explicit
* serialVersionUID value. It is also strongly advised that explicit
* serialVersionUID declarations use the <code>private</code> modifier where
* possible, since such declarations apply only to the immediately declaring
* class--serialVersionUID fields are not useful as inherited members. Array
* classes cannot declare an explicit serialVersionUID, so they always have
* the default computed value, but the requirement for matching
* serialVersionUID values is waived for array classes.
*
* @author unascribed
* @see java.io.ObjectOutputStream
* @see java.io.ObjectInputStream
* @see java.io.ObjectOutput
* @see java.io.ObjectInput
* @see java.io.Externalizable
* @since JDK1.1
*/
public interface Serializable {
}类的可序列化性由实现 java.io.Serializable 接口的类启用。未实现此接口的类将不会对其任何状态进行序列化或反序列化。可序列化类的所有子类型本身都是可序列化的。序列化接口没有方法或字段,仅用于识别可序列化的语义。
为了允许序列化不可序列化类的子类型,子类型可以负责保存和恢复超类型的公共、受保护和(如果可访问)包字段的状态。仅当它扩展的类具有可访问的无参数构造函数来初始化类的状态时,子类型才可以承担此责任。如果不是这种情况,则声明类 Serializable 是错误的。将在运行时检测到错误。
在反序列化过程中,不可序列化类的字段将使用类的公共或受保护的无参数构造函数进行初始化。可序列化的子类必须可以访问无参数构造函数。可序列化子类的字段将从流中恢复。
在遍历图时,可能会遇到不支持 Serializable 接口的对象。在这种情况下,NotSerializableException 将被抛出,并将识别不可序列化对象的类。
在序列化和反序列化过程中需要特殊处理的类必须实现具有这些确切签名的特殊方法:
private void writeObject(java.io.ObjectOutputStream out)
throws IOException
private void readObject(java.io.ObjectInputStream in)
throws IOException, ClassNotFoundException;
private void readObjectNoData()
throws ObjectStreamException;
writeObject 方法负责为其特定类写入对象的状态,以便相应的 readObject 方法可以恢复它。可以通过调用 out.defaultWriteObject 来调用保存 Object 字段的默认机制。该方法不需要关注属于其超类或子类的状态。通过使用 writeObject 方法或使用 DataOutput 支持的原始数据类型的方法将各个字段写入 ObjectOutputStream 来保存状态。
readObject 方法负责从流中读取并恢复类字段。它可以调用 in.defaultReadObject 来调用用于恢复对象的非静态和非瞬态字段的默认机制。 defaultReadObject 方法使用流中的信息将保存在流中的对象的字段分配给当前对象中相应命名的字段。这可以处理类已经演变为添加新字段的情况。该方法不需要关注属于其超类或子类的状态。通过使用 writeObject 方法或使用 DataOutput 支持的原始数据类型的方法将各个字段写入 ObjectOutputStream 来保存状态。
如果序列化流未将给定类列为被反序列化对象的超类,readObjectNoData 方法负责为其特定类初始化对象的状态。这可能发生在接收方使用与发送方不同版本的反序列化实例类的情况下,并且接收方的版本扩展了发送方版本未扩展的类。如果序列化流已被篡改,也可能发生这种情况;因此,尽管存在“敌对”或不完整的源流,但 readObjectNoData 对于正确初始化反序列化对象很有用。
在将对象写入流时需要指定要使用的替代对象的可序列化类应使用精确签名实现此特殊方法:
ANY-ACCESS-MODIFIER Object writeReplace() throws ObjectStreamException;
如果该方法存在并且可以从被序列化对象的类中定义的方法访问,则该 writeReplace 方法由序列化调用。因此,该方法可以具有私有、受保护和包私有访问。对该方法的子类访问遵循 java 可访问性规则。
当从流中读取实例时需要指定替换的类应该使用精确的签名实现这个特殊方法。
ANY-ACCESS-MODIFIER Object readResolve() throws ObjectStreamException;
此 readResolve 方法遵循与 writeReplace 相同的调用规则和可访问性规则。
序列化运行时与每个可序列化类关联一个版本号,称为 serialVersionUID,在反序列化期间使用该版本号来验证序列化对象的发送方和接收方是否已加载与序列化兼容的该对象的类。如果接收者为对象加载了一个类,该对象的 serialVersionUID 与相应发送者的类不同,则反序列化将导致InvalidClassException 。可序列化的类可以通过声明一个名为"serialVersionUID"的字段来显式声明自己的serialVersionUID,该字段必须是静态的、最终的并且类型为long :
ANY-ACCESS-MODIFIER static final long serialVersionUID = 42L;
如果可序列化类没有显式声明 serialVersionUID,则序列化运行时将根据类的各个方面为该类计算默认的 serialVersionUID 值,如 Java(TM) 对象序列化规范中所述。但是,强烈建议所有可序列化的类都显式声明 serialVersionUID 值,因为默认的 serialVersionUID 计算对类细节高度敏感,这些细节可能因编译器实现而异,因此可能在反序列化期间导致意外的InvalidClassException 。因此,为了保证在不同的 java 编译器实现中具有一致的 serialVersionUID 值,可序列化的类必须声明一个显式的 serialVersionUID 值。还强烈建议显式 serialVersionUID 声明尽可能使用private修饰符,因为此类声明仅适用于立即声明的类——serialVersionUID 字段不能用作继承成员。数组类不能显式声明 serialVersionUID,因此它们始终具有默认计算值,但数组类无需匹配 serialVersionUID 值。
3.序列化实现
通常当进行数据持久化或网络传输时就必须进行数据的序列化操作,当我们想要将B类作为A类的参数存储在数据库中时,可将B类序列化为字符串形式
实体类Book
package com.itheima.domain;
import java.util.Date;
public class Book {
private Integer id;
private String username;
private String password;
private Date date;
private String json;
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public Date getDate() {
return date;
}
public void setDate(Date date) {
this.date = date;
}
public String getJson() {
return json;
}
public void setJson(String json) {
this.json = json;
}
@Override
public String toString() {
return "Book{" +
"id=" + id +
", username='" + username + '\'' +
", password='" + password + '\'' +
", date=" + date +
", json='" + json + '\'' +
'}';
}
}同时数据持久层通过注解的方式编写SQL语句
持久层BookDao
package com.itheima.dao;
import com.itheima.domain.Book;
import org.apache.ibatis.annotations.Insert;
import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Options;
import org.apache.ibatis.annotations.Select;
@Mapper
public interface BookDao {
@Select("select * from user where id = #{id}")
public Book getById(Integer id);
@Options(useGeneratedKeys = true,keyProperty = "id")
@Insert("insert into `user`(`username`,`password`,`json`) values (#{username},#{password},#{json})")
public void insert(Book book);
}Service层接口
package com.itheima.service;
import com.itheima.domain.Book;
import org.springframework.stereotype.Service;
@Service
public interface BookService {
public Book getById(Integer id);
public void insert(Book book);
}ServiceImpl实现接口方法
package com.itheima.service;
import com.itheima.dao.BookDao;
import com.itheima.domain.Book;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@Service
public class BookServiceImpl implements BookService{
@Autowired
private BookDao bookDao;
@Override
public Book getById(Integer id) {
return bookDao.getById(id);
}
@Override
public void insert(Book book) {
bookDao.insert(book);
}
}
Controller提供请求url
package com.itheima.controller;
import com.alibaba.fastjson.JSON;
import com.itheima.domain.Book;
import com.itheima.service.BookService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class BookController {
@Autowired
private BookService bookService;
int id = 0;
@RequestMapping("/user")
public String insert(){
Book book = new Book();
book.setUsername("拉行啊");
book.setPassword("123");
String jsonObject = JSON.toJSONString(book);
System.out.println(jsonObject);
book.setJson(jsonObject);
bookService.insert(book);
id = book.getId();
return book.toString();
}
@RequestMapping("/get")
public String get(){
Book book = new Book();
book = bookService.getById(id);
id = book.getId();
return book.toString();
}
}插入后返回给浏览器插入的json数据
同时mysql中也插入了数据
可通过get获取插入后的数据
浙公网安备 33010602011771号