What is the difference between Serializable and Externalizable in Java?
What is the difference between Serializable and Externalizable in Java?
-
There are so many difference exist between Serializable and Externalizable but when we compare difference between custom Serializable(overrided writeObject() & readObject()) and Externalizable then we find that custom implementation is tightly bind with ObjectOutputStream class where as in Externalizable case , we ourself provide an implementation of ObjectOutput which may be ObjectOutputStream class or it could be some other like org.apache.mina.filter.codec.serialization.ObjectSerializationOutputStream
In case of Externalizable interface
@Override public void writeExternal(ObjectOutput out) throws IOException { out.writeUTF(key); out.writeUTF(value); out.writeObject(emp); } @Override public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { this.key = in.readUTF(); this.value = in.readUTF(); this.emp = (Employee) in.readObject(); } **In case of Serializable interface** /* We can comment below two method and use default serialization process as well Sequence of class attributes in read and write methods MUST BE same. // below will not work it will not work . // Exception = java.io.StreamCorruptedException: invalid type code: 00\ private void writeObject(java.io.ObjectOutput stream) */ private void writeObject(java.io.ObjectOutputStream Outstream) throws IOException { System.out.println("from writeObject()"); /* We can define custom validation or business rules inside read/write methods. This way our validation methods will be automatically called by JVM, immediately after default serialization and deserialization process happens. checkTestInfo(); */ stream.writeUTF(name); stream.writeInt(age); stream.writeObject(salary); stream.writeObject(address); } private void readObject(java.io.ObjectInputStream Instream) throws IOException, ClassNotFoundException { System.out.println("from readObject()"); name = (String) stream.readUTF(); age = stream.readInt(); salary = (BigDecimal) stream.readObject(); address = (Address) stream.readObject(); // validateTestInfo(); }I have added sample code to explain better. please check in/out object case of Externalizable. These are not bound to any implementation directly.
Where as Outstream/Instream are tightly bind to classes. We can extends ObjectOutputStream/ObjectInputStream but it will a bit difficult to use.讨论(0) -
Serialization provides default functionality to store and later recreate the object. It uses verbose format to define the whole graph of objects to be stored e.g. suppose you have a linkedList and you code like below, then the default serialization will discover all the objects which are linked and will serialize. In default serialization the object is constructed entirely from its stored bits, with no constructor calls.
ObjectOutputStream oos = new ObjectOutputStream( new FileOutputStream("/Users/Desktop/files/temp.txt")); oos.writeObject(linkedListHead); //writing head of linked list oos.close();But if you want restricted serialization or don't want some portion of your object to be serialized then use Externalizable. The Externalizable interface extends the Serializable interface and adds two methods, writeExternal() and readExternal(). These are automatically called while serialization or deserialization. While working with Externalizable we should remember that the default constructer should be public else the code will throw exception. Please follow the below code:
public class MyExternalizable implements Externalizable { private String userName; private String passWord; private Integer roll; public MyExternalizable() { } public MyExternalizable(String userName, String passWord, Integer roll) { this.userName = userName; this.passWord = passWord; this.roll = roll; } @Override public void writeExternal(ObjectOutput oo) throws IOException { oo.writeObject(userName); oo.writeObject(roll); } @Override public void readExternal(ObjectInput oi) throws IOException, ClassNotFoundException { userName = (String)oi.readObject(); roll = (Integer)oi.readObject(); } public String toString() { StringBuilder b = new StringBuilder(); b.append("userName: "); b.append(userName); b.append(" passWord: "); b.append(passWord); b.append(" roll: "); b.append(roll); return b.toString(); } public static void main(String[] args) { try { MyExternalizable m = new MyExternalizable("nikki", "student001", 20); System.out.println(m.toString()); ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("/Users/Desktop/files/temp1.txt")); oos.writeObject(m); oos.close(); System.out.println("***********************************************************************"); ObjectInputStream ois = new ObjectInputStream(new FileInputStream("/Users/Desktop/files/temp1.txt")); MyExternalizable mm = (MyExternalizable)ois.readObject(); mm.toString(); System.out.println(mm.toString()); } catch (ClassNotFoundException ex) { Logger.getLogger(MyExternalizable.class.getName()).log(Level.SEVERE, null, ex); } catch(IOException ex) { Logger.getLogger(MyExternalizable.class.getName()).log(Level.SEVERE, null, ex); } } }Here if you comment the default constructer then the code will throw below exception:
java.io.InvalidClassException: javaserialization.MyExternalizable; javaserialization.MyExternalizable; no valid constructor.We can observe that as password is sensitive information, so i am not serializing it in writeExternal(ObjectOutput oo) method and not setting the value of same in readExternal(ObjectInput oi). That's the flexibility that is provided by Externalizable.
The output of the above code is as per below:
userName: nikki passWord: student001 roll: 20 *********************************************************************** userName: nikki passWord: null roll: 20We can observe as we are not setting the value of passWord so it's null.
The same can also be achieved by declaring the password field as transient.
private transient String passWord;Hope it helps. I apologize if i made any mistakes. Thanks.
讨论(0) -
Key differences between
SerializableandExternalizable- Marker interface:
Serializableis marker interface without any methods.Externalizableinterface contains two methods:writeExternal()andreadExternal(). - Serialization process: Default Serialization process will be kicked-in for classes implementing
Serializableinterface. Programmer defined Serialization process will be kicked-in for classes implementingExternalizableinterface. - Maintenance: Incompatible changes may break serialisation.
- Backward Compatibility and Control: If you have to support multiple versions, you can have full control with
Externalizableinterface. You can support different versions of your object. If you implementExternalizable, it's your responsibility to serializesuperclass - public No-arg constructor:
Serializableuses reflection to construct object and does not require no arg constructor. ButExternalizabledemands public no-arg constructor.
Refer to blog by
Hitesh Gargfor more details.讨论(0) - Marker interface:
-
To add to the other answers, by implementating
java.io.Serializable, you get "automatic" serialization capability for objects of your class. No need to implement any other logic, it'll just work. The Java runtime will use reflection to figure out how to marshal and unmarshal your objects.In earlier version of Java, reflection was very slow, and so serializaing large object graphs (e.g. in client-server RMI applications) was a bit of a performance problem. To handle this situation, the
java.io.Externalizableinterface was provided, which is likejava.io.Serializablebut with custom-written mechanisms to perform the marshalling and unmarshalling functions (you need to implementreadExternalandwriteExternalmethods on your class). This gives you the means to get around the reflection performance bottleneck.In recent versions of Java (1.3 onwards, certainly) the performance of reflection is vastly better than it used to be, and so this is much less of a problem. I suspect you'd be hard-pressed to get a meaningful benefit from
Externalizablewith a modern JVM.Also, the built-in Java serialization mechanism isn't the only one, you can get third-party replacements, such as JBoss Serialization, which is considerably quicker, and is a drop-in replacement for the default.
A big downside of
Externalizableis that you have to maintain this logic yourself - if you add, remove or change a field in your class, you have to change yourwriteExternal/readExternalmethods to account for it.In summary,
Externalizableis a relic of the Java 1.1 days. There's really no need for it any more.讨论(0) -
When considering options for improving performance, don't forget custom serialization. You can let Java do what it does well, or at least good enough, for free, and provide custom support for what it does badly. This is usually a lot less code than full Externalizable support.
讨论(0) -
Object Serialization uses the Serializable and Externalizable interfaces. A Java object is only serializable. if a class or any of its superclasses implements either the java.io.Serializable interface or its subinterface, java.io.Externalizable. Most of the java class are serializable.
- NotSerializableException:
packageName.ClassName« To participate a Class Object in serialization process, The class must implement either Serializable or Externalizable interface.
Serializable Interface
Object Serialization produces a stream with information about the Java classes for the objects which are being saved. For serializable objects, sufficient information is kept to restore those objects even if a different (but compatible) version of the implementation of the class is present. The Serializable interface is defined to identify classes which implement the serializable protocol:
package java.io; public interface Serializable {};- The serialization interface has no methods or fields and serves only to identify the semantics of being serializable. For serializing/deserializing a class, either we can use default writeObject and readObject methods (or) we can overriding writeObject and readObject methods from a class.
- JVM will have complete control in serializing the object. use transient keyword to prevent the data member from being serialized.
- Here serializable objects is reconstructed directly from the stream without executing
- InvalidClassException « In deserialization process, if local class serialVersionUID value is different from the corresponding sender's class. then result's in conflict as
java.io.InvalidClassException: com.github.objects.User; local class incompatible: stream classdesc serialVersionUID = 5081877, local class serialVersionUID = 50818771 - The values of the non-transient and non-static fields of the class get serialized.
Externalizable Interface
For Externalizable objects, only the identity of the class of the object is saved by the container; the class must save and restore the contents. The Externalizable interface is defined as follows:
package java.io; public interface Externalizable extends Serializable { public void writeExternal(ObjectOutput out) throws IOException; public void readExternal(ObjectInput in) throws IOException, java.lang.ClassNotFoundException; }- The Externalizable interface has two methods, an externalizable object must implement a writeExternal and readExternal methods to save/restore the state of an object.
- Programmer has to take care of which objects to be serialized. As a programmer take care of Serialization So, here transient keyword will not restrict any object in Serialization process.
- When an Externalizable object is reconstructed, an instance is created using the public no-arg constructor, then the readExternal method called. Serializable objects are restored by reading them from an ObjectInputStream.
OptionalDataException « The fields MUST BE IN THE SAME ORDER AND TYPE as we wrote them out. If there is any mismatch of type from the stream it throws OptionalDataException.
@Override public void writeExternal(ObjectOutput out) throws IOException { out.writeInt( id ); out.writeUTF( role ); out.writeObject(address); } @Override public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { this.id = in.readInt(); this.address = (Address) in.readObject(); this.role = in.readUTF(); }The instance fields of the class which written (exposed) to
ObjectOutputget serialized.
Example « implements Serializable
class Role { String role; } class User extends Role implements Serializable { private static final long serialVersionUID = 5081877L; Integer id; Address address; public User() { System.out.println("Default Constructor get executed."); } public User( String role ) { this.role = role; System.out.println("Parametarised Constructor."); } } class Address implements Serializable { private static final long serialVersionUID = 5081877L; String country; }Example « implements Externalizable
class User extends Role implements Externalizable { Integer id; Address address; // mandatory public no-arg constructor public User() { System.out.println("Default Constructor get executed."); } public User( String role ) { this.role = role; System.out.println("Parametarised Constructor."); } @Override public void writeExternal(ObjectOutput out) throws IOException { out.writeInt( id ); out.writeUTF( role ); out.writeObject(address); } @Override public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { this.id = in.readInt(); this.address = (Address) in.readObject(); this.role = in.readUTF(); } }Example
public class CustomClass_Serialization { static String serFilename = "D:/serializable_CustomClass.ser"; public static void main(String[] args) throws IOException { Address add = new Address(); add.country = "IND"; User obj = new User("SE"); obj.id = 7; obj.address = add; // Serialization objects_serialize(obj, serFilename); objects_deserialize(obj, serFilename); // Externalization objects_WriteRead_External(obj, serFilename); } public static void objects_serialize( User obj, String serFilename ) throws IOException{ FileOutputStream fos = new FileOutputStream( new File( serFilename ) ); ObjectOutputStream objectOut = new ObjectOutputStream( fos ); // java.io.NotSerializableException: com.github.objects.Address objectOut.writeObject( obj ); objectOut.flush(); objectOut.close(); fos.close(); System.out.println("Data Stored in to a file"); } public static void objects_deserialize( User obj, String serFilename ) throws IOException{ try { FileInputStream fis = new FileInputStream( new File( serFilename ) ); ObjectInputStream ois = new ObjectInputStream( fis ); Object readObject; readObject = ois.readObject(); String calssName = readObject.getClass().getName(); System.out.println("Restoring Class Name : "+ calssName); // InvalidClassException User user = (User) readObject; System.out.format("Obj[Id:%d, Role:%s] \n", user.id, user.role); Address add = (Address) user.address; System.out.println("Inner Obj : "+ add.country ); ois.close(); } catch (ClassNotFoundException e) { e.printStackTrace(); } } public static void objects_WriteRead_External( User obj, String serFilename ) throws IOException { FileOutputStream fos = new FileOutputStream(new File( serFilename )); ObjectOutputStream objectOut = new ObjectOutputStream( fos ); obj.writeExternal( objectOut ); objectOut.flush(); fos.close(); System.out.println("Data Stored in to a file"); try { // create a new instance and read the assign the contents from stream. User user = new User(); FileInputStream fis = new FileInputStream(new File( serFilename )); ObjectInputStream ois = new ObjectInputStream( fis ); user.readExternal(ois); System.out.format("Obj[Id:%d, Role:%s] \n", user.id, user.role); Address add = (Address) user.address; System.out.println("Inner Obj : "+ add.country ); ois.close(); } catch (ClassNotFoundException e) { e.printStackTrace(); } } }
@see
- What is Object Serialization
- Object Serialization: Frequently Asked Questions
讨论(0) - NotSerializableException:
加载中...
- 热议问题