java - 為什么Serializable中定義的Class 不能序列化?
問(wèn)題描述
Fields in a Serializable class must themselves be either Serializable or transient even if the class is never explicitly serialized or deserialized. That’s because under load, most J2EE application frameworks flush objects to disk, and an allegedly Serializable object with non-transient, non-serializable data members could cause program crashes, and open the door to attackers.This rule raises an issue on non-Serializable fields, and on collection fields when they are not private (because they could be assigned non-Serializable values externally), and when they are assigned non-Serializable types within the class.Noncompliant Code Examplepublic class Address { //...}public class Person implements Serializable { private static final long serialVersionUID = 1905122041950251207L; private String name; private Address address; // Noncompliant; Address isn’t serializable}
問(wèn)題解答
回答1:一個(gè)對(duì)象序列化時(shí),按照J(rèn)ava默認(rèn)的序列化規(guī)則,對(duì)象內(nèi)的所有成員都要序列化,也就是說(shuō),這些Class都必須實(shí)現(xiàn)Serializable。
所以,你有兩種改法,一是Address實(shí)現(xiàn)Serializable接口,二是對(duì)Person中的address成員加上transient標(biāo)記,這樣該成員就不會(huì)被序列化進(jìn)去。
回答2:如果 address 成員需要進(jìn)行序列化的話,則Address類(lèi)也需要實(shí)現(xiàn)Serializable接口。如果 address 成員不需要進(jìn)行序列化的話,可以加上transient關(guān)鍵字,則address成員不做序列化操作,值為null。如下:
public class Person implements Serializable { private static final long serialVersionUID = 1905122041950251207L; private String name; private transient Address address; // Noncompliant; Address isn’t serializable}
當(dāng)然還有其他方式:比如實(shí)現(xiàn)Externalizable接口,重寫(xiě)readExternal(ObjectInput in)和writeExternal(ObjectOutput out)方法。還有一個(gè)替代實(shí)現(xiàn)Externalizable接口方法,還是實(shí)現(xiàn)Serializable接口,添加writeObject(ObjectOutputStream obs)和readObject(ObjectInputStream ois)方法。
再說(shuō)說(shuō)為什么Address一定要實(shí)現(xiàn)Serializable,或者加上transient關(guān)鍵字Person才能進(jìn)行序列化?先看看不做處理,使用 ObjectOutputStream 來(lái)持久化對(duì)象,拋出的異常
Exception in thread 'main' java.io.NotSerializableException
看ObjectOutputStream源碼:
/** * Underlying writeObject/writeUnshared implementation. */ private void writeObject0(Object obj, boolean unshared)throws IOException { //...... // remaining cases if (obj instanceof String) {writeString((String) obj, unshared); } else if (cl.isArray()) {writeArray(obj, desc, unshared); } else if (obj instanceof Enum) {writeEnum((Enum<?>) obj, desc, unshared); } else if (obj instanceof Serializable) {writeOrdinaryObject(obj, desc, unshared); } else {if (extendedDebugInfo) { throw new NotSerializableException(cl.getName() + 'n' + debugInfoStack.toString());} else { throw new NotSerializableException(cl.getName());} }} finally { depth--; bout.setBlockDataMode(oldMode);} }
從此可知, 如果被寫(xiě)對(duì)象類(lèi)型是String、Array、Enum、Serializable,就可以進(jìn)行序列化,否則將拋出NotSerializableException。且在序列化對(duì)象時(shí),不僅會(huì)序列化當(dāng)前對(duì)象本身,還會(huì)對(duì)該對(duì)象引用的其它對(duì)象也進(jìn)行序列化。
相關(guān)文章:
1. python小白 關(guān)于類(lèi)里面的方法獲取變量失敗的問(wèn)題2. thinkPHP5中獲取數(shù)據(jù)庫(kù)數(shù)據(jù)后默認(rèn)選中下拉框的值,傳遞到后臺(tái)消失不見(jiàn)。有圖有代碼,希望有人幫忙3. linux運(yùn)維 - python遠(yuǎn)程控制windows如何實(shí)現(xiàn)4. Python2中code.co_kwonlyargcount的等效寫(xiě)法5. javascript - 如何用最快的速度C#或Python開(kāi)發(fā)一個(gè)桌面應(yīng)用程序來(lái)訪問(wèn)我的網(wǎng)站?6. django - Python error: [Errno 99] Cannot assign requested address7. mysql數(shù)據(jù)庫(kù)做關(guān)聯(lián)一般用id還是用戶名8. [python2]local variable referenced before assignment問(wèn)題9. 求救一下,用新版的phpstudy,數(shù)據(jù)庫(kù)過(guò)段時(shí)間會(huì)消失是什么情況?10. python小白,關(guān)于函數(shù)問(wèn)題
網(wǎng)公網(wǎng)安備