Customized Serialization and Deserialization In Java
Posted By : Vikash Patwal | 13-Dec-2018
Customized Serialization and Deserialization In Java Serialization is a system of changing over the condition of a question into a byte stream. Deserialization is the turn around process where the byte stream is utilized to reproduce the real Java protest in memory. This component is utilized to hold on the protest.
Why is custom serialization needed?
Amid serialization, there might be information misfortune on the off chance that we utilize the 'transient' keyword. 'Transient' keyword is utilized on the factors which we would prefer not to serialize. In any case, here and there, it is expected to serialize them in an unexpected way in comparison to the default serialization, (for example, scrambling before serializing and so on.), all things considered, we need to utilize custom serialization and deserialization.
Example for Serialization-:
public class Account implements Serializable{
public String email="[email protected]";
public transient String password="admin@123";
}
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
public class CustomSerialization {
public static void main(String[] args) throws IOException {
Account a1=new Account();
//serialization
try
{
FileOutputStream fos =new FileOutputStream("filepath/abc.txt");
ObjectOutputStream oos=new ObjectOutputStream(fos);
//at the time of write object JVM will check any writeObject method is implement or
//not in account class if not exit then default serialization used and save password default value in file
//if exit then save another object in file Ex->encryptPassword value save in file
oos.writeObject(a1);
}
catch (IOException e) {
e.printStackTrace();
}
//deserialization
try
{
FileInputStream fis =new FileInputStream("filepath/abc.txt");
ObjectInputStream ois=new ObjectInputStream(fis);
//at the time of read object JVM will check any readObject method is implement or
//not in account class if not exit then default serialization used and get password default value in file
//if exit then get encryptPassword object value from file and assign to password
Account a2=(Account)ois.readObject();
System.out.println("email-->"+a2.email);
System.out.println("password-->"+a2.password);
}
catch (IOException | ClassNotFoundException e) {
e.printStackTrace();
}
}
}
O/[email protected]
password--=null
In the above model, before serialization, Account question can give appropriate email and secret key however deserialization of Account protest gives just email and not the secret phrase. This is expected to pronouncing secret key variable as transient.
Thus amid default serialization, there might be a possibility of loss of data as a result of the transient watchword. To recoup this misfortune, we should utilize Customized Serialization.
Customized serialization can be implement's using the below two methods-:
1) private void writeObject(ObjectOutputStream oos) throws Exception-:
This above will be executed automatically by the JVM at the time of serialization.
2) private void readObject(ObjectInputStream
This above method will be executed automatically by the JVM (also known as Callback Methods) at the time of deserialization.
Example for Custom Serialization-:
public class Account implements Serializable{
public String email="[email protected]";
public transient String password="admin@123";
private void writeObject(ObjectOutputStream oos) throws Exception
{
oos.defaultWriteObject();
String encryptPassword="123"+password;
oos.writeObject(encryptPassword);
}
private void readObject(ObjectInputStream ois) throws Exception
{
ois.defaultReadObject();
String encryptPassword=(String)ois.readObject();
password = encryptPassword.substring(3);
}
}
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
public class CustomSerialization {
public static void main(String[] args) throws IOException {
Account a1=new Account();
//serialization
try
{
FileOutputStream fos =new FileOutputStream("filepath/abc.txt");
ObjectOutputStream oos=new ObjectOutputStream(fos);
//at the time of write object JVM will check any writeObject method is implement or
//not in account class if not exit then default serialization used and save password default value in file
//if exit then save another object in file Ex->encryptPassword value save in file
oos.writeObject(a1);
}
catch (IOException e) {
e.printStackTrace();
}
//deserialization
try
{
FileInputStream fis =new FileInputStream("filepath/abc.txt");
ObjectInputStream ois=new ObjectInputStream(fis);
//at the time of read object JVM will check any readObject method is implement or
//not in account class if not exit then default serialization used and get password default value in file
//if exit then get encryptPassword object value from file and assign to password
Account a2=(Account)ois.readObject();
System.out.println("email-->"+a2.email);
System.out.println("password-->"+a2.password);
}
catch (IOException | ClassNotFoundException e) {
e.printStackTrace();
}
}
}
O/[email protected]
[email protected]
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Vikash Patwal
Vikash Patwal is Masters in Computer Applications and good in Java , he is hardworking team player.