Exert Control Over Serialization

Exert Control Over Serialization

Java gives you control over the serialization process through the java.io.Externalizable interface. The java.io.Externalizable interface extends the java.io.Serializable interface by adding two methods:

 public void writeExternal(ObjectOutput out) public void readExternal(ObjectInput in) 

These methods are automatically called during serialization and de-serialization. Therefore, by providing code for these methods, you can implement your own serialization-specific operations, and, thus, have control over what data to, or not to serialize out.

One major difference between an externalizable and a serializable object is that, with an externalizable object, the normal construction behavior, including default initialization of attributes at the point of their definition, occurs. Now, let’s have some code example:

 import java.io.*; import java.util.*; class ExternalizeExample implements Externalizable {   //define attributes, do not initialize    int age; //to be serialized out   String ageStr; //not to be serialized out     //default constructor   public ExternalizeExample()   {     System.out.println("ExternalizeExample default Constructor");     System.out.println("attributes i, and s not initialized");   }     //parameterized constructor   public ExternalizeExample(String anAgeStr, int anAge)   {     System.out.println("ExternalizeExample(String anAgeStr, int anAge)");     ageStr = anAgeStr;     age = anAge;     System.out.println("attributes age, and ageStr initialized in non-default constructor.");     System.out.println("ageStr: "+ageStr+", age: "+age);   }     public String toString() { return ageStr + ": "+ age; }     public void writeExternal(ObjectOutput out)       throws IOException   {     System.out.println("ExternalizeExample.writeExternal");     //here you have control over what to, or not to serialize out     //we must explicitly write the fields that     //we want to serialize out         //un-comment the following line if you'd     //like to serialize data field s     //out.writeObject(ageStr);         out.writeInt(age);   }   public void readExternal(ObjectInput in)      throws IOException, ClassNotFoundException   {     System.out.println("ExternalizeExample.readExternal");         //de-serialize in the fields that are written out         //un-comment the following line if you've     //already serialized out data field s         //if you attempt to de-serialize data that's not     //serialized out, you'll get a java.io.StreamCorruptedException     //ageStr= (String)in.readObject();         age =in.readInt();   } } 

Now we can create an instance of this class and serialize it, and write the serialized object to disk, and de-serialize it back as in:

   public static void main(String[] args)   {     System.out.println("Constructing an ExternalizeExample objects:");     ExternalizeExample ee = new ExternalizeExample("My Age ", 110);     System.out.println(ee.toString());     try     {       ObjectOutputStream o =         new ObjectOutputStream(           new FileOutputStream("ee.out"));       System.out.println("Serializing:");       o.writeObject(ee);       o.close();       // de-serialize the object in       ObjectInputStream in =         new ObjectInputStream(           new FileInputStream("ee.out"));       System.out.println("de-serializing:");       ee = (ExternalizeExample)in.readObject();       System.out.println(ee.toString());     }     catch(Exception e)     {       //handle exception     }   } 

That is basically it. The fields ageStr and age are initialized only in the parameterized constructor, but not in the default constructor. So, if you don’t initialize ageStr and age in the readExternal(…) method, it will be null.

When inheriting from an Externalizable object, it might be a good idea to call the writeExternal(…) and readExternal(…) methods of the base class to provide proper storage/retrieval of the base class data.

Also, note that the default constructor of an externalizable object has to be declared public, or you’ll get a java.io.InvalidClassException upon de-serializing of the object.

Share the Post:
data observability

Data Observability Explained

Data is the lifeblood of any successful business, as it is the driving force behind critical decision-making, insight generation, and strategic development. However, due to its intricate nature, ensuring the

Heading photo, Metadata.

What is Metadata?

What is metadata? Well, It’s an odd concept to wrap your head around. Metadata is essentially the secondary layer of data that tracks details about the “regular” data. The regular

XDR solutions

The Benefits of Using XDR Solutions

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved