You may need custom serialization in java in may cases. For example, you have legacy java classes which you are not willing to modify for any reason. There can be some design constraints as well. Or even simply, the class is expected to be changed in future releases which could break the deserialization of previously serialized objects.
Table of Contents 1. Custom Serialization 2. Default Serialization with Added Validation 3. Summary
1. Java Custom Serialization
In most of cases, when you will customize java serialization, you will be writing the fields one by one – in a sequence. Its most common way to override default java serialization process.
Let’s say, we have one User object and we want to customize it’s serialization process.
public class User implements Serializable {
private static final long serialVersionUID = 7829136421241571165L;
private String firstName;
private String lastName;
private int accountNumber;
private Date dateOpened;
public User(String firstName, String lastName, int accountNumber, Date dateOpened) {
super();
this.firstName = firstName;
this.lastName = lastName;
this.accountNumber = accountNumber;
this.dateOpened = dateOpened;
}
public User() {
super();
}
public final String getFirstName() {
return firstName;
}
public final String getLastName() {
return lastName;
}
public final int getAccountNumber() {
return accountNumber;
}
public final Date getDateOpened() {
return new Date(dateOpened.getTime());
}
public final void setFirstName(String aNewFirstName) {
firstName = aNewFirstName;
}
public final void setLastName(String aNewLastName) {
lastName = aNewLastName;
}
public final void setAccountNumber(int aNewAccountNumber) {
accountNumber = aNewAccountNumber;
}
public final void setDateOpened(Date aNewDate) {
Date newDate = new Date(aNewDate.getTime());
dateOpened = newDate;
}
}
1.1. readObject() and writeObject() methods
To customize serialization and deserialization, define readObject() and writeObject() methods in this class.
- Inside
writeObject()method, write class attributes usingwriteXXXmethods provided byObjectOutputStream. - Inside
readObject()method, read class attributes usingreadXXXmethods provided byObjectInputStream. - Please note that the sequence of class attributes in read and write methods MUST BE same.
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.util.Date;
public class User implements Serializable {
private static final long serialVersionUID = 7829136421241571165L;
private String firstName;
private String lastName;
private int accountNumber;
private Date dateOpened;
public User(String firstName, String lastName, int accountNumber, Date dateOpened) {
super();
this.firstName = firstName;
this.lastName = lastName;
this.accountNumber = accountNumber;
this.dateOpened = dateOpened;
}
public User() {
super();
}
//Setters and Getters
private void readObject(ObjectInputStream aInputStream) throws ClassNotFoundException, IOException
{
firstName = aInputStream.readUTF();
lastName = aInputStream.readUTF();
accountNumber = aInputStream.readInt();
dateOpened = new Date(aInputStream.readLong());
}
private void writeObject(ObjectOutputStream aOutputStream) throws IOException
{
aOutputStream.writeUTF(firstName);
aOutputStream.writeUTF(lastName);
aOutputStream.writeInt(accountNumber);
aOutputStream.writeLong(dateOpened.getTime());
}
}
Now let’s test the code.
1.2. Test Custom Serialization
package com.howtodoinjava.io.example;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.util.Calendar;
import java.util.Date;
public class TestCustomSerialization
{
public static void main(String[] args)
{
// Create new User object
User myDetails = new User("Lokesh", "Gupta", 102825, new Date(Calendar.getInstance().getTimeInMillis()));
// Serialization code
try
{
FileOutputStream fileOut = new FileOutputStream("User.ser");
ObjectOutputStream out = new ObjectOutputStream(fileOut);
out.writeObject(myDetails);
out.close();
fileOut.close();
}
catch (IOException i)
{
i.printStackTrace();
}
// De-serialization code
User deserializedUser = null;
try
{
FileInputStream fileIn = new FileInputStream("User.ser");
ObjectInputStream in = new ObjectInputStream(fileIn);
deserializedUser = (User) in.readObject();
in.close();
fileIn.close();
// verify the object state
System.out.println(deserializedUser.getFirstName());
System.out.println(deserializedUser.getLastName());
System.out.println(deserializedUser.getAccountNumber());
System.out.println(deserializedUser.getDateOpened());
}
catch (IOException ioe)
{
ioe.printStackTrace();
}
catch (ClassNotFoundException cnfe)
{
cnfe.printStackTrace();
}
}
}
//Output
Lokesh Gupta 102825 Wed May 24 13:05:25 IST 2017
2. Override default serialization to add validation
Sometimes you may have requirement where you only want to perform any specific validation, or run some business rules on deserialized object – without affecting default java serialization mechanism. This is also possible when you decide to use readObject() and writeObject() methods.
In this usecase, you can use defaultReadObject() and defaultWriteObject() inside readObject() and writeObject() methods – to enable default serialization and deserialization. And you can then plugin you custom validation or business rules inside read/write methods.
This way you validation methods will be automatically called by JVM, immediately after default serialization and deserialization process happens.
public class User implements Serializable {
//class attributes, constructors, setters and getters as shown above
/**
* Always treat de-serialization as a full-blown constructor, by validating the final state of the de-serialized object.
*/
private void readObject(ObjectInputStream aInputStream) throws ClassNotFoundException, IOException
{
// perform the default de-serialization first
aInputStream.defaultReadObject();
// make defensive copy of the mutable Date field
dateOpened = new Date(dateOpened.getTime());
// ensure that object state has not been corrupted or tampered with malicious code
//validateUserInfo();
}
/**
* This is the default implementation of writeObject. Customize as necessary.
*/
private void writeObject(ObjectOutputStream aOutputStream) throws IOException {
//ensure that object is in desired state. Possibly run any business rules if applicable.
//checkUserInfo();
// perform the default serialization for all non-transient, non-static fields
aOutputStream.defaultWriteObject();
}
}
Test the code again an you will see this output:
Lokesh Gupta 102825 Wed May 24 13:10:18 IST 2017
3. Summary
As we saw that custom serialization is very easy in java and it involve very simple design i.e. implement readObject() and writeObject() methods; and add any additional logic to support the application business logic.
Though default serialization/deserialization will be enough in most of the cases; still when required you shall use custom serialization in java applications.
Drop me your questions in comments section.
Happy Learning !!
Rohit Singh
Hi
This is valid scenario , if we can manipulate serialization based on business logic, then what is the difference between this and externalization.
Please explain with example.
Regards
Rohit
Daniel Pelisek
What if the account number (or any other field) is final? Is there a way to serialize it using own write/readObject methods? The default serialization would work, but this custom one not.
SSS
no such method for write and set object at java class
Amit
Good explanation.
Consider explaining handling a case where a file was serialized with an older version of the class and then deserialized with a newer version of the class. The newer version has more fields than the older version. The readObject of the newer version will try to read additional fields which will throw IOException.
So In order to keep track of the no of fields in the class, a field counter could be used. The field counter is then serialized by the
defaultWriteObject()method. WhiledefaultReadObject()reads the counter and then limit the reads to the counter value thus avoiding to read the fields added in the newer version. This way the newer version becomes compatible with the backward versions.My own implementation of User Class
package com.amit.serialization; import java.io.IOException; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.Serializable; import java.util.Date; public class User implements Serializable { private static final long serialVersionUID = 1L; private transient String firstName; private transient String lastName; private transient int accountNumber; private transient Date dateOpened; private transient String bankName; // fieldCount to keep track of the no of fields in the Object. For compatibility between versions. private int fieldCount = 0; public User(String firstName, String lastName, int accountNumber, Date dateOpened, String bankName) { super(); this.firstName = firstName; this.lastName = lastName; this.accountNumber = accountNumber; this.dateOpened = dateOpened; this.bankName = bankName; this.fieldCount = 5; } public User() { super(); } //Setters and Getters private void readObject(ObjectInputStream aInputStream) throws ClassNotFoundException, IOException { aInputStream.defaultReadObject(); int currentCount = 0; if (checkCount(currentCount)) { return; } firstName = aInputStream.readUTF(); currentCount++; if (checkCount(currentCount)) { return; } lastName = aInputStream.readUTF(); currentCount++; if (checkCount(currentCount)) { return; } accountNumber = aInputStream.readInt(); currentCount++; if (checkCount(currentCount)) { return; } dateOpened = new Date(aInputStream.readLong()); currentCount++; if (checkCount(currentCount)) { return; } bankName = aInputStream.readUTF(); } private boolean checkCount(int currentCount) { if (currentCount >= this.fieldCount) { return true; } return false; } private void writeObject(ObjectOutputStream aOutputStream) throws IOException { aOutputStream.defaultWriteObject(); aOutputStream.writeUTF(firstName); aOutputStream.writeUTF(lastName); aOutputStream.writeInt(accountNumber); aOutputStream.writeLong(dateOpened.getTime()); aOutputStream.writeUTF(bankName); } public final String getFirstName() { return firstName; } public final String getLastName() { return lastName; } public final int getAccountNumber() { return accountNumber; } public final Date getDateOpened() { return new Date(dateOpened.getTime()); } public final void setFirstName(String aNewFirstName) { firstName = aNewFirstName; } public final void setLastName(String aNewLastName) { lastName = aNewLastName; } public final void setAccountNumber(int aNewAccountNumber) { accountNumber = aNewAccountNumber; } public final void setDateOpened(Date aNewDate) { Date newDate = new Date(aNewDate.getTime()); dateOpened = newDate; } public final void setBankName( String aNewBankName) { bankName = aNewBankName; } public final String getBankName() { return bankName; } }At all the times, the new fields should be appended to the class and never added in-between.
For more complex data structure like a linked list, this simple counter might not work. If may then require a more complicated tracking & reading mechanism.
Lokesh Gupta
Please refer to do’s and don’ts for correct serialization.
Priya
The serialization process is instance-independent, i.e. objects can be serialized on one platform and deserialized on another . It is important concept in java. Thanks a lot for sharing this.
Navo
I have a concern.When we have readObject and writeObject () for custom serialization then what is the use of Externalizable.
Please elaborate?
Shubhranshu
Java runtime uses reflection to determine how to marshal or unmarshal the objects of the Serializable class. During early versions of Java, reflection was very slow hence if you needed to serialize or deserialize large objects, then it used to cause a performance problem.
To handle this Externalizable was introduced, which provided an option to remove the dependency on reflection by providing custom serialization and deserialisation logic. But after Java 1.3 there was a major improvement in the speed of reflection which filled the performance gap between Serializable and Externalizable.
So to summarise, Externalizable is some thing which was useful in java 1.1 days, but there is no need for it anymore.
Sharan De Silva
In User class accountNumber fields is `int`. Is it possible to change the datatype of accountNumber to `double` while serializing object.
With the serialized stream can I able to get this class object,
public class User implements Serializable {
private static final long serialVersionUID = 7829136421241571165L;
private String firstName;
private String lastName;
private Double accountNumber;
private Date dateOpened;
}