How to customize Java serialization?

There are two ways to customize Java serialization: by implementing the Serializable interface or creating your own serializer. When implementing the Serializable interface, override the writeObject() and readObject() methods to customize serialization and deserialization. When creating a custom serializer, overriding the writeBytes() and readBytes() methods gives you complete control over the serialization and deserialization process. This is useful when storing sensitive data encrypted.

How to customize Java serialization

Java serialization is a method of converting the state of an object into a byte stream for storage or transmission mechanism. By default, Java uses ObjectOutputStream and ObjectInputStream for serialization and deserialization. However, we can customize this process by implementing the Serializable interface or creating our own serializer.

Custom serialization

To customize serialization, we need to implement the Serializable interface and override writeObject() and readObject() methods. The writeObject() method serializes the object's fields into a stream, while the readObject() method deserializes the fields from the stream.

Example:

import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;

public class CustomSerializedClass implements Serializable {

    private String name;
    private transient int age; // 注解`transient`表示在序列化时忽略该字段

    @Override
    public void writeObject(ObjectOutputStream out) throws IOException {
        out.defaultWriteObject(); // 序列化非瞬时字段
        out.writeInt(age); // 手动序列化瞬时字段
    }

    @Override
    public void readObject(ObjectInputStream in) throws IOException {
        in.defaultReadObject(); // 反序列化非瞬时字段
        age = in.readInt(); // 手动反序列化瞬时字段
    }
}

Custom Serializer

Custom serializer allows us to have full control over the serialization and deserialization process. We can create our own ObjectOutputStream and ObjectInputStream subclasses and override the writeBytes() and readBytes() methods.

Example:

import java.io.IOException;

public class CustomObjectOutputStream extends ObjectOutputStream {

    public CustomObjectOutputStream() throws IOException {
        super();
    }

    @Override
    public void writeBytes(Object obj) throws IOException {
        // 自定义序列化算法
        // ...
    }
}

Practical case

Encrypted storage of sensitive data

We can customize the sequence optimizer to encrypt the data that an object writes to the stream during serialization. This is useful for storing sensitive data for increased security.

public class EncryptedObjectOutputStream extends ObjectOutputStream {

    private Cipher cipher;

    public EncryptedObjectOutputStream(OutputStream out) throws IOException {
        super(out);
        cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    }

    @Override
    public void writeBytes(Object obj) throws IOException {
        byte[] bytes = // 序列化对象
        cipher.doFinal(bytes);
        out.write(bytes);
    }
}

The above is an example of a custom serializer for encrypted Java object serialization.

The above is the detailed content of How to customize Java serialization?. For more information, please follow other related articles on the PHP Chinese website!