&扇 NA The Externalizable Interface 1002 UNIVE 16 public interface Externalizable extends Serializable public void writeExternal(ObjectOutput out) throws IOException; public void readExternal(Objectlnput in)throws IOException, java.lang.ClassNotFoundException; Institute of Computer Software 2022-2-27 Nanjing University
The Externalizable Interface public interface Externalizable extends Serializable { public void writeExternal(ObjectOutput out) throws IOException; public void readExternal(ObjectInput in) throws IOException, java.lang.ClassNotFoundException; } 2022-2-27 Institute of Computer Software Nanjing University 16
The Externalizable Interface 1002 17 The class of an Externalizable object must do the following: Implement the java.io.Externalizable interface Implement a writeExternal method to save the state of the object Implement a readExternal method to read the data written by the writeExternal method from the stream and restore the state of the object Have the writeExternal and readExternal methods be solely responsible for the format,if an externally defined format is written Have a public no-arg constructor Institute of Computer Software 2022-2-27 Nanjing University
The Externalizable Interface The class of an Externalizable object must do the following: Implement the java.io.Externalizable interface Implement a writeExternal method to save the state of the object Implement a readExternal method to read the data written by the writeExternal method from the stream and restore the state of the object Have the writeExternal and readExternal methods be solely responsible for the format, if an externally defined format is written Have a public no-arg constructor 2022-2-27 Institute of Computer Software Nanjing University 17
The Externalizable Interface 02 18 An Externalizable class can optionally define the following methods: ▣writeReplace 口readResolve Note:声明类实现Externalizable接口会有重大的安全风 险。writeExternal(0与readExternal()方法声明为oublic, 恶意类可以用这些方法读取和写入对象数据。如果对象 包含敏感信息,则要格外小心。 Institute of Computer Software 2022-2-27 Nanjing University
The Externalizable Interface An Externalizable class can optionally define the following methods: writeReplace readResolve 2022-2-27 Institute of Computer Software Nanjing University 18 Note: 声明类实现Externalizable接口会有重大的安全风 险。writeExternal()与readExternal()方法声明为public, 恶意类可以用这些方法读取和写入对象数据。如果对象 包含敏感信息,则要格外小心
&扇 区别 1002 19 Serializable Externalizable 口自动存储必要信息, ▣只保存被存储的类的 用以反序列化被存储 标识,完全由程序员 的实例 完成读取和写入工作 口优点 口优点 ■内建支持 ■开销较少 ■易于实现 ■可能的速度提升 口缺点 口缺点 ■占用空间过大 ■虚拟机不提供帮助, ■速度慢 程序员负担重 Institute of Computer Software 2022-2-27 Nanjing University
区别 Serializable 自动存储必要信息, 用以反序列化被存储 的实例 优点 内建支持 易于实现 缺点 占用空间过大 速度慢 Externalizable 只保存被存储的类的 标识,完全由程序员 完成读取和写入工作 优点 开销较少 可能的速度提升 缺点 虚拟机不提供帮助, 程序员负担重 2022-2-27 19 Institute of Computer Software Nanjing University
&扇 NAN serialVersionUD 1002 20 private static final long serialVersionUID For compability InvalidClassException It is strongly recommended that all serializable classes explicitly declare serialVersionUlD values serialver;eclipse Institute of Computer Software 2022-2-27 Nanjing University
serialVersionUID private static final long serialVersionUID For compability InvalidClassException It is strongly recommended that all serializable classes explicitly declare serialVersionUID values serialver;eclipse 2022-2-27 Institute of Computer Software Nanjing University 20