stackoverflow(翻译Serializable)
来源:互联网 发布:海关数据开发客户 编辑:程序博客网 时间:2024/06/12 22:04
Why Java needs Serializable interface?
We work heavily with serialization and having to specify Serializable tag on every object we use is kind of a burden. Especially when it's a 3rd-party class that we can't really change.
The question is: since Serializable is an empty interface and Java provides robust serialization once you addimplements Serializable
- why didn't they make everything serializable and that's it?
What am I missing?
12 Answers
Serialization is fraught with pitfalls. Automatic serialization support of this form makes the class internals part of the public API (which is why javadoc gives you thepersisted forms of classes).
For long-term persistence, the class must be able to decode this form, which restricts the changes you can make to class design. This breaks encapsulation.
Serialization can also lead to security problems. By being able to serialize any object it has a reference to, a class can access data it would not normally be able to (by parsing the resultant byte data).
There are other issues, such as the serialized form of inner classes not being well defined.
Making all classes serializable would exacerbate these problems. Check out Effective Java Second Edition, in particular Item 74: Implement Serializable judiciously.
I think both Java and .Net people got it wrong this time around, would have been better to make everything serializable by default and only need to mark those classes that can't be safely serialized instead.
For example in Smalltalk (a language created in 70s) every object is serializable by default. I have no idea why this is not the case in Java, considering the fact that the vast majority of objects are safe to serialize and just a few of them aren't.
Marking an object as serializable (with an interface) doesn't magically make that object serializable,it was serializable all along, it's just that now you expressed something that the system could have found on his own, so I see no real good reason for serialization being the way it is now.
I think it was either a poor decision made by designers or serialization was an afterthought, or the platform was never ready to do serialization by default on all objects safely and consistently.
Not everything is genuinely serializable. Take a network socket connection, for example. You could serialize the data/state of your socket object, but the essence of an active connection would be lost.
implements NotSerializable
:) – Robert GrantNov 27 '13 at 17:08 The main role of Serializable in Java is to actually make, by default, all other objects nonserializable. Serialization is a very dangerous mechanism, especially in its default implementation. Hence, like friendship in C++, it is off by default, even if it costs a little to make things serializable.
Serialization adds constraints and potential problems since structure compatibility is not insured. It is good that it is off by default.
I have to admit that I have seen very few nontrivial classes where standard serialization does what I want it to. Especially in the case of complex data structures. So the effort you'd spend making the class serializble properly dwarves the cost of adding the interface.
For some classes, especially those that represent something more physical like a File, a Socket, a Thread, or a DB connection, it makes absolutely no sense to serialize instances. For many others, Serialization may be problematic because it destroys uniqueness constraints or simply forces you to deal with instances of different versions of a class, which you may not want to.
Arguably, it might have been better to make everything Serializable by default and make classes non-serializable through a keyword or marker interface - but then, those who should use that option probably would not think about it. The way it is, if you need to implement Serializable, you'll be told so by an Exception.
I think the though was to make sure you, as the programmer, know that your object my be serialized.
Apparently everything was serializable in some preliminary designs, but because of security and correctness concerns the final design ended up as we all know.
Source: Why must classes implement Serializable in order to be written to an ObjectOutputStream?.
Having to state explicitely that instances of a certain class are Serializable the language forces you to think about if you you should allow that. For simple value objects serialization is trivial, but in more complex cases you need to really think things through.
By just relying on the standard serialization support of the JVM you expose yourself to all kinds of nasty versioning issues.
Uniqueness, references to 'real' resources, timers and lots of other types of artifacts are NOT candidates for serialization.
Read this to understand Serializable Interface and why we should make only few classes Serializable and also we shopuld take care where to use transient keyword in case we want to remove few fields from the storing procedure.
http://www.codingeek.com/java/io/object-streams-serialization-deserialization-java-example-serializable-interface/
Well, my answer is that this is for no good reason. And from your comments I can see that you've already learned that. Other languages happily try serializing everything that doesn't jump on a tree after you've counted to 10. An Object should default to be serializable.
So, what you basically need to do is read all the properties of your 3rd-party class yourself. Or, if that's an option for you: decompile, put the damn keyword there, and recompile.
There are some things in Java that simply cannotbe serialized because they are runtime specific. Things like streams, threads, runtime,etc. and even some GUI classes (which are connected to the underlying OS) cannotbe serialized.
While I agree with the points made in other answers here, the real problem is with deserialisation: If the class definition changes then there's a real risk the deserialisation won't work. Never modifying existing fields is a pretty major commitment for the author of a library to make! Maintaining API compatibility is enough of a chore as it is.
- stackoverflow(翻译Serializable)
- Serializable源码翻译
- stackoverflow上Java相关回答整理翻译
- StackOverFlow
- StackOverflow
- Stackoverflow JAVA TOP 100问题翻译征集令
- stackoverflow上Java相关回答整理翻译FAQ top 100
- [stackoverflow翻译] PHP中如何防止SQL注入?
- [stackoverflow翻译] 删除数组中的元素——PHP
- [stackoverflow转载翻译练习]How to use a Bind maps as a web service?
- 翻译:怎样理解C++中的Aggregate和POD类型---An answer from stackoverflow
- 翻译:怎样理解C++ 11中的trivial和standard-layout---An answer from stackoverflow
- 翻译:怎样理解 C++ 11中的move语义(基础)--- An answer from stackoverflow
- [stackoverflow翻译] “yield” 关键字有什么用?what-does-the-yield-keyword-do
- 确切的说spring框架是做什么的?(翻译自stackoverflow的一个回答)
- [每日高赞翻译stackoverflow](1)string 和 String 的区别
- 翻译|Stackoverflow上关于Python的高票问答(二)
- Serializable
- java.lang.ClassNotFoundException: Class bytes found but defineClass()failed
- C语言头文件的作用
- HDU 1060 Leftmost Digit
- spark1.5 编译错误整理
- ios优化的25条建议和技巧
- stackoverflow(翻译Serializable)
- int,long,long long,__int64数据类型的取值范围
- STC15W4K32S系列 低速模式
- Linux查看平均负载[cat /proc/loadavg]
- Android自定义view-打造酷炫的字体滑动高亮控件
- 推荐 git community book 中文版
- 通过htaccess实现301重定向常见的方法
- MyEclipse--- 快捷键
- java将图片存入数据库