How to stop Serialization in Java

In this article, we will discuss how to stop serialization to happen for a serializable class

Q) How to stop Serialization ?

  • One would wonder why we need to stop a serialization that too for a class which is marked as serializable by implementing java.io.Serializable interface
  • I had same thinking, after interviewer asked me this question ?
  • Let us move on and discuss how to stop serialization
  • Override writeObject(); method and throw IOException
  • Similarly we can write logic for readObject(); method for de-serialization process

Customer.java

package in.bench.resources.stop.serialization;

import java.io.IOException;
import java.io.ObjectOutputStream;
import java.io.Serializable;

class Customer implements Serializable {

	// member variables for Customer
	transient int customerId;
	String customerName;
	transient String customerSSN;

	// 3-arg parameterized constructor for Customer
	public Customer(int customerId, String customerName, 
			String customerSSN) {
		super();
		this.customerId = customerId;
		this.customerName = customerName;
		this.customerSSN = customerSSN;
	}

	/**
	 * this method invoked automatically during serialization process
	 * 
	 * @param objectOutputStream
	 * @throws Exception
	 */
	private void writeObject(ObjectOutputStream objectOutputStream)
			throws Exception {

		// don't provide implementation details here
		throw new IOException("Serialization not allowed");
	}
}

Main class – Test class for serialization

  • This class used to serialize Customer object
  • but exception will be thrown because of explicit throwing of IOException from Customer POJO, although it is implementing java.io.Serializable interface

SerializeCustomer.java

package in.bench.resources.stop.serialization;

import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;

public class SerializeCustomer {

	public static void main(String[] args) {

		// create a customer object using 3-arg parametrized constructor
		Customer customer = new Customer(101, "SJ", "SSN-101919");

		// creating output stream variables
		FileOutputStream fos = null;
		ObjectOutputStream oos = null;

		try {
			// for writing or saving binary data
			fos = new FileOutputStream("Customer.ser");

			// converting java-object to binary-format 
			oos = new ObjectOutputStream(fos);

			// writing or saving customer object's value to stream
			oos.writeObject(customer);
			oos.flush();
			oos.close();
		} 
		catch (FileNotFoundException fnfex) {
			fnfex.printStackTrace();
		}
		catch (IOException ioex) {
			ioex.printStackTrace();
		}
	}
}

Output:

java.io.IOException: Serialization not allowed
	at in.bench.resources.stop.serialization.Customer.writeObject(
Customer.java:33)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(
Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(
NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(
Method.java:498)
	at java.io.ObjectStreamClass.invokeWriteObject(
ObjectStreamClass.java:1028)
	at java.io.ObjectOutputStream.writeSerialData(
ObjectOutputStream.java:1496)
	at java.io.ObjectOutputStream.writeOrdinaryObject(
ObjectOutputStream.java:1432)
	at java.io.ObjectOutputStream.writeObject0(
ObjectOutputStream.java:1178)
	at java.io.ObjectOutputStream.writeObject(
ObjectOutputStream.java:348)
	at in.bench.resources.stop.serialization.SerializeCustomer.main(
SerializeCustomer.java:27)

Explanation:

  • This example is to test whether we know about internal details of serialization and de-serialization process
  • Controlling serialization by overriding writeObject(); method and
  • Controlling de-serialization by overriding readObject(); method

 

Read Also:

 

References:

 

Happy Coding !!
Happy Learning !!

How to construct a singleton class in a multi-threaded environment in Java
Singleton Design pattern with Serialization