In this article, we will discuss how to stop serialization to happen for a serializable class
Q) How to stop Serialization ?
- One would wonder why we need to stop a serialization that too for a class which is marked as serializable by implementing java.io.Serializable interface
- I had same thinking, after interviewer asked me this question ?
- Let us move on and discuss how to stop serialization
- Override writeObject(); method and throw IOException
- Similarly we can write logic for readObject(); method for de-serialization process
Customer.java
package in.bench.resources.stop.serialization;
import java.io.IOException;
import java.io.ObjectOutputStream;
import java.io.Serializable;
class Customer implements Serializable {
// member variables for Customer
transient int customerId;
String customerName;
transient String customerSSN;
// 3-arg parameterized constructor for Customer
public Customer(int customerId, String customerName,
String customerSSN) {
super();
this.customerId = customerId;
this.customerName = customerName;
this.customerSSN = customerSSN;
}
/**
* this method invoked automatically during serialization process
*
* @param objectOutputStream
* @throws Exception
*/
private void writeObject(ObjectOutputStream objectOutputStream)
throws Exception {
// don't provide implementation details here
throw new IOException("Serialization not allowed");
}
}
Main class – Test class for serialization
- This class used to serialize Customer object
- but exception will be thrown because of explicit throwing of IOException from Customer POJO, although it is implementing java.io.Serializable interface
SerializeCustomer.java
package in.bench.resources.stop.serialization;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
public class SerializeCustomer {
public static void main(String[] args) {
// create a customer object using 3-arg parametrized constructor
Customer customer = new Customer(101, "SJ", "SSN-101919");
// creating output stream variables
FileOutputStream fos = null;
ObjectOutputStream oos = null;
try {
// for writing or saving binary data
fos = new FileOutputStream("Customer.ser");
// converting java-object to binary-format
oos = new ObjectOutputStream(fos);
// writing or saving customer object's value to stream
oos.writeObject(customer);
oos.flush();
oos.close();
}
catch (FileNotFoundException fnfex) {
fnfex.printStackTrace();
}
catch (IOException ioex) {
ioex.printStackTrace();
}
}
}
Output:
java.io.IOException: Serialization not allowed
at in.bench.resources.stop.serialization.Customer.writeObject(
Customer.java:33)
at sun.reflect.NativeMethodAccessorImpl.invoke0(
Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(
Method.java:498)
at java.io.ObjectStreamClass.invokeWriteObject(
ObjectStreamClass.java:1028)
at java.io.ObjectOutputStream.writeSerialData(
ObjectOutputStream.java:1496)
at java.io.ObjectOutputStream.writeOrdinaryObject(
ObjectOutputStream.java:1432)
at java.io.ObjectOutputStream.writeObject0(
ObjectOutputStream.java:1178)
at java.io.ObjectOutputStream.writeObject(
ObjectOutputStream.java:348)
at in.bench.resources.stop.serialization.SerializeCustomer.main(
SerializeCustomer.java:27)
Explanation:
- This example is to test whether we know about internal details of serialization and de-serialization process
- Controlling serialization by overriding writeObject(); method and
- Controlling de-serialization by overriding readObject(); method
Related Articles:
- Java – Serialization and De-Serialization Tutorial Index
- Java – Introduction to Serialization and De-Serialization
- Java – Serializable interface
- Java – Transient keyword with Serialization
- Java – Transient keyword with static variable in Serialization
- Java – Transient keyword with final variable in Serialization
- Java – Serializing a variable with transient modifier or keyword
- Java – Order of Serialization and De-Serialization
- Java – Serialization with Aggregation
- Java – Serialization with Inheritance
- Java – Externalization in detail
- Java – Serializable v/s Externalizable
- Java – Importance of SerialVersionUID in Serialization
- Java – Singleton Design pattern with Serialization
- Java – How to construct a singleton class in a multi-threaded environment ?
- Java – Singleton design pattern, restricting Object creation by overriding readResolve() method
- Java – How to stop Serialization ?
- Java – How to serialize and de-serialize ArrayList ?
- Java – Interview question & answers on Serialization and Externalization
References:
- https://docs.oracle.com/javase/7/docs/api/java/io/Serializable.html
- https://docs.oracle.com/javase/7/docs/platform/serialization/spec/serial-arch.html
- https://docs.oracle.com/javase/7/docs/api/java/io/ObjectOutputStream.html
- https://docs.oracle.com/javase/7/docs/api/java/io/ObjectInputStream.html
- https://docs.oracle.com/javase/7/docs/api/java/io/FileOutputStream.html
- https://docs.oracle.com/javase/7/docs/api/java/io/FileInputStream.html
- http://docs.oracle.com/javase/specs/jls/se7/html/jls-8.html#jls-8.3.1.3
Happy Coding !!
Happy Learning !!