本文导读
- 可以参考相关文章《Java 序列化漏洞多到修不完》
- 序列化 即提取数据对象并将其转换为字节流(二进制格式)的过程,因此它可以通过网络传输或保存在数据库中,稍后才以其原始形式将其反序列化。
- Java 内置了三种序列化的方式
实现 Serializable 接口
- 使用默认的序列化机制,即实现 Serializable 接口即可,不需要实现任何方法。
- Serializable 接口没有任何方法,只是一个标记而已,告诉Java虚拟机该类可以被序列化了。然后利用ObjectOutputStream的writeObject(object)方法进行序列化和用ObjectInputStream的readObject()方法进行反序列化。
- 该方式下序列化机制会自动保存该对象的成员变量,static成员变量和transient关键字修饰的成员变量不会被序列化保存
User 实体类
package com.lct.entities;
import java.io.Serializable;
import java.util.Date;
import java.util.concurrent.atomic.AtomicInteger;
/**
* Created by Administrator on 2018/7/31 0031.
* 用户类----实现 Serializable 接口
*/
public class User implements Serializable{
private Integer id;
private String name;
private Date birthday;
private static AtomicInteger count;
private static final String COLOR = "red";
public Date getBirthday() {
return birthday;
}
public void setBirthday(Date birthday) {
this.birthday = birthday;
}
public static String getCOLOR() {
return COLOR;
}
public static AtomicInteger getCount() {
return count;
}
public static void setCount(AtomicInteger count) {
User.count = count;
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@Override
public String toString() {
return "User{" +
"birthday=" + birthday +
", id=" + id +
", name='" + name + '\'' +
'}';
}
}
序列化与反序列化
package test;
import com.lct.entities.User;
import java.io.*;
import java.util.Date;
import java.util.concurrent.atomic.AtomicInteger;
/**
* Created by Administrator on 2018/7/25 0025.
*/
public class Test {
public static void main(String[] args) {
User user = new User();
user.setId(9527);
user.setName("华安");
user.setBirthday(new Date());
User.setCount(new AtomicInteger(110));
try {
/** 序列化到文件*/
FileOutputStream fileOutputStream = new FileOutputStream(new File("E:/abc.txt"));
ObjectOutputStream objectOutputStream = new ObjectOutputStream(fileOutputStream);
objectOutputStream.writeObject(user);
objectOutputStream.flush();
objectOutputStream.close();
/**从文件反序列化*/
FileInputStream fileInputStream = new FileInputStream(new File("E:/abc.txt"));
ObjectInputStream objectInputStream = new ObjectInputStream(fileInputStream);
User user1 = (User) objectInputStream.readObject();
objectInputStream.close();
System.out.println("反序列化结果:\r\n" + user1);
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
}
}
运行结果
反序列化结果:
User{birthday=Tue Jul 31 08:59:56 CST 2018, id=9527, name='华安'}
Process finished with exit code 0