Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

serialization/externalization  RSS feed

 
Maulin Vasavada
Ranch Hand
Posts: 1873
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
can anynbody explain me the difference between serialization and externalization???
i read that externalization is used when we need to embed more information just than variables in the class. say for e.g. if we need to embed MD5 checksum with the password field in the class.
but can't we do the same thing with serialization?? i've never used externalization. so if someone can explain with example it would be great.
regards,
maulin
 
Jose Botella
Ranch Hand
Posts: 2120
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just my two cents:
From the API for java.io.Externalizable:

Only the identity of the class of an Externalizable instance is written in the serialization stream and it is the responsibility of the class to save and restore the contents of its instances. The writeExternal and readExternal methods of the Externalizable interface are implemented by a class to give the class complete control over the format and contents of the stream for an object and its supertypes. These methods must explicitly coordinate with the supertype to save its state. These methods supercede customized implementations of writeObject and readObject methods.
Object Serialization uses the Serializable and Externalizable interfaces. Object persistence mechanisms can use them as well. Each object to be stored is tested for the Externalizable interface. If the object supports Externalizable, the writeExternal method is called. If the object does not support Externalizable and does implement Serializable, the object is saved using ObjectOutputStream.

From Thinking in Java by Bruce Eckel:

This is different from recovering a Serializable object, in which the object is constructed entirely from its stored bits, with no constructor calls. With an Externalizable object, all the normal default construction behavior occurs (including the initializations at the point of field definition), and then readExternal( ) is called. You need to be aware of this?in particular, the fact that all the default construction always takes place?to produce the correct behavior in your Externalizable objects."

and

When you?re controlling serialization, there might be a particular subobject that you don?t want Java?s serialization mechanism to automatically save and restore. This is commonly the case if that subobject represents sensitive information that you don?t want to serialize, such as a password. Even if that information is private in the object, once it?s serialized it?s possible for someone to access it by reading a file or intercepting a network transmission. [ Add Comment ]
One way to prevent sensitive parts of your object from being serialized is to implement your class as Externalizable, as shown previously. Then nothing is automatically serialized and you can explicitly serialize only the necessary parts inside writeExternal( ).
If you?re working with a Serializable object, however, all serialization happens automatically. To control this, you can turn off serialization on a field-by-field basis using the transient keyword, which says ?Don?t bother saving or restoring this?I?ll take care of it.?
 
Maulin Vasavada
Ranch Hand
Posts: 1873
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi jose,
i know the theoritical difference but 'm not able to understand it in terms of implementation. 'coz i can always use readObject() and writeObject() methods in a class that is being serialize/deserialize the code. so isn't it same as having explicit control as in case of externalization???
i agree on the point that externalization uses default const. that i didn't know as never implemented externalization :-)
i want to know clear cut , explicit and perfect scenario when these two mechanisms differ.
thanks!
maulin.
 
Valentin Crettaz
Gold Digger
Sheriff
Posts: 7610
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK, in terms of implementation, it goes like this:
You have three cases to distinguish:
1. normal Serialization support
2. custom Serialization support
3. COMPLETE custom Serialization support
Step-by-step, let's look into those points in terms of implementation):
1. You just have to implement the Serializable tag interface and write your objects to an ObjectOutputStream. Note that transient and static fields won;t be written.
2. You have to implement the Serializable tag interface and provide the writeObject and readObject methods in your class. Implement those methods to "customize" what info (read class headers) you want to save to the stream. Use this in case you want to provide custom serialization to save a transient or static field anyway.
Note about 1. and 2.: you don't have to worry about superclasses and info about your class
3. You have to implement the Externalizable interface and provide the writeExternal and readExternal methods. Then it's your responsability to save your class info as well as the info of all your class' superclasses, i.e. you have to save the whole hierarchy as well. Note that it's a huge responsability.
Short, use Externalizable when you really want to be in control of what is written to a stream, but again, the use of Externalizable is strongly unadvised since the process is really error-prone. You have to know very well what is going on !
HIH
------------------
Valentin Crettaz
Sun Certified Programmer for Java 2 Platform
[This message has been edited by Valentin Crettaz (edited November 18, 2001).]
 
Marilyn de Queiroz
Sheriff
Posts: 9080
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since this is a topic not covered on the SCJP2 exam, I am moving this thread to Java in General(intermediate).
 
Jose Botella
Ranch Hand
Posts: 2120
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Maulin
Here is the correct way to implement Externalizable in the Blip3.java example by Bruce Eckel in Thinking in Java: http://codeguru.earthweb.com/java/tij/tij0116.shtml
FYI If we have a base class that is not serializable, but a subclass is, when serializing an instance of the subclass even fields that are not inherited are serialized automatically by the default serialization process. I have checked out that it is not necessary to manually serialize that kind of fields. That reminds me something I read time before: Even the non-inherited fields are contained in the heap image of an object. I think the serialization process takes all the fields in the object image.
One thing more: If the base class doesn't implement Serializable it must declare a public no-arg constructor. Otherwise java.io.InvalidClassException is thrown. Thanks to this constructor the fields of the base clase are initialized.
I used this code for checking the above:
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!