Java I/O: The Object-Oriented Streams- Externalizable Interface
the previous posts, we saw how to store and retrieve the objects using Serialization.
We’ll now look at another very important technique for storing and retrieving
previous post covered the use of the Serializable
interface for persisting the object state. We’ll now look at the
Externalizable interface, which provides control over the serialization process.
· If an object implements the Serializable interface, all its fields
get persisted unless they are marked with the transient keyword or are declared
static in the class.
The transient keyword was
designed to meet this specific requirement of allowing the object’s field
containing sensitive data not to persist. The class may hold some sensitive
data, such as credit card number, encryption key, and so on, in its fields.
Also, the class may declare
a few instance fields for its own internal workings and may also contain
declarations of some temporary variables. Obviously, we won’t want to transmit
such data over the network or even store it to disk.
We would mark such fields
with the transient keyword. When we save or transmit such an object, its entire
other state will be transmitted or saved.
Likewise, the fields that
are marked with the static keyword are not serialized; this is because such fields
belong to the class and not to an object.
some situations, we may want to provide our own way to persist the object
state, other than the default algorithm used by the JVM. For example, if our
object is of type Customer and contains credit card numbers in one of its
fields, we will not want to save this number as is.
we would encrypt this field before the Customer object is saved to persistent
storage or transmitted over the network. This is where the interface Externalizable comes in handy. This interface
has two callback methods:
the object is persisted, the runtime calls these two methods. We can perform
operations such as encryption and decryption in these two methods.
Also, we need to write code to persist whatever fields we want to save.
Serializable interface uses the
default runtime mechanism to implement the object serialization, whereas the Externalizable interface mandates that the
class handle its own serialization. This means that we need to decide
which fields to write (and read) and in what order. We implement this in the writeExternal
(and corresponding readExternal) method.
implementing the Externalizable
interface mandates that we write code for serializing the desired fields of the
class, the rest of the class fields need not be marked transient.