What is meant by Serialization?
Ans: Converting a file into a byte stream is known as Serialization. The objects in the file is converted to the bytes for security purposes. For this, we need to implement java.io.Serializable interface. It has no method to define.
Variables that are marked as transient will not be a part of the serialization. So we can skip the serialization for the variables in the file by using a transient keyword.
Q #52) What is the purpose of a transient variable?
Ans: Transient variables are not part of the serialization process. During deserialization, the transient variables values are set to default value. It is not used with static variables.
Example:
transient int numbers;
Q #53) Which methods are used during Serialization and Deserialization process?
Ans: ObjectOutputStream and ObjectInputStream classes are higher level java.io. package. We will use them with lower level classes FileOutputStream and FileInputStream.
ObjectOutputStream.writeObject —->Serialize the object and write the serialized object to a file.
ObjectInputStream.readObject —> Reads the file and deserializes the object.
To be serialized, an object must implement the serializable interface. If superclass implements Serializable, then the subclass will automatically be serializable.
Q #54) What is the purpose of a Volatile Variable?
Ans: Volatile variable values are always read from the main memory and not from thread’s cache memory. This is used mainly during synchronization. It is applicable only for variables.
Example:
volatile int number;
Q #55) Difference between Serialization and Deserialization in Java.
Ans: These are the difference between serialization and deserialization in java:
| Serialization | Deserialization |
|---|---|
| Serialization is the process which is used to convert the objects into byte stream | Deserialization is the opposite process of serialization where we can get the objects back from the byte stream. |
| An object is serialized by writing it an ObjectOutputStream. | An object is deserialized by reading it from an ObjectInputStream. |
Q #56) What is SerialVersionUID?
Ans: Whenever an object is Serialized, the object is stamped with a version ID number for the object class. This ID is called the SerialVersionUID. This is used during deserialization to verify that the sender and receiver that are compatible with the Serialization.
Question 1: WHAT IS SERIALIZATION ? WHEN & WHY IT IS USED ?
Serialization is simply turning an existing object into a byte array.
Reference: http://www.journaldev.com/2452/serialization-in-java
Communication: If you have two machines that are running the same code, and they need to communicate, an easy way is for one machine to build an object with information that it would like to transmit, and then serialize that object to the other machine. It's not the best method for communication, but it gets the job done.
Persistence: If you want to store the state of a particular operation in a database, it can be easily serialized to a byte array, and stored in the database for later retrieval.
Deep Copy: If you need an exact replica of an Object, and don't want to go to the trouble of writing your own specialized clone() class, simply serializing the object to a byte array, and then de-serializing it to another object achieves this goal.
Caching: Really just an application of the above, but sometimes an object takes 10 minutes to build, but would only take 10 seconds to de-serialize. So, rather than hold onto the giant object in memory, just cache it out to a file via serialization, and read it in later when it's needed.
Cross JVM Synchronization: Serialization works across different JVMs that may be running on different architectures.
Question 2: HOW TO DO SERIALIZE OBJECTS
Question 3:WHAT HAPPENS WHEN WE SERIALIZE A CLASS THAT IS SUBLCASS OF A CLASS THAT DOESN’T IMPLMENT SERIALIZABLE ?
As others have made clear, it's not possible for a subclass of a
Serializable class to be non-Serializable.
If what you want is for the subclass' attributes not to be serialized, one option is to make them all transient.
If you need more than that (you don't want super class fields to be serialized), override
writeObject(ObjectOutputStream) and readObject(ObjectInputStream) as outlined here - https://web.archive.org/web/20120626144013/http://java.sun.com/developer/technicalArticles/ALT/serializationQuestion 4: SERIALZATION DATA PROXY PATTERN?
Both Data and DataProxy class should implement Serializable interface.
DataProxy should be able to maintain the state of Data object.
DataProxy is inner private static class, so that other classes can't access it.
DataProxy should have a single constructor that takes Data as argument.
Data class should provide writeReplace() method returning DataProxy instance. So when Data object is serialized, the returned stream is of DataProxy class. However DataProxy class is not visible outside, so it can't be used directly.
DataProxy class should implement readResolve() method returning Data object. So when Data class is deserialized, internally DataProxy is deserialized and when it's readResolve() method is called, we get Data object.
Finally implement readObject() method in Data class and throw InvalidObjectException to avoid hackers attack trying to fabricate Data object stream and parse it
No comments:
Post a Comment