Java Doc for ObjectInputStream.java in  » 6.0-JDK-Modules » j2me » java » io » Java Source Code / Java DocumentationJava Source Code and Java Documentation

ObjectOutputStream and ObjectInputStream can provide an application with persistent storage for graphs of objects when used with a FileOutputStream and FileInputStream respectively. ObjectInputStream is used to recover those objects previously serialized. Other uses include passing objects between hosts using a socket stream or for marshaling and unmarshaling arguments and parameters in a remote communication system.

ObjectInputStream ensures that the types of all objects in the graph created from the stream match the classes present in the Java Virtual Machine. Classes are loaded as required using the standard mechanisms.

Only objects that support the java.io.Serializable or java.io.Externalizable interface can be read from streams.

The method readObject is used to read an object from the stream. Java's safe casting should be used to get the desired type. In Java, strings and arrays are objects and are treated as objects during serialization. When read they need to be cast to the expected type.

Primitive data types can be read from the stream using the appropriate method on DataInput.

The default deserialization mechanism for objects restores the contents of each field to the value and type it had when it was written. Fields declared as transient or static are ignored by the deserialization process. References to other objects cause those objects to be read from the stream as necessary. Graphs of objects are restored correctly using a reference sharing mechanism. New objects are always allocated when deserializing, which prevents existing objects from being overwritten.

Reading an object is analogous to running the constructors of a new object. Memory is allocated for the object and initialized to zero (NULL). No-arg constructors are invoked for the non-serializable classes and then the fields of the serializable classes are restored from the stream starting with the serializable class closest to java.lang.object and finishing with the object's most specific class.

For example to read from a stream as written by the example in ObjectOutputStream:

 FileInputStream fis = new FileInputStream("t.tmp");
 ObjectInputStream ois = new ObjectInputStream(fis);
 int i = ois.readInt();
 String today = (String) ois.readObject();
 Date date = (Date) ois.readObject();
 ois.close();
 

Classes control how they are serialized by implementing either the java.io.Serializable or java.io.Externalizable interfaces.

Implementing the Serializable interface allows object serialization to save and restore the entire state of the object and it allows classes to evolve between the time the stream is written and the time it is read. It automatically traverses references between objects, saving and restoring entire graphs.

Serializable classes that require special handling during the serialization and deserialization process should implement the following methods:

 private void writeObject(java.io.ObjectOutputStream stream)
 throws IOException;
 private void readObject(java.io.ObjectInputStream stream)
 throws IOException, ClassNotFoundException;
 private void readObjectNoData() 
 throws ObjectStreamException; 
 

The readObject method is responsible for reading and restoring the state of the object for its particular class using data written to the stream by the corresponding writeObject method. The method does not need to concern itself with the state belonging to its superclasses or subclasses. State is restored by reading data from the ObjectInputStream for the individual fields and making assignments to the appropriate fields of the object. Reading primitive data types is supported by DataInput.

Any attempt to read object data which exceeds the boundaries of the custom data written by the corresponding writeObject method will cause an OptionalDataException to be thrown with an eof field value of true. Non-object reads which exceed the end of the allotted data will reflect the end of data in the same way that they would indicate the end of the stream: bytewise reads will return -1 as the byte read or number of bytes read, and primitive reads will throw EOFExceptions. If there is no corresponding writeObject method, then the end of default serialized data marks the end of the allotted data.

Primitive and object read calls issued from within a readExternal method behave in the same manner--if the stream is already positioned at the end of data written by the corresponding writeExternal method, object reads will throw OptionalDataExceptions with eof set to true, bytewise reads will return -1, and primitive reads will throw EOFExceptions. Note that this behavior does not hold for streams written with the old ObjectStreamConstants.PROTOCOL_VERSION_1 protocol, in which the end of data written by writeExternal methods is not demarcated, and hence cannot be detected.

The readObjectNoData method is responsible for initializing the state of the object for its particular class in the event that the serialization stream does not list the given class as a superclass of the object being deserialized. This may occur in cases where the receiving party uses a different version of the deserialized instance's class than the sending party, and the receiver's version extends classes that are not extended by the sender's version. This may also occur if the serialization stream has been tampered; hence, readObjectNoData is useful for initializing deserialized objects properly despite a "hostile" or incomplete source stream.

Serialization does not read or assign values to the fields of any object that does not implement the java.io.Serializable interface. Subclasses of Objects that are not serializable can be serializable. In this case the non-serializable class must have a no-arg constructor to allow its fields to be initialized. In this case it is the responsibility of the subclass to save and restore the state of the non-serializable class. It is frequently the case that the fields of that class are accessible (public, package, or protected) or that there are get and set methods that can be used to restore the state.

Any exception that occurs while deserializing an object will be caught by the ObjectInputStream and abort the reading process.

Implementing the Externalizable interface allows the object to assume complete control over the contents and format of the object's serialized form. The methods of the Externalizable interface, writeExternal and readExternal, are called to save and restore the objects state. When implemented by a class they can write and read their own state using all of the methods of ObjectOutput and ObjectInput. It is the responsibility of the objects to handle any versioning that occurs.
version:
   1.135, 01/09/15
See Also:   java.io.DataInput
See Also:   java.io.ObjectOutputStream
See Also:   java.io.Serializable
See Also:    Object Serialization Specification, Section 3, Object Input Classes
since:
   JDK1.1

This method is called exactly once for each unique proxy class descriptor in the stream.

The corresponding method in ObjectOutputStream is annotateProxyClass.

If a security manager is installed, this constructor will check for the "enableSubclassImplementation" SerializablePermission when invoked directly or indirectly by the constructor of a subclass which overrides the ObjectInputStream.readFields or ObjectInputStream.readUnshared methods.
Parameters:
  in - input stream to read from
throws:
  StreamCorruptedException - if the stream header is incorrect
throws:
  IOException - if an I/O error occurs while reading stream header
throws:
  SecurityException - if untrusted subclass illegally overridessecurity-sensitive methods
throws:
  NullPointerException - if in is null
See Also:   ObjectInputStream.ObjectInputStream
See Also:   ObjectInputStream.readFields
See Also:    ObjectOutputStream#ObjectOutputStream(OutputStream).

If there is a security manager installed, this method first calls the security manager's checkPermission method with the SerializablePermission("enableSubclassImplementation") permission to ensure it's ok to enable subclassing.
exception:
  IOException - Thrown if not called by a subclass.
throws:
  SecurityException - if a security manager exists and its checkPermission method deniesenabling subclassing.
See Also:   SecurityManager.checkPermission
See Also:   java.io.SerializablePermission

the class descriptor read
exception:
  IOException - If an I/O error has occurred.
exception:
  ClassNotFoundException - If the Class of a serialized objectused in the class descriptor representation cannot be found
See Also:   java.io.ObjectOutputStream.writeClassDescriptor(java.io.ObjectStreamClass)
since:
   1.3

The root object is completly restored when all of its fields and the objects it references are completely restored. At this point the object validation callbacks are executed in order based on their registered priorities. The callbacks are registered by objects (in the readObject special methods) as they are individually restored. Exceptions are thrown for problems with the InputStream and for classes that should not be deserialized. All exceptions are fatal to the InputStream and leave it in an indeterminate state; it is up to the caller to ignore or recover the stream state.
exception:
  java.lang.ClassNotFoundException - Class of a serialized objectcannot be found.
exception:
  InvalidClassException - Something is wrong with a class used byserialization.
exception:
  StreamCorruptedException - Control information in thestream is inconsistent.
exception:
  OptionalDataException - Primitive data was found in the stream instead of objects.
exception:
  IOException - Any of the usual Input/Output related exceptions.

• If readUnshared is called to deserialize a back-reference (the stream representation of an object which has been written previously to the stream), an ObjectStreamException will be thrown.
• If readUnshared returns successfully, then any subsequent attempts to deserialize back-references to the stream handle deserialized by readUnshared will cause an ObjectStreamException to be thrown.

However, for objects which are not instances of java.lang.Class and do not define readResolve methods, readUnshared guarantees that the returned object reference is unique and cannot be obtained a second time from the ObjectInputStream that created it, even if the underlying data stream has been manipulated. This guarantee applies only to the base-level object returned by readUnshared, and not to any transitively referenced sub-objects in the returned object graph.

ObjectInputStream subclasses which override this method can only be constructed in security contexts possessing the "enableSubclassImplementation" SerializablePermission; any attempt to instantiate such a subclass without this permission will cause a SecurityException to be thrown. reference to deserialized object
throws:
  ClassNotFoundException - if class of an object to deserializecannot be found
throws:
  StreamCorruptedException - if control information in the streamis inconsistent
throws:
  ObjectStreamException - if object to deserialize has alreadyappeared in stream
throws:
  OptionalDataException - if primitive data is next in stream
throws:
  IOException - if an I/O error occurs during deserialization

The corresponding method in ObjectOutputStream is annotateClass. This method will be invoked only once for each unique class in the stream. This method can be implemented by subclasses to use an alternate loading mechanism but must return a Class object. Once returned, the serialVersionUID of the class is compared to the serialVersionUID of the serialized class. If there is a mismatch, the deserialization fails and an exception is raised.

By default the class name is resolved relative to the class that called readObject.
Parameters:
  desc - an instance of class ObjectStreamClass a Class object corresponding to desc
throws:
  IOException - any of the usual input/output exceptions
throws:
  ClassNotFoundException - if class of a serialized object cannotbe found

This method is called after an object has been read but before it is returned from readObject. The default resolveObject method just returns the same object.

When a subclass is replacing objects it must insure that the substituted object is compatible with every field where the reference will be stored. Objects whose type is not a subclass of the type of the field or array element abort the serialization by raising an exception and the object is not be stored.

This method is called only once when each object is first encountered. All subsequent references to the object will be redirected to the new object.
Parameters:
  obj - object to be substituted the substituted object
throws:
  IOException - Any of the usual Input/Output exceptions.

This method is called exactly once for each unique proxy class descriptor in the stream.

The corresponding method in ObjectOutputStream is annotateProxyClass. For a given subclass of ObjectInputStream that overrides this method, the annotateProxyClass method in the corresponding subclass of ObjectOutputStream must write any data or objects read by this method.

The default implementation of this method in ObjectInputStream returns the result of calling Proxy.getProxyClass with the list of Class objects for the interfaces that are named in the interfaces parameter. The Class object for each interface name i is the value returned by calling

 Class.forName(i, false, loader)