当我们需要序列化的时候,不想某些敏感字段序列化,因为如果默认实现Serilizable接口序列化,数据在网络传播的话,内容很容易被别人截获并且反序列化,导致信息不安全,这个时候,需要在不想序列化的字段上加transient关键字或者注解(自己百度下)。
下面,就以简单的例子来演示该关键字的使用
package com.guanjianzi;
import java.io.Serializable;
public class Person implements Serializable{
/**
* 序列号
*/
private static final long serialVersionUID = 1L;
private String name;
private int age;
private String sex;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public int getAge() {
return age;
}
public void setAge(int age) {
this.age = age;
}
public String getSex() {
return sex;
}
public void setSex(String sex) {
this.sex = sex;
}
}
package com.guanjianzi;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
public class Test {
public static void main(String[] args) {
Person p = new Person();
p.setAge(10);
p.setName("xiaoming");
p.setSex("男");
File file = new File("D:/a.txt");
ObjectInputStream bis = null;
ObjectOutputStream fos = null;
try {
fos = new ObjectOutputStream(new FileOutputStream(file));
fos.writeObject(p);
bis = new ObjectInputStream(new FileInputStream(file));
p = (Person) bis.readObject(); // 从流中读取User的数据
System.out.println("name: " + p.getName());
System.out.println("age: " + p.getAge());
} catch (Exception e) {
e.printStackTrace();
} finally {
if(bis != null){
try {
bis.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
if(fos != null){
try {
fos.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
}
}
输出结果为:
name: xiaoming
age: 10
如果这个时候在name上加该关键字:
输出结果为
name: null
age: 10
下面在来看下对于静态字段,会不会序列化,对person类中的sex前面加static
在反序列化之前改变sex的值和name的值
package com.guanjianzi;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
public class Test {
public static void main(String[] args) {
Person p = new Person();
p.setAge(10);
p.setName("xiaoming");
p.setSex("男");
File file = new File("D:/a.txt");
ObjectInputStream bis = null;
ObjectOutputStream fos = null;
try {
fos = new ObjectOutputStream(new FileOutputStream(file));
fos.writeObject(p);
p.setSex("女");
p.setName("111");
bis = new ObjectInputStream(new FileInputStream(file));
p = (Person) bis.readObject(); // 从流中读取User的数据
System.out.println("name: " + p.getName());
System.out.println("age: " + p.getAge());
System.out.println("sex:"+p.getSex());
} catch (Exception e) {
e.printStackTrace();
} finally {
if(bis != null){
try {
bis.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
if(fos != null){
try {
fos.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
}
}
结果显示:
name: xiaoming
age: 10
sex:女
name的值没变,sex的值改变了,说明static不能被序列化,不管是否加上transient关键字,大家可以加上试下,就不赘述了。