概念:
序列化:把对象转换为字节序列的过程称为对象的序列化。
反序列化:把字节序列恢复为对象的过程称为对象的反序列化。
对象的序列化主要有两种用途:
1)把对象的字节序列永久地保存到硬盘上,通常存放在一个文件中;
2)在网络上传送对象的字节序列。
串行化与序列化的关系:
串行化也叫做序列化,就是把存在于内存的对象数据转化成可以保存成硬盘文件的形式去存储;
并行化与反序列化的关系:
并行化也叫反序列化,就是把序列化后的硬盘文件加载到内存,重新变成对象数据.
也就是把内存中对象数据变成硬盘文件.
1、序列化基本实现
a)最基本的序列化:实现Serializable接口,通过文件流的方式将对象持久化到磁盘。
public class Person implements Serializable{
//主要用于保证序列化对象的版本兼容
private static final long serialVersionUID = -8146973185149904486L;
private String name;
private int age;
private Person per;
public Person(String name, int age) {
this.name = name;
this.age = age;
}
public Person() {
super();
}
@Override
public String toString() {
return "Person [name=" + name + ", age=" + age + ", per=" + (per !=null ? per.getName() : "[null]") + "]";//注意这里有一个括号
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public int getAge() {
return age;
}
public void setAge(int age) {
this.age = age;
}
public Person getPer() {
return per;
}
public void setPer(Person per) {
this.per = per;
}
}
@Test
public void serialize(){
Person p1 = new Person("柳三", 32);
Person p2 = new Person("徐五", 26);
p1.setPer(p2);
p2.setPer(p1);
try {
FileOutputStream fileOutputStream = new FileOutputStream("my.ser");
ObjectOutputStream objectOutputStream = new ObjectOutputStream(fileOutputStream);
objectOutputStream.writeObject(p1);
objectOutputStream.close();
} catch (Exception e) {
e.printStackTrace();
}
}
b)最基本的反序列化:读取之前序列化之后的文件,恢复成对象
@Test
public void deserialize(){
try {
FileInputStream fileInputStream = new FileInputStream("my.ser");
ObjectInputStream objectInputStream = new ObjectInputStream(fileInputStream);
Person pp= (Person) objectInputStream.readObject();
objectInputStream.close();
System.out.println(pp.toString());
new File("facked.ser").delete();
} catch (Exception e) {
e.printStackTrace();
}
}
2、模糊化序列化数据(并不是加密)
public class Person implements Serializable{
private static final long serialVersionUID = -8146973185149904486L;
private String name;
private int age;
private Person per;
public Person(String name, int age) {
this.name = name;
this.age = age;
}
public Person() {
super();
}
//模糊化数据处理:这里采用简单方式
private void writeObject(ObjectOutputStream objectOutputStream) throws IOException{
age = age << 2;//混淆关键字段
objectOutputStream.defaultWriteObject();//将当前类的非静态和非瞬态字段写入此流
}
private void readObject(ObjectInputStream objectInputStream) throws ClassNotFoundException, IOException {
objectInputStream.defaultReadObject();
age = age >> 2;//解混淆关键字段 注意解混淆放在objectInputStream.defaultReadObject();后面
}
@Override
public String toString() {
return "Person [name=" + name + ", age=" + age + ", per=" + (per !=null ? per.getName() : "[null]") + "]";
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public int getAge() {
return age;
}
public void setAge(int age) {
this.age = age;
}
public Person getPer() {
return per;
}
public void setPer(Person per) {
this.per = per;
}
}
想了解更多可以参考:http://blog.csdn.net/qq_35101189/article/details/55045189