Why Java Needs Serializable Interface

Why Java needs Serializable interface?

Serialization is fraught with pitfalls. Automatic serialization support of this form makes the class internals part of the public API (which is why javadoc gives you the persisted forms of classes).

For long-term persistence, the class must be able to decode this form, which restricts the changes you can make to class design. This breaks encapsulation.

Serialization can also lead to security problems. By being able to serialize any object it has a reference to, a class can access data it would not normally be able to (by parsing the resultant byte data).

There are other issues, such as the serialized form of inner classes not being well defined.

Making all classes serializable would exacerbate these problems. Check out Effective Java Second Edition, in particular Item 74: Implement Serializable judiciously.

What is the need of serialization in Java?

Serialization is usually used When the need arises to send your data over network or stored in files. By data I mean objects and not text.

Now the problem is your Network infrastructure and your Hard disk are hardware components that understand bits and bytes but not JAVA objects.

Serialization is the translation of your Java object's values/states to bytes to send it over network or save it.

This is analogous to how your voice is transmitted over PSTN telephone lines.

When should we implement Serializable interface?

  1. From What's this "serialization" thing all about?:

    It lets you take an object or group of
    objects, put them on a disk or send
    them through a wire or wireless
    transport mechanism, then later,
    perhaps on another computer, reverse
    the process: resurrect the original
    object(s). The basic mechanisms are to
    flatten object(s) into a
    one-dimensional stream of bits, and to
    turn that stream of bits back into the
    original object(s).

    Like the Transporter on Star Trek,
    it's all about taking something
    complicated and turning it into a flat
    sequence of 1s and 0s, then taking
    that sequence of 1s and 0s (possibly
    at another place, possibly at another
    time) and reconstructing the original
    complicated "something."

    So, implement the Serializable interface when you need to store a copy of the object, send them to another process which runs on the same system or over the network.

  2. Because you want to store or send an object.

  3. It makes storing and sending objects easy. It has nothing to do with security.

Why class need to implement serializable marker interface for serialization?

By providing the marker interface, people can choose whether to make a class Serializable. Sometimes, you might not want this! (and certainly, it would not be good to make this the default: See for example the answers to this question: Why Java needs Serializable interface?)

What's the rationale behind Serializable interface?

Because:

  1. Not all objects have meaningful semantics for this. Example: singleton object
  2. Security. If you pass objects to someone else's code and they could always capture and transmit the object then there would need to be an opt out for security related code and there would be security bugs when people overlooked an object. So "off by default" is more secure.
  3. The built in serialisation format writes out the classname for every object you write so it is very inefficient. Only use it for very simple cases with little data.
  4. The default serialisation does not share data easily with code written in other languages so using a specific representation should be considered if data written today may need to be read by other software in the future. So it's not a good long term format.
  5. The exact rules of how it works in all cases are not well remembered by all developers.

If you read the book Effective Java by Joshua Bloch it explains how tricky using the built in feature can be. Most developers avoid it for a lot of cases. This answer gives a good rule of thumb https://softwareengineering.stackexchange.com/a/240432/129659

Why does a class implements Serializable interface?

  1. Serialization, in broad terms, is the way Java provides developers to persist the state of any object to a persistent store.

  2. If a developer wants that for some reason instance of his coded class should be persisted to a backing store, then the class needs to be declared as implementing Serializable.

  3. The above code represents a One to One relationship between a Husband and a Wife. Which basically means that each wife is related to one husband and each husband is related to one wife. :-) Also in the above relationship, the Husband is the master of the relationship [in Entity-Relationship terms] and that is why Wife says that it is mapped/associated to Husband by the Husband and not the other way around. Which means Husband identifies its wife and not the other way around.



Related Topics



Leave a reply



Submit