html5-img
1 / 95

Object Serialization and Persistence

Object Serialization and Persistence. 对象序列化和持久化. 摘要. 对象序列化 对象持久化 Language level Databases Hibernate. 摘要. 对象序列化 对象持久化 Language level Databases Hibernate. 摘要. 对象序列化 对象持久化 Language level Databases Hibernate. Object Serialization. Why What How. Java Object Serialization -- Why.

zofia
Download Presentation

Object Serialization and Persistence

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Object Serialization and Persistence 对象序列化和持久化 Institute of Computer Software Nanjing University

  2. 摘要 • 对象序列化 • 对象持久化 • Language level • Databases • Hibernate Institute of Computer Software Nanjing University

  3. 摘要 • 对象序列化 • 对象持久化 • Language level • Databases • Hibernate Institute of Computer Software Nanjing University

  4. 摘要 • 对象序列化 • 对象持久化 • Language level • Databases • Hibernate Institute of Computer Software Nanjing University

  5. Object Serialization • Why • What • How Institute of Computer Software Nanjing University

  6. Java Object Serialization -- Why • Serialization is used for lightweight persistence and for communication via sockets or Remote Method Invocation (RMI). Institute of Computer Software Nanjing University

  7. Java Object Serialization -- Example public class Client { public static void main(String args[]) { try { // Create a socket Socket soc = new Socket(InetAddress.getLocalHost(), 8020); OutputStream o = soc.getOutputStream(); ObjectOutput s = new ObjectOutputStream(o); s.writeObject("Today's date"); s.writeObject(new Date()); s.flush(); s.close(); } catch (Exception e) { System.out.println(e.getMessage()); System.out.println("Error during serialization"); System.exit(1); } } } Institute of Computer Software Nanjing University

  8. Java Object Serialization -- Example public class Server { public static void main(String args[]) { ServerSocket ser = null; Socket soc = null; String str = null; Date d = null; try { ser = new ServerSocket(8020); soc = ser.accept(); InputStream o = soc.getInputStream(); ObjectInput s = new ObjectInputStream(o); str = (String) s.readObject(); d = (Date) s.readObject(); s.close(); System.out.println(str); System.out.println(d); } catch (Exception e) { System.out.println(e.getMessage()); System.out.println("Error during serialization"); System.exit(1); } } } Institute of Computer Software Nanjing University

  9. Java Object Serialization -- Example • Writing to an object stream // Serialize today's date to a file. FileOutputStream f = new FileOutputStream("tmp"); ObjectOutput s = new ObjectOutputStream(f); s.writeObject("Today"); s.writeObject(new Date()); s.flush(); Institute of Computer Software Nanjing University

  10. Java Object Serialization -- Example • Reading from an object stream // Deserialize a string and date from a file. FileInputStream in = new FileInputStream("tmp"); ObjectInputStream s = new ObjectInputStream(in); String today = (String)s.readObject(); Date date = (Date)s.readObject(); Institute of Computer Software Nanjing University

  11. Java Object Serialization -- What • Object Serialization extends the core Java Input/Output classes with support for objects. • Object Serialization supports the encoding of objects, and the objects reachable from them, into a stream of bytes; and it supports the complementary reconstruction of the object graph from the stream. Institute of Computer Software Nanjing University

  12. Java Object Serialization -- Goal • Have a simple yet extensible mechanism. • Maintain the Java object type and safety properties in the serialized form. • Be extensible to support marshaling and unmarshaling as needed for remote objects. • Be extensible to support simple persistence of Java objects. • Require per class implementation only for customization. • Allow the object to define its external format. Institute of Computer Software Nanjing University

  13. Java Object Serialization -- How • Objects to be saved in the stream may support either the Serializable or the Externalizable interface. • For Serializable objects, the stream includes sufficient information to restore the fields in the stream to a compatible version of the class. • For Externalizable objects, the class is solely responsible for the external format of its contents. Institute of Computer Software Nanjing University

  14. The Serializable Interface • public interface java.io.Serializable { }; • A Serializable class must do the following: • Implement the java.io.Serializable interface • Identify the fields that should be serializable • Have access to the no-arg constructor of its first nonserializable superclass Institute of Computer Software Nanjing University

  15. The Serializable Interface • The class can optionally define the following methods: • writeObject (ObjectOutputStream) • readObject (ObjectInputStream) • writeReplace () • readResolve () 思考:如果一个可序列化的类实现了以上四个方法,那么在序列化和反序列化的过程中,这几个方法的调用次序如何? Institute of Computer Software Nanjing University

  16. The Externalizable Interface public interface Externalizable extends Serializable { public void writeExternal(ObjectOutput out) throws IOException; public void readExternal(ObjectInput in) throws IOException, java.lang.ClassNotFoundException; } Institute of Computer Software Nanjing University

  17. The Externalizable Interface • The class of an Externalizable object must do the following: • Implement the java.io.Externalizable interface • Implement a writeExternal method to save the state of the object • Implement a readExternal method to read the data written by the writeExternal method from the stream and restore the state of the object • Have the writeExternal and readExternal methods be solely responsible for the format, if an externally defined format is written • Have a public no-arg constructor Institute of Computer Software Nanjing University

  18. The Externalizable Interface • An Externalizable class can optionally define the following methods: • writeReplace • readResolve Note: 声明类实现Externalizable接口会有重大的安全风险。writeExternal()与readExternal()方法声明为public,恶意类可以用这些方法读取和写入对象数据。如果对象包含敏感信息,则要格外小心。 Institute of Computer Software Nanjing University

  19. 区别 • Serializable • 自动存储必要信息,用以反序列化被存储的实例 • 优点 • 内建支持 • 易于实现 • 缺点 • 占用空间过大 • 速度慢 • Externalizable • 只保存被存储的类的标识,完全由程序员完成读取和写入工作 • 优点 • 开销较少 • 可能的速度提升 • 缺点 • 虚拟机不提供帮助,程序员负担重 Institute of Computer Software Nanjing University

  20. serialVersionUID • privatestaticfinallongserialVersionUID • For compability • InvalidClassException • It is strongly recommended that all serializable classes explicitly declare serialVersionUID values • serialver;eclipse Institute of Computer Software Nanjing University

  21. Serialization Principles • 如果该类有父类 • 如果父类实现了可序列化接口,则OK • 如果父类没有实现可序列化接口,则父类所有字段的属性默认情况下不会被序列化 • 如果该类的某个属性标识为static类型的,则该属性不能序列化; • 如果该类的某个属性采用transient关键字标识,则该属性不能序列化; Institute of Computer Software Nanjing University

  22. Serialization Principles • 在我们标注一个类可以序列化的时候,其以下属性应该设置为transient来避免序列化: • 线程相关的属性; • 需要访问IO、本地资源、网络资源等的属性; • 没有实现可序列化接口的属性; Institute of Computer Software Nanjing University

  23. Some Items from 《Effective Java》 Institute of Computer Software Nanjing University

  24. Effective Java for Serialization • 1. Implement Serializable judiciously 谨慎地实现Serializable • 代价1:一旦一个类被发布,则“改变这个类的实现”的灵活性将大大降低。 • 序列化会使类的演化受到限制。 • 代价2:增加了错误和安全漏洞的可能性。 • 序列化机制是一种语言之外的对象创建机制。 • 代价3:随着一个类的新版本的发行,相关的测试负担增加了。 • 可序列化类的变化越大,它就越需要测试。 Institute of Computer Software Nanjing University

  25. Effective Java for Serialization • Notes: • 为了继承而设计的类应该很少实现Serializable,接口也应该很少会扩展它。 • 对于为继承而设计的不可序列化的类,应该考虑提供一个无参数的构造函数。 • 内部类应该很少实现Serializable。 Institute of Computer Software Nanjing University

  26. Effective Java for Serialization • 2. Consider using a custom serialized form 考虑使用自定义的序列化形式 • 如果一个对象的物理表示等同于它的逻辑内容,则默认的序列化形式可能是合适的。 • 即使确定了默认序列化形式是合适的,通常仍然要提供一个readObject方法以保证约束关系和安全性。 Institute of Computer Software Nanjing University

  27. Effective Java for Serialization Institute of Computer Software Nanjing University

  28. Effective Java for Serialization Institute of Computer Software Nanjing University

  29. Effective Java for Serialization • 当一个对象的物理表示与它的逻辑数据内容有实质性的区别时,使用默认序列化形式有4个缺点: • 它使这个类的导出API永久地束缚在该类的内部表示上。 • 它要消耗过多的空间。 • 它要消耗过多的时间。 • 它会引起栈溢出。 Institute of Computer Software Nanjing University

  30. Institute of Computer Software Nanjing University

  31. Effective Java for Serialization Institute of Computer Software Nanjing University

  32. Effective Java for Serialization • 如果所有的实例域都是transient的,那么省去调用defaultWriteObject和defaultReadObject也是允许的,但是不推荐这样做。 • 在决定将一个域做成非transient之前,请一定要确信它的值将是该对象逻辑状态的一部分。 • 不管你选择了哪种序列化形式,你都要为自己编写的每个序列化的类声明一个显式的序列化版本UID。 private static final long serialVersionID = randomLongValue Institute of Computer Software Nanjing University

  33. Effective Java for Serialization • 3. Write readObject methods defensively 保护性地编写readObject方法 • readObject方法实际上相当于另一个共有的构造函数,如同其他构造函数一样,它也要求所有同样的注意事项:检查实参的有效性,并且必要时对参数进行保护性拷贝。 Institute of Computer Software Nanjing University

  34. Versioning • Versioning raises some fundamental questions about the identity of a class, including what constitutes a compatible change. • A compatible changeis a change that does not affect the contract between the class and its callers. Institute of Computer Software Nanjing University

  35. Incompatible changes • Deleting fields • Moving classes up or down the hierarchy • Changing a nonstatic field to static or a nontransient field to transient • Changing the declared type of a primitive field • Changing the writeObject or readObject method so that it no longer writes or reads the default field data or changing it so that it attempts to write it or read it when the previous version did not. Institute of Computer Software Nanjing University

  36. Incompatible changes • Changing a class from Serializable to Externalizable or vice versa • Changing a class from a non-enum type to an enum type or vice versa • Removing either Serializable or Externalizable • Adding the writeReplace or readResolve method to a class is incompatible if the behavior would produce an object that is incompatible with any older version of the class. Institute of Computer Software Nanjing University

  37. Compatible changes • Adding fields • Adding classes • Removing classes • Adding writeObject/readObject methods • Removing writeObject/readObject methods • Adding java.io.Serializable • Changing the access to a field • Changing a field from static to nonstatic or transient to nontransient Institute of Computer Software Nanjing University

  38. 摘要 • 对象序列化 • 对象持久化 • Language level • Databases • Hibernate Institute of Computer Software Nanjing University

  39. 摘要 • 对象序列化 • 对象持久化 • Language level • Databases • Hibernate Institute of Computer Software Nanjing University

  40. Object Persistence • During execution of application: objects are created and manipulated • What happens to objects after termination? • Various kinds of objects • Transient objects: • Disappear with current session • Persistent objects: • Stay around from session to session • May be shared with other applications (e.g. databases) Institute of Computer Software Nanjing University

  41. Approaches to manipulate persistent objects • Persistence mechanisms from programming languages • Relational databases • Object-oriented databases Institute of Computer Software Nanjing University

  42. Persistence from programming languages • Mechanisms for storing objects in files and retrieving them • Simple objects: • e.g. integers, characters • conventional methods usable • Composite objects: • contain references to other objects • Persistence Closure principle: • Any storage and retrieval mechanism must handle the object and all its dependents.  otherwise: dangling references Institute of Computer Software Nanjing University

  43. 对象结构的存储与提取 • 对象持久化的难点之一: • 对象之间的引用 Institute of Computer Software Nanjing University

  44. 对象结构的存储与提取 • 需持久化整个对象引用闭包 • Persistence closure • Java的serialization规则 • 缺省规则:非static 非transient 的数据成员 • 用户定义 class List implements Serializable { List next; private static final ObjectStreamField[] serialPersistentFields = {new ObjectStreamField("next", List.class)}; } Institute of Computer Software Nanjing University

  45. 对象结构的存储与提取 • 闭包可能太大 • 小对象引用(共享的)大对象 Institute of Computer Software Nanjing University

  46. 对象结构的存储与提取 • Java 的 transient 修饰子 • Transient fields 不被序列化 • Static fields 也不被序列化 • 开发者负责维护 Institute of Computer Software Nanjing University

  47. Schema evolution • Fact: Classes change • Problem: Objects are stored of which class descriptions have changed • Schema evolution: • At least one class used by the retrieving system differs from its counterpart stored by the storing system. • Object retrieval mismatch (Object mismatch): • The retrieving system retrieves a particular object whose own generating class was different in the storing system. • No fully satisfactory solution Institute of Computer Software Nanjing University

  48. Different approaches • Naive, extreme approaches: • Forsake previously stored objects • Over a migration path from old format to new • a one-time, en masse conversion of old objects • not applicable to a large persistent store or to one that must be available continuously • Most general solution: On-the-fly conversion • Note: We cover only the retrieval part. Whether to write back the converted object is a separate issue. Institute of Computer Software Nanjing University

  49. On-the-fly object conversion • Three separate issues: • Detection: • Catch object mismatch • Notification: • Make retrieving system aware of object mismatch • Correction: • Bring mismatched object to a consistent state • Make it a correct instance of the new class version Institute of Computer Software Nanjing University

  50. Detection • Detect a mismatch between two versions of an object’s generating class • Two categories of detection policy: • Nominal approach: • Each class version has a version name • Central registration mechanism necessary • Structural approach: • Deduce class descriptor from actual class structure • Store class descriptor • Simple detection: compare class descriptors of retrieved object with new class descriptor Institute of Computer Software Nanjing University

More Related