对象序列化和持久化课件.ppt

1、对象序列化和持久化Object Serialization and Persistence2022-8-12Institute of Computer SoftwareNanjing University1摘要对象序列化对象持久化Language levelDatabasesHibernate2022-8-12Institute of Computer SoftwareNanjing University2摘要对象序列化对象持久化Language levelDatabasesHibernate2022-8-12Institute of Computer SoftwareNanjing Univ

2、ersity3摘要对象序列化对象持久化Language levelDatabasesHibernate2022-8-12Institute of Computer SoftwareNanjing University4Object SerializationWhyWhatHow 2022-8-12Institute of Computer SoftwareNanjing University5Java Object Serialization-WhySerialization is used for lightweight persistence and for communication v

3、ia sockets or Remote Method Invocation(RMI).2022-8-12Institute of Computer SoftwareNanjing University6Java Object Serialization-Examplepublic class Client public static void main(String args)try /Create a socket Socket soc=new Socket(InetAddress.getLocalHost(),8020);OutputStream o=soc.getOutputStrea

4、m();ObjectOutput s=new ObjectOutputStream(o);s.writeObject(Todays date);s.writeObject(new Date();s.flush();s.close();catch(Exception e)System.out.println(e.getMessage();System.out.println(Error during serialization);System.exit(1);2022-8-12Institute of Computer SoftwareNanjing University7Java Object

5、 Serialization-Examplepublic class Server public static void main(String args)ServerSocket ser=null;Socket soc=null;String str=null;Date d=null;try ser=new ServerSocket(8020);soc=ser.accept();InputStream o=soc.getInputStream();ObjectInput s=new ObjectInputStream(o);str=(String)s.readObject();d=(Date

6、)s.readObject();s.close();System.out.println(str);System.out.println(d);catch(Exception e)System.out.println(e.getMessage();System.out.println(Error during serialization);System.exit(1);2022-8-12Institute of Computer SoftwareNanjing University8Java Object Serialization-ExampleWriting to an object st

7、ream2022-8-12Institute of Computer SoftwareNanjing University9/Serialize todays date to a file.FileOutputStream f=new FileOutputStream(tmp);ObjectOutput s=new ObjectOutputStream(f);s.writeObject(Today);s.writeObject(new Date();s.flush();Java Object Serialization-ExampleReading from an object stream2

8、022-8-12Institute of Computer SoftwareNanjing University10/Deserialize a string and date from a file.FileInputStream in=new FileInputStream(tmp);ObjectInputStream s=new ObjectInputStream(in);String today=(String)s.readObject();Date date=(Date)s.readObject();Java Object Serialization-WhatObject Seria

9、lization extends the core Java Input/Output classes with support for objects.Object Serialization supports the encoding of objects,and the objects reachable from them,into a stream of bytes;and it supports the complementary reconstruction of the object graph from the stream.2022-8-12Institute of Com

10、puter SoftwareNanjing University11Java Object Serialization-GoalHave a simple yet extensible mechanism.Maintain the Java object type and safety properties in the serialized form.Be extensible to support marshaling and unmarshaling as needed for remote objects.Be extensible to support simple persiste

11、nce of Java objects.Require per class implementation only for customization.Allow the object to define its external format.2022-8-12Institute of Computer SoftwareNanjing University12Java Object Serialization-HowObjects to be saved in the stream may support either the Serializable or the Externalizab

12、le interface.For Serializable objects,the stream includes sufficient information to restore the fields in the stream to a compatible version of the class.For Externalizable objects,the class is solely responsible for the external format of its contents.2022-8-12Institute of Computer SoftwareNanjing

13、University13The Serializable Interfacepublic interface java.io.Serializable ;A Serializable class must do the following:Implement the java.io.Serializable interface Identify the fields that should be serializableHave access to the no-arg constructor of its first nonserializable superclass 2022-8-12I

14、nstitute of Computer SoftwareNanjing University14The Serializable InterfaceThe class can optionally define the following methods:writeObject(ObjectOutputStream)readObject(ObjectInputStream)writeReplace()readResolve()2022-8-12Institute of Computer SoftwareNanjing University15思考：如果一个可序列化的类实现了以上四个方法，那么

15、在序列化和反序列化的过程中，这几个方法的调用次序如何？The Externalizable Interfacepublic interface Externalizable extends Serializable public void writeExternal(ObjectOutput out)throws IOException;public void readExternal(ObjectInput in)throws IOException,java.lang.ClassNotFoundException;2022-8-12Institute of Computer Softwar

16、eNanjing University16The Externalizable InterfaceThe class of an Externalizable object must do the following:Implement the java.io.Externalizable interface Implement a writeExternal method to save the state of the objectImplement a readExternal method to read the data written by the writeExternal me

17、thod from the stream and restore the state of the object Have the writeExternal and readExternal methods be solely responsible for the format,if an externally defined format is written Have a public no-arg constructor 2022-8-12Institute of Computer SoftwareNanjing University17The Externalizable Inte

18、rfaceAn Externalizable class can optionally define the following methods:writeReplacereadResolve2022-8-12Institute of Computer SoftwareNanjing University18Note:声明类实现Externalizable接口会有重大的安全风险。writeExternal()与readExternal()方法声明为public，恶意类可以用这些方法读取和写入对象数据。如果对象包含敏感信息，则要格外小心。区别Serializable自动存储必要信息，用以反序列化

19、被存储的实例优点内建支持易于实现缺点占用空间过大速度慢Externalizable只保存被存储的类的标识，完全由程序员完成读取和写入工作优点开销较少可能的速度提升缺点虚拟机不提供帮助，程序员负担重2022-8-1219Institute of Computer SoftwareNanjing UniversityserialVersionUIDprivate static final long serialVersionUIDFor compabilityInvalidClassException It is strongly recommended that all serializable

20、 classes explicitly declare serialVersionUID valuesserialver；eclipse2022-8-12Institute of Computer SoftwareNanjing University20Serialization Principles如果该类有父类如果父类实现了可序列化接口，则OK如果父类没有实现可序列化接口，则父类所有字段的属性默认情况下不会被序列化如果该类的某个属性标识为static类型的，则该属性不能序列化；如果该类的某个属性采用transient关键字标识，则该属性不能序列化；2022-8-12Institute of

21、 Computer SoftwareNanjing University21Serialization Principles在我们标注一个类可以序列化的时候，其以下属性应该设置为transient来避免序列化：线程相关的属性；需要访问IO、本地资源、网络资源等的属性；没有实现可序列化接口的属性；2022-8-12Institute of Computer SoftwareNanjing University22Some Items from Effective Java2022-8-12Institute of Computer SoftwareNanjing University23Effe

22、ctive Java for Serialization1.Implement Serializable judiciously 谨慎地实现Serializable代价1：一旦一个类被发布，则“改变这个类的实现”的灵活性将大大降低。序列化会使类的演化受到限制。代价2：增加了错误和安全漏洞的可能性。序列化机制是一种语言之外的对象创建机制。代价3：随着一个类的新版本的发行，相关的测试负担增加了。可序列化类的变化越大，它就越需要测试。2022-8-12Institute of Computer SoftwareNanjing University24Effective Java for Serial

23、izationNotes:为了继承而设计的类应该很少实现Serializable，接口也应该很少会扩展它。对于为继承而设计的不可序列化的类，应该考虑提供一个无参数的构造函数。内部类应该很少实现Serializable。2022-8-12Institute of Computer SoftwareNanjing University25Effective Java for Serialization2.Consider using a custom serialized form 考虑使用自定义的序列化形式如果一个对象的物理表示等同于它的逻辑内容，则默认的序列化形式可能是合适的。即使确定了默认序

24、列化形式是合适的，通常仍然要提供一个readObject方法以保证约束关系和安全性。2022-8-12Institute of Computer SoftwareNanjing University26Effective Java for Serialization2022-8-12Institute of Computer SoftwareNanjing University27Effective Java for Serialization2022-8-12Institute of Computer SoftwareNanjing University28Effective Java fo

25、r Serialization当一个对象的物理表示与它的逻辑数据内容有实质性的区别时，使用默认序列化形式有4个缺点:它使这个类的导出API永久地束缚在该类的内部表示上。它要消耗过多的空间。它要消耗过多的时间。它会引起栈溢出。2022-8-12Institute of Computer SoftwareNanjing University292022-8-12Institute of Computer SoftwareNanjing University30Effective Java for Serialization2022-8-12Institute of Computer Softwar

26、eNanjing University31Effective Java for Serialization如果所有的实例域都是transient的，那么省去调用defaultWriteObject和defaultReadObject也是允许的，但是不推荐这样做。在决定将一个域做成非transient之前，请一定要确信它的值将是该对象逻辑状态的一部分。不管你选择了哪种序列化形式，你都要为自己编写的每个序列化的类声明一个显式的序列化版本UID。2022-8-12Institute of Computer SoftwareNanjing University32private static fina

27、l long serialVersionID=randomLongValueEffective Java for Serialization3.Write readObject methods defensively 保护性地编写readObject方法readObject方法实际上相当于另一个共有的构造函数，如同其他构造函数一样，它也要求所有同样的注意事项：检查实参的有效性，并且必要时对参数进行保护性拷贝。2022-8-12Institute of Computer SoftwareNanjing University33VersioningVersioning raises some fu

28、ndamental questions about the identity of a class,including what constitutes a compatible change.A compatible change is a change that does not affect the contract between the class and its callers.2022-8-12Institute of Computer SoftwareNanjing University34Incompatible changesDeleting fieldsMoving cl

29、asses up or down the hierarchyChanging a nonstatic field to static or a nontransient field to transientChanging the declared type of a primitive fieldChanging the writeObject or readObject method so that it no longer writes or reads the default field data or changing it so that it attempts to write

30、it or read it when the previous version did not.2022-8-12Institute of Computer SoftwareNanjing University35Incompatible changesChanging a class from Serializable to Externalizable or vice versaChanging a class from a non-enum type to an enum type or vice versaRemoving either Serializable or External

31、izableAdding the writeReplace or readResolve method to a class is incompatible if the behavior would produce an object that is incompatible with any older version of the class.2022-8-12Institute of Computer SoftwareNanjing University36Compatible changesAdding fieldsAdding classesRemoving classesAddi

32、ng writeObject/readObject methodsRemoving writeObject/readObject methodsAdding java.io.SerializableChanging the access to a fieldChanging a field from static to nonstatic or transient to nontransient2022-8-12Institute of Computer SoftwareNanjing University37摘要对象序列化对象持久化Language levelDatabasesHiberna

33、te2022-8-12Institute of Computer SoftwareNanjing University38摘要对象序列化对象持久化Language levelDatabasesHibernate2022-8-12Institute of Computer SoftwareNanjing University39Object PersistenceDuring execution of application:objects are created and manipulatedWhat happens to objects after termination?Various k

34、inds of objectsTransient objects:Disappear with current sessionPersistent objects:Stay around from session to sessionMay be shared with other applications(e.g.databases)2022-8-12Institute of Computer SoftwareNanjing University40Approaches to manipulate persistent objectsPersistence mechanisms from p

35、rogramming languagesRelational databasesObject-oriented databases2022-8-12Institute of Computer SoftwareNanjing University41Persistence from programming languagesMechanisms for storing objects in files and retrieving themSimple objects:e.g.integers,charactersconventional methods usableComposite obje

36、cts:contain references to other objectsPersistence Closure principle:Any storage and retrieval mechanism must handle the object and all its dependents.otherwise:dangling references2022-8-12Institute of Computer SoftwareNanjing University42对象结构的存储与提取对象持久化的难点之一：对象之间的引用2022-8-12Institute of Computer So

37、ftwareNanjing University43对象结构的存储与提取需持久化整个对象引用闭包Persistence closureJava的serialization规则缺省规则：非static 非transient 的数据成员用户定义class List implements Serializable List next;private static final ObjectStreamField serialPersistentFields=new ObjectStreamField(next,List.class);2022-8-12Institute of Computer Sof

38、twareNanjing University44对象结构的存储与提取闭包可能太大小对象引用（共享的）大对象2022-8-12Institute of Computer SoftwareNanjing University45对象结构的存储与提取Java 的 transient 修饰子Transient fields 不被序列化Static fields 也不被序列化开发者负责维护2022-8-12Institute of Computer SoftwareNanjing University46Schema evolutionFact:Classes changeProblem:Object

39、s are stored of which class descriptions have changedSchema evolution:At least one class used by the retrieving system differs from its counterpart stored by the storing system.Object retrieval mismatch(Object mismatch):The retrieving system retrieves a particular object whose own generating class w

40、as different in the storing system.No fully satisfactory solution2022-8-12Institute of Computer SoftwareNanjing University47Different approachesNaive,extreme approaches:Forsake previously stored objectsOver a migration path from old format to newa one-time,en masse conversion of old objectsnot appli

41、cable to a large persistent store or to one that must be available continuouslyMost general solution:On-the-fly conversionNote:We cover only the retrieval part.Whether to write back the converted object is a separate issue.2022-8-12Institute of Computer SoftwareNanjing University48On-the-fly object

42、conversionThree separate issues:Detection:Catch object mismatchNotification:Make retrieving system aware of object mismatchCorrection:Bring mismatched object to a consistent stateMake it a correct instance of the new class version2022-8-12Institute of Computer SoftwareNanjing University49DetectionDe

43、tect a mismatch between two versions of an objects generating classTwo categories of detection policy:Nominal approach:Each class version has a version nameCentral registration mechanism necessaryStructural approach:Deduce class descriptor from actual class structureStore class descriptorSimple dete

44、ction:compare class descriptors of retrieved object with new class descriptor2022-8-12Institute of Computer SoftwareNanjing University50Detection:Structural ApproachWhat does the class descriptor need to contain?Trade-off between efficiency and reliabilityTwo extreme approaches:C1:class nameC2:entir

45、e class text(e.g.abstract syntax tree)Reasonable approaches:C3:class name,list of attributes(name and type)C4:in addition to C3:class invariant2022-8-12Institute of Computer SoftwareNanjing University51NotificationWhat happens when the detection mechanism has caught an object mismatch?Language level

46、 mechanism Class ANY could include a procedure:correct_mismatch is-Handle object retrieval mismatch.localexception:EXCEPTIONSdocreate exceptionexception.raise(Routine failure:Object mismatch during retrieval )end2022-8-12Institute of Computer SoftwareNanjing University52CorrectionHow do we correct a

47、n object that caused a mismatch?Current situation:Retrieval mechanism has created a new object(deduced from a stored object with same generating class)A mismatch has been detected new object is in temporary(maybe inconsistent)state2022-8-12Institute of Computer SoftwareNanjing University53Correction

48、增加attribute删除attribute2022-8-12Institute of Computer SoftwareNanjing University540.0Attribute was not in stored version.Field is initialized to default value of attribute typeStored version had a field.New version has removed attribute.Attributes have not changed.Correctioncorrect_mismatch is-Handle

49、 object retrieval mismatch-by correctly setting up balance.dobalance:=deposits.total-withdrawals.totalensureconsistent:balance=deposits.total-withdrawals.totalend2022-8-12Institute of Computer SoftwareNanjing University55 deposits withdrawalsbalance 0.0900100200240300new field(initialized to default

50、 value)old fieldsWrong!维护不变式维护不变式自动对象转换：JavaserialVersionUID 自动定义（根据类文件生成）1.Class name 2.The class modifiers 3.The name of each interface 4.For each field of the class(except private static and private transient fields):The name of the field The modifiers of the field The descriptor of the field 5.F