Java:序列化期间何时添加 readObjectNoData()？

Question

我正在阅读Effective Java中的序列化章节。我正在尝试理解书中的以下段落。

If you implement a class with instance fields that is serializable and extendable,there is a caution you should be aware of. If the class has invariants that would be violated if its instance fields were initialized to their default values (zero for integral types, false for boolean, and null for object reference types), you must add this readObjectNoData method to the class:

// readObjectNoData for stateful extendable serializable classes
private void readObjectNoData() throws InvalidObjectException {
    throw new InvalidObjectException("Stream data required");
}

我不确定那句话是什么意思。

为了测试这一点，我创建了一个名为 Person 的类(可序列化和可扩展)

class Person implements Serializable {

    private String name;
    private int age;

    Person() {
        this("default", 1);
    }
    
    Person(String name, int age) {
        this.name = name;
        this.age = age;
    }
}

– 和一个类:Employee，它扩展了它。

class Employee extends Person {

    String address;

    public Employee() {
        super();
        address = "default_address";
    }

    public Employee(String name, int age, String address) {
        super(name, age);
        this.address = address;
    }
}

我创建的 Person 类中是否有任何不变量？他们什么时候会被侵犯？我复制粘贴了 Employee 类中 readObjectData() 方法的代码，但它从未被调用。 readObject() 方法何时被调用？我错过了什么吗？

Answer 1

readObjectNoData section在 Java 对象序列化规范中看起来很有趣(见下文)。

您对问题的修改就是一个很好的例子。如果 Employee 在没有扩展 Person 时被 serialized 并且后来 deserialized 当它扩展时，那么 Person 部分将被初始化为空字符串和 0 年龄。使用此方法，您可以将它们分别初始化为“name”和 1。

For serializable objects, the readObjectNoData method allows a class to control the initialization of its own fields in the event that a subclass instance is deserialized and the serialization stream does not list the class in question as a superclass of the deserialized object. This may occur in cases where the receiving party uses a different version of the deserialized instance's class than the sending party, and the receiver's version extends classes that are not extended by the sender's version. This may also occur if the serialization stream has been tampered; hence, readObjectNoData is useful for initializing deserialized objects properly despite a "hostile" or incomplete source stream.

private void readObjectNoData() throws ObjectStreamException;

Each serializable class may define its own readObjectNoData method. If a serializable class does not define a readObjectNoData method, then in the circumstances listed above the fields of the class will be initialized to their default values (as listed in section 4.5.5 of The JavaTM Language Specification, Second Edition); this behavior is consistent with that of ObjectInputStream prior to version 1.4 of the JavaTM 2 SDK, Standard Edition, when support for readObjectNoData methods was introduced. If a serializable class does define a readObjectNoData method and the aforementioned conditions arise, then readObjectNoData will be invoked at the point during deserialization when a class-defined readObject method would otherwise be called had the class in question been listed by the stream as a superclass of the instance being deserialized.