3

I have the following class

class UserAccount implements Serializable
{
    public String username;
    public String password;

    public UserAccount()
    {
        username = "defaultUsername";
        password = "defaultPassword";
    }

    public UserAccount(String u, String p)
    {
        username = u;
        password = p;
    }

    private void readObject(ObjectInputStream o) 
            throws IOException, ClassNotFoundException
    {
        //username = (String)o.readObject();
        o.defaultReadObject();
    }

    private void writeobject(ObjectOutputStream o) 
            throws IOException, ClassNotFoundException
    {
        //o.defaultWriteObject();

        o.writeObject(username);
    }

    public String toString()
    {
        return username + ", " + password;
    }
}

And I wrote the following snippet to serialize and de-serialize an instance of it.

ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream(new File("out.dat")));

out.writeObject(new UserAccount("test", "test2"));

out.close();

ObjectInputStream in = new ObjectInputStream(new FileInputStream(new File("out.dat")));

UserAccount u = (UserAccount)in.readObject();

in.close();

System.out.println(u);

I am customizing the serialization using the writeObject() hook, such that, I am only persisting the username. But when I read back the object, I do the default de-serialization.

I am expecting the output to be test, null while the out put is test, test2

Basically I am expecting the member password to be null since I did not persist it. Can anyone help me understand how password is initialized to test2.

I also verified that the call to the constructor was not made[I knew it wouldn't be made, but I checked nevertheless] during deserialization.

Thanks in advance.

user801138
  • 295
  • 4
  • 14

2 Answers2

5

Use the transient keyword to variables to make them not serialized. This might be another solution to skaffman's answer.

Reference: Why does Java have transient fields?

Community
  • 1
  • 1
Martijn Courteaux
  • 67,591
  • 47
  • 198
  • 287
  • That's the right way to go if you just need to skip some of the instance variables of the class. – Jack Sep 03 '11 at 14:06
3

writeObject() doesn't replace the default serialization mechanism, it adds to it (allowing you to add additional data to the stream).

If you want a completely custom mechanism, consider implementing java.io.Externalizable instead of java.io.Serializable.

From the javadoc:

Only the identity of the class of an Externalizable instance is written in the serialization stream and it is the responsibility of the class to save and restore the contents of its instances. The writeExternal and readExternal methods of the Externalizable interface are implemented by a class to give the class complete control over the format and contents of the stream for an object and its supertypes. These methods must explicitly coordinate with the supertype to save its state. These methods supersede customized implementations of writeObject and readObject methods.

skaffman
  • 398,947
  • 96
  • 818
  • 769
  • @skaffman...then what is the purpose of `defaultWriteObject()`. I was under the impression that if you omit this line then the default serialization is avoided. – user801138 Sep 03 '11 at 14:59
  • 1
    @skaffman that's only true if the writeObject() method calls defaultWriteObject(), which he isn't doing. – user207421 Sep 04 '11 at 09:57