kalor

导航

 
Be Careful With Transient Data
Java's serialization provides an elegant, and easy to use mechanism for making an object's state persistent. While controlling object serialization, we might have a particular object data member that we do not want the serialization mechanism to save.

To turn off serialization on a certain field of an object, we tag that field of the class of our object with the Java's "transient" keyword. This, to low-level parts of the Java virtual machine, is an indication that the transient variable is not part of the persistent state of an object.

First, let's have some backgrounder code with Java's serialization.   Suppose we define a class as:

public class LoggingInfo implements java.io.Serializable {     
     private Date loggingDate = new Date();   
     private String uid;     
     private transient String pwd;         
     
     LoggingInfo(String user, String password) {        
         uid = user;        
         pwd = password;     
    }     
    public String toString() {        
         String password=null;         
         if(pwd == null)  {        
               password = "NOT SET";        
         }         
         else  {             
               password = pwd;      
         }         
        
         return "logon info: /n   " + "user: " + uid + "/n   logging date : " +  loggingDate.toString() + "/n   password: " + password;     
   } 
}  

If we run this code, we notice that the read-back object prints password as "NOT SET". This is exactly the effect we should have expected when we declared the pwd field as transient.

Now, let's see a potential problem that careless treatment of transient fields may cause. Suppose we modify our class definition and provide default values for the transient field, say we write:

public class GuestLoggingInfo implements java.io.Serializable {    
    private Date loggingDate = new Date();     
    private String uid;    
    private transient String pwd;         
    
    GuestLoggingInfo()  {        
         uid = "guest";         
         pwd = "guest";    
    }     

    public String toString()   {   //same as above  }
 } 

Now, if we serialize an instance of GuestLoggingInfo, write it to disk, and read it back, we still see that the read-back object prints password as "NOT SET". In effect, the process of reading back (de-serializing) totally ignores the constructor of GuestLoggingInfo. So what happened?

The answer lies in the fact that the initialization code is not called because we are not initializing, in other words, we are not constructing a brand new object, but loading back the persistent state of an object of a class, and assigning that state to another object of the same class. Declaring the pwd field as transient, excludes the data for that field from the persistent state of our object. Then, upon de-serialization, since there is no data preserved for the pwd field, the field gets Java's default value for its type (null for String).

So, if you mark a field of an object as transient, and write that object to disk, expect to have the default value of the type of that field when you de-serialize the object, and not the actual value that the field had before its state was serialized. If a default value (or any meaningful value) is essential for a transient field of a de-serialized object, you have to assign it yourself either directly (if the field is public) or via a setter method.

即当串行化某个对象时,如果该对象的某个变量是transient,那么这个变量不会被串行化进去。也就是说,假设某个类的成员变量是transient,那么当通过ObjectOutputStream把这个类的某个实例保存到磁盘上时,实际上transient变量的值是不会保存的。因为当从磁盘中读出这个对象的时候,对象的该变量会没有被赋值。当从磁盘中读出某个类的实例时,实际上并不会执行这个类的构造函数,而是读取这个类的实例的状态,并且把这个状态赋给这个类的对象。

posted on 2013-01-07 14:18  kalor  阅读(304)  评论(0编辑  收藏  举报