我们都知道一个对象只要实现了Serilizable接口,这个对象就可以被序列化,java的这种序列化模式为开发者提供了很多便利,我们可以不必关系具体序列化的过程,只要这个类实现了Serilizable接口,这个类的所有属性和方法都会自动序列化。
然而在实际开发过程中,我们常常会遇到这样的问题,这个类的有些属性需要序列化,而其他属性不需要被序列化,打个比方,如果一个用户有一些敏感信息(如密码,银行卡号等),为了安全起见,不希望在网络操作(主要涉及到序列化操作,本地序列化缓存也适用)中被传输,这些信息对应的变量就可以加上transient关键字。换句话说,这个字段的生命周期仅存于调用者的内存中而不会写到磁盘里持久化。
总之,java 的transient关键字为我们提供了便利,你只需要实现Serilizable接口,将不需要序列化的属性前添加关键字transient,序列化对象的时候,这个属性就不会序列化到指定的目的地中
1.创建User类并实现Serializable接口,并在password上添加关键字transient
-
package com.example.transienttest; import java.io.*; /** * @author: GuanBin * @date: Created in 下午2:11 2019/8/8 */ public class TransientTest { public static void main(String[] args) { User user = new User(); user.setUsername("GuanBin"); user.setPassword("123456"); System.out.println("read before Serializable: "); System.out.println("username: " + user.getUsername()); System.err.println("password: " + user.getPassword()); try { ObjectOutputStream os = new ObjectOutputStream(new FileOutputStream("/Users/guanbinbin/user.txt")); os.writeObject(user);//将user对象写进文件 os.flush(); os.close(); } catch (FileNotFoundException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } try { ObjectInputStream oi = new ObjectInputStream(new FileInputStream("/Users/guanbinbin/user.txt")); user = (User) oi.readObject(); oi.close(); System.out.println("read after Serializable: "); System.out.println("username: " + user.getUsername()); System.err.println("password: " + user.getPassword()); } catch (FileNotFoundException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } catch (ClassNotFoundException e) { e.printStackTrace(); } } } package com.example.transienttest; import java.io.Serializable; /** * @author: GuanBin * @date: Created in 下午2:31 2019/8/8 */ public class User implements Serializable { private static final long serialVersionUID = 6653887738980830004L; private String username; private transient String password; public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } }
read before Serializable: username: GuanBin password: 123456 read after Serializable: username: GuanBin password: null Process finished with exit code 0
注意:会发现确实被transient修饰的password没有被反序列化出来 (User实现Serializable接口后,自动序列化时,并没有把password属性序列化到文件中,所以反序列化时也是空的)
2.除了transient修饰外,还有别的方法让属性不能持久化吗?
-
答案是使用static修饰的变量,不管是否被transient修饰都不能序列化,下面举个例子
package com.example.transienttest; import java.io.*; /** * @author: GuanBin * @date: Created in 下午2:11 2019/8/8 */ public class TransientStaticTest { public static void main(String[] args) { User user = new User(); user.setUsername("GuanBin"); user.setPassword("123456"); System.out.println("read before Serializable: "); System.out.println("username: " + user.getUsername()); System.err.println("password: " + user.getPassword()); try { ObjectOutputStream os = new ObjectOutputStream(new FileOutputStream("/Users/guanbinbin/user.txt")); os.writeObject(user);//将user对象写进文件 os.flush(); os.close(); } catch (FileNotFoundException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } try { user.setUsername("haha");//序列化前,将haha赋值给username,此属性在jvm内存中,未在持久化的文件中 ObjectInputStream oi = new ObjectInputStream(new FileInputStream("/Users/guanbinbin/user.txt")); user = (User) oi.readObject(); oi.close(); System.out.println("read after Serializable: "); System.out.println("username: " + user.getUsername()); System.err.println("password: " + user.getPassword()); } catch (IOException e) { e.printStackTrace(); } catch (ClassNotFoundException e) { e.printStackTrace(); } } } package com.example.transienttest; import java.io.Serializable; /** * @author: GuanBin * @date: Created in 下午2:31 2019/8/8 */ public class User implements Serializable { private static final long serialVersionUID = 6653887738980830004L; private static String username;//使用static修饰的变量 private transient String password; public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } }
username: GuanBin password: 123456 password: null read after Serializable: username: haha //会发现反序列化后的值为在jvm内存中的值,未从持久化文件中反序列化得到,故static修饰的username未被持久化到文件中,不能被序列化
3.只要被transient修饰的变量一定不能序列化吗,答案是否定的:
- 只有实现了Serializable,自动序列化时才不会把被transient修饰的变量序列化
- 如果实现的是Externalizable接口,那么就要把需要序列化的属性,手动加进去,不管是否被transient修饰,最终都可以实现序列化
package com.example.transienttest; import java.io.*; /** * @author: GuanBin * @date: Created in 下午3:06 2019/8/8 */ public class ExternalizableTest implements Externalizable { private transient String content = "不管是否是被transient修饰都可以序列化"; @Override public void writeExternal(ObjectOutput out) throws IOException { out.writeObject(content);//序列化到文件中的属性,需要手动加进去 } @Override public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException { content = (String) in.readObject();//反序列化时从文件中读取,若设置了,此处未读取,会抛异常 } public static void main(String[] args) { ExternalizableTest externalizableTest = new ExternalizableTest(); try { ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream("test")); out.writeObject(externalizableTest); ObjectInputStream input = new ObjectInputStream(new FileInputStream("test")); externalizableTest = (ExternalizableTest) input.readObject(); System.out.println(externalizableTest.content); out.close(); input.close(); } catch (IOException e) { e.printStackTrace(); } catch (ClassNotFoundException e) { e.printStackTrace(); } } }
不管是否是被transient修饰都可以序列化 Process finished with exit code 0
4.总结
- 1)一旦变量被transient修饰(实体实现的是Serializable接口),变量将不再是对象持久化的一部分,该变量内容在序列化后无法获得访问。
- 2)transient关键字只能修饰变量,而不能修饰方法和类。注意,本地变量是不能被transient关键字修饰的。变量如果是用户自定义类变量,则该类需要实现Serializable接口。
- 3)一个静态变量不管是否被transient修饰,均不能被序列化
- 参考:https://www.cnblogs.com/lanxuezaipiao/p/3369962.html