author | darcy |
Tue, 19 Nov 2019 16:26:58 -0800 | |
changeset 59142 | c4be5e03aff7 |
parent 58288 | 48e480e56aad |
permissions | -rw-r--r-- |
2 | 1 |
/* |
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
49438
diff
changeset
|
2 |
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package java.io; |
|
27 |
||
28 |
/** |
|
29 |
* Serializability of a class is enabled by the class implementing the |
|
49438
879cf9f18688
8197595: Serialization javadoc should link to security best practices
rriggs
parents:
47216
diff
changeset
|
30 |
* java.io.Serializable interface. |
879cf9f18688
8197595: Serialization javadoc should link to security best practices
rriggs
parents:
47216
diff
changeset
|
31 |
* |
879cf9f18688
8197595: Serialization javadoc should link to security best practices
rriggs
parents:
47216
diff
changeset
|
32 |
* <p><strong>Warning: Deserialization of untrusted data is inherently dangerous |
879cf9f18688
8197595: Serialization javadoc should link to security best practices
rriggs
parents:
47216
diff
changeset
|
33 |
* and should be avoided. Untrusted data should be carefully validated according to the |
879cf9f18688
8197595: Serialization javadoc should link to security best practices
rriggs
parents:
47216
diff
changeset
|
34 |
* "Serialization and Deserialization" section of the |
879cf9f18688
8197595: Serialization javadoc should link to security best practices
rriggs
parents:
47216
diff
changeset
|
35 |
* {@extLink secure_coding_guidelines_javase Secure Coding Guidelines for Java SE}. |
879cf9f18688
8197595: Serialization javadoc should link to security best practices
rriggs
parents:
47216
diff
changeset
|
36 |
* {@extLink serialization_filter_guide Serialization Filtering} describes best |
879cf9f18688
8197595: Serialization javadoc should link to security best practices
rriggs
parents:
47216
diff
changeset
|
37 |
* practices for defensive use of serial filters. |
879cf9f18688
8197595: Serialization javadoc should link to security best practices
rriggs
parents:
47216
diff
changeset
|
38 |
* </strong></p> |
879cf9f18688
8197595: Serialization javadoc should link to security best practices
rriggs
parents:
47216
diff
changeset
|
39 |
* |
879cf9f18688
8197595: Serialization javadoc should link to security best practices
rriggs
parents:
47216
diff
changeset
|
40 |
* Classes that do not implement this |
2 | 41 |
* interface will not have any of their state serialized or |
42 |
* deserialized. All subtypes of a serializable class are themselves |
|
43 |
* serializable. The serialization interface has no methods or fields |
|
44 |
* and serves only to identify the semantics of being serializable. <p> |
|
45 |
* |
|
46 |
* To allow subtypes of non-serializable classes to be serialized, the |
|
47 |
* subtype may assume responsibility for saving and restoring the |
|
48 |
* state of the supertype's public, protected, and (if accessible) |
|
49 |
* package fields. The subtype may assume this responsibility only if |
|
50 |
* the class it extends has an accessible no-arg constructor to |
|
51 |
* initialize the class's state. It is an error to declare a class |
|
52 |
* Serializable if this is not the case. The error will be detected at |
|
53 |
* runtime. <p> |
|
54 |
* |
|
55 |
* During deserialization, the fields of non-serializable classes will |
|
56 |
* be initialized using the public or protected no-arg constructor of |
|
57 |
* the class. A no-arg constructor must be accessible to the subclass |
|
58 |
* that is serializable. The fields of serializable subclasses will |
|
59 |
* be restored from the stream. <p> |
|
60 |
* |
|
61 |
* When traversing a graph, an object may be encountered that does not |
|
62 |
* support the Serializable interface. In this case the |
|
63 |
* NotSerializableException will be thrown and will identify the class |
|
64 |
* of the non-serializable object. <p> |
|
65 |
* |
|
66 |
* Classes that require special handling during the serialization and |
|
67 |
* deserialization process must implement special methods with these exact |
|
21334 | 68 |
* signatures: |
2 | 69 |
* |
70 |
* <PRE> |
|
71 |
* private void writeObject(java.io.ObjectOutputStream out) |
|
72 |
* throws IOException |
|
73 |
* private void readObject(java.io.ObjectInputStream in) |
|
74 |
* throws IOException, ClassNotFoundException; |
|
75 |
* private void readObjectNoData() |
|
76 |
* throws ObjectStreamException; |
|
77 |
* </PRE> |
|
78 |
* |
|
79 |
* <p>The writeObject method is responsible for writing the state of the |
|
80 |
* object for its particular class so that the corresponding |
|
81 |
* readObject method can restore it. The default mechanism for saving |
|
82 |
* the Object's fields can be invoked by calling |
|
83 |
* out.defaultWriteObject. The method does not need to concern |
|
84 |
* itself with the state belonging to its superclasses or subclasses. |
|
85 |
* State is saved by writing the individual fields to the |
|
86 |
* ObjectOutputStream using the writeObject method or by using the |
|
87 |
* methods for primitive data types supported by DataOutput. |
|
88 |
* |
|
89 |
* <p>The readObject method is responsible for reading from the stream and |
|
90 |
* restoring the classes fields. It may call in.defaultReadObject to invoke |
|
91 |
* the default mechanism for restoring the object's non-static and |
|
92 |
* non-transient fields. The defaultReadObject method uses information in |
|
93 |
* the stream to assign the fields of the object saved in the stream with the |
|
94 |
* correspondingly named fields in the current object. This handles the case |
|
95 |
* when the class has evolved to add new fields. The method does not need to |
|
96 |
* concern itself with the state belonging to its superclasses or subclasses. |
|
45337
d573a876a6e4
8180807: java.io.Serializable class-level readObject description error
mli
parents:
25859
diff
changeset
|
97 |
* State is restored by reading data from the ObjectInputStream for |
d573a876a6e4
8180807: java.io.Serializable class-level readObject description error
mli
parents:
25859
diff
changeset
|
98 |
* the individual fields and making assignments to the appropriate fields |
d573a876a6e4
8180807: java.io.Serializable class-level readObject description error
mli
parents:
25859
diff
changeset
|
99 |
* of the object. Reading primitive data types is supported by DataInput. |
2 | 100 |
* |
101 |
* <p>The readObjectNoData method is responsible for initializing the state of |
|
102 |
* the object for its particular class in the event that the serialization |
|
103 |
* stream does not list the given class as a superclass of the object being |
|
104 |
* deserialized. This may occur in cases where the receiving party uses a |
|
105 |
* different version of the deserialized instance's class than the sending |
|
106 |
* party, and the receiver's version extends classes that are not extended by |
|
107 |
* the sender's version. This may also occur if the serialization stream has |
|
108 |
* been tampered; hence, readObjectNoData is useful for initializing |
|
109 |
* deserialized objects properly despite a "hostile" or incomplete source |
|
110 |
* stream. |
|
111 |
* |
|
112 |
* <p>Serializable classes that need to designate an alternative object to be |
|
113 |
* used when writing an object to the stream should implement this |
|
21334 | 114 |
* special method with the exact signature: |
2 | 115 |
* |
116 |
* <PRE> |
|
117 |
* ANY-ACCESS-MODIFIER Object writeReplace() throws ObjectStreamException; |
|
118 |
* </PRE><p> |
|
119 |
* |
|
120 |
* This writeReplace method is invoked by serialization if the method |
|
121 |
* exists and it would be accessible from a method defined within the |
|
122 |
* class of the object being serialized. Thus, the method can have private, |
|
123 |
* protected and package-private access. Subclass access to this method |
|
124 |
* follows java accessibility rules. <p> |
|
125 |
* |
|
126 |
* Classes that need to designate a replacement when an instance of it |
|
127 |
* is read from the stream should implement this special method with the |
|
21334 | 128 |
* exact signature. |
2 | 129 |
* |
130 |
* <PRE> |
|
131 |
* ANY-ACCESS-MODIFIER Object readResolve() throws ObjectStreamException; |
|
132 |
* </PRE><p> |
|
133 |
* |
|
134 |
* This readResolve method follows the same invocation rules and |
|
135 |
* accessibility rules as writeReplace.<p> |
|
136 |
* |
|
59142
c4be5e03aff7
8234381: API docs should mention special handling of enums in serialization
darcy
parents:
58288
diff
changeset
|
137 |
* Enum types are all serializable and receive treatment defined by |
c4be5e03aff7
8234381: API docs should mention special handling of enums in serialization
darcy
parents:
58288
diff
changeset
|
138 |
* the <cite>Java Object Serialization Specification</cite> during |
c4be5e03aff7
8234381: API docs should mention special handling of enums in serialization
darcy
parents:
58288
diff
changeset
|
139 |
* serialization and deserialization. Any declarations of the special |
c4be5e03aff7
8234381: API docs should mention special handling of enums in serialization
darcy
parents:
58288
diff
changeset
|
140 |
* handling methods discussed above are ignored for enum types.<p> |
c4be5e03aff7
8234381: API docs should mention special handling of enums in serialization
darcy
parents:
58288
diff
changeset
|
141 |
* |
2 | 142 |
* The serialization runtime associates with each serializable class a version |
143 |
* number, called a serialVersionUID, which is used during deserialization to |
|
144 |
* verify that the sender and receiver of a serialized object have loaded |
|
145 |
* classes for that object that are compatible with respect to serialization. |
|
146 |
* If the receiver has loaded a class for the object that has a different |
|
147 |
* serialVersionUID than that of the corresponding sender's class, then |
|
148 |
* deserialization will result in an {@link InvalidClassException}. A |
|
149 |
* serializable class can declare its own serialVersionUID explicitly by |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
49438
diff
changeset
|
150 |
* declaring a field named {@code "serialVersionUID"} that must be static, |
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
49438
diff
changeset
|
151 |
* final, and of type {@code long}: |
2 | 152 |
* |
153 |
* <PRE> |
|
154 |
* ANY-ACCESS-MODIFIER static final long serialVersionUID = 42L; |
|
155 |
* </PRE> |
|
156 |
* |
|
157 |
* If a serializable class does not explicitly declare a serialVersionUID, then |
|
158 |
* the serialization runtime will calculate a default serialVersionUID value |
|
159 |
* for that class based on various aspects of the class, as described in the |
|
59142
c4be5e03aff7
8234381: API docs should mention special handling of enums in serialization
darcy
parents:
58288
diff
changeset
|
160 |
* Java Object Serialization Specification. This specification defines the |
c4be5e03aff7
8234381: API docs should mention special handling of enums in serialization
darcy
parents:
58288
diff
changeset
|
161 |
* serialVersionUID of an enum type to be 0L. However, it is <em>strongly |
c4be5e03aff7
8234381: API docs should mention special handling of enums in serialization
darcy
parents:
58288
diff
changeset
|
162 |
* recommended</em> that all serializable classes other than enum types explicitly declare |
2 | 163 |
* serialVersionUID values, since the default serialVersionUID computation is |
164 |
* highly sensitive to class details that may vary depending on compiler |
|
165 |
* implementations, and can thus result in unexpected |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
49438
diff
changeset
|
166 |
* {@code InvalidClassException}s during deserialization. Therefore, to |
2 | 167 |
* guarantee a consistent serialVersionUID value across different java compiler |
168 |
* implementations, a serializable class must declare an explicit |
|
169 |
* serialVersionUID value. It is also strongly advised that explicit |
|
58288
48e480e56aad
8231186: Replace html tag <code>foo</code> with javadoc tag {@code foo} in java.base
jboes
parents:
49438
diff
changeset
|
170 |
* serialVersionUID declarations use the {@code private} modifier where |
2 | 171 |
* possible, since such declarations apply only to the immediately declaring |
172 |
* class--serialVersionUID fields are not useful as inherited members. Array |
|
173 |
* classes cannot declare an explicit serialVersionUID, so they always have |
|
174 |
* the default computed value, but the requirement for matching |
|
175 |
* serialVersionUID values is waived for array classes. |
|
176 |
* |
|
177 |
* @author unascribed |
|
178 |
* @see java.io.ObjectOutputStream |
|
179 |
* @see java.io.ObjectInputStream |
|
180 |
* @see java.io.ObjectOutput |
|
181 |
* @see java.io.ObjectInput |
|
182 |
* @see java.io.Externalizable |
|
24865
09b1d992ca72
8044740: Convert all JDK versions used in @since tag to 1.n[.n] in jdk repo
henryjen
parents:
23010
diff
changeset
|
183 |
* @since 1.1 |
2 | 184 |
*/ |
185 |
public interface Serializable { |
|
186 |
} |