What is the difference between Serializable and Externalizable in Java

Question

User · Answer

Basically  Serializable is a marker interface that implies that a class is safe for serialization and the JVM determines how it is serialized  Externalizable contains 2 methods  readExternal and writeExternal  Externalizable allows the implementer to decide how an object is serialized  where as Serializable serializes objects the default way

User · Answer

Serialization provides default functionality to store and later recreate the object  It uses verbose format to define the whole graph of objects to be stored e g  suppose you have a linkedList and you code like below  then the default serialization will discover all the objects which are linked and will serialize  In default serialization the object is constructed entirely from its stored bits  with no constructor calls     ObjectOutputStream oos   new ObjectOutputStream                  new FileOutputStream   Users Desktop files temp txt             oos writeObject linkedListHead     writing head of linked list         oos close      But if you want restricted serialization or don t want some portion of your object to be serialized then use Externalizable  The Externalizable interface extends the Serializable interface and adds two methods  writeExternal   and readExternal    These are automatically called while serialization or deserialization  While working with Externalizable we should remember that the default constructer should be public else the code will throw exception  Please follow the below code   public class MyExternalizable implements Externalizable    private String userName  private String passWord  private Integer roll   public MyExternalizable         public MyExternalizable String userName  String passWord  Integer roll        this userName   userName      this passWord   passWord      this roll   roll      Override public void writeExternal ObjectOutput oo  throws IOException        oo writeObject userName       oo writeObject roll       Override public void readExternal ObjectInput oi  throws IOException  ClassNotFoundException        userName    String oi readObject        roll    Integer oi readObject       public String toString         StringBuilder b   new StringBuilder        b append  userName          b append userName       b append    passWord          b append passWord       b append    roll          b append roll        return b toString      public static void main String   args        try               MyExternalizable m    new MyExternalizable  nikki    student001   20           System out println m toString             ObjectOutputStream oos   new ObjectOutputStream new FileOutputStream   Users Desktop files temp1 txt             oos writeObject m           oos close             System out println                                                                                     ObjectInputStream ois   new ObjectInputStream new FileInputStream   Users Desktop files temp1 txt             MyExternalizable mm    MyExternalizable ois readObject            mm toString            System out println mm toString                catch  ClassNotFoundException ex                 Logger getLogger MyExternalizable class getName    log Level SEVERE  null  ex             catch IOException ex                Logger getLogger MyExternalizable class getName    log Level SEVERE  null  ex               Here if you comment the default constructer then the code will throw below exception    java io InvalidClassException  javaserialization MyExternalizable        javaserialization MyExternalizable  no valid constructor    We can observe that as password is sensitive information  so i am not serializing it in writeExternal ObjectOutput oo  method and not setting the value of same in readExternal ObjectInput oi   That s the flexibility that is provided by Externalizable    The output of the above code is as per below   userName  nikki  passWord  student001  roll  20                                                                         userName  nikki  passWord  null  roll  20   We can observe as we are not setting the value of passWord so it s null   The same can also be achieved by declaring the password field as transient   private transient String passWord    Hope it helps  I apologize if i made any mistakes  Thanks

User · Answer

Serialization uses certain default behaviors to store and later recreate the object  You may specify in what order or how to handle references and complex data structures  but eventually it comes down to using the default behavior for each primitive data field   Externalization is used in the rare cases that you really want to store and rebuild your object in a completely different way and without using the default serialization mechanisms for data fields  For example  imagine that you had your own unique encoding and compression scheme

User · Answer

https   docs oracle com javase 8 docs platform serialization spec serialTOC html  Default serialization is somewhat verbose  and assumes the widest possible usage scenario of the serialized object  and accordingly the default format  Serializable  annotates the resultant stream with information about the class of the serialized object   Externalization give the producer of the object stream complete control over the precise class meta-data  if any  beyond the minimal required identification of the class  e g  its name    This is clearly desirable in certain situations  such as closed environments  where producer of the object stream and its consumer  which reifies the object from the stream  are matched  and additional metadata about the class serves no purpose and degrades performance   Additionally  as Uri point out  externalization also provides for complete control over the encoding of the data in the stream corresponding to Java types   For  a contrived  example  you may wish to record boolean true as  Y  and false as  N    Externalization allows you to do that

User · Answer

The Externalizable interface was not actually provided to optimize the serialization process performance  but to provide means of implementing your own custom processing and offer complete control over the format and contents of the stream for an object and its super types   Examples of this is the implementation of AMF  ActionScript Message Format  remoting to transfer native action script objects over the network

User · Answer

To add to the other answers  by implementating java io Serializable  you get  automatic  serialization capability for objects of your class  No need to implement any other logic  it ll just work  The Java runtime will use reflection to figure out how to marshal and unmarshal your objects   In earlier version of Java  reflection was very slow  and so serializaing large object graphs  e g  in client-server RMI applications  was a bit of a performance problem  To handle this situation  the java io Externalizable interface was provided  which is like java io Serializable but with custom-written mechanisms to perform the marshalling and unmarshalling functions  you need to implement readExternal and writeExternal methods on your class   This gives you the means to get around the reflection performance bottleneck    In recent versions of Java  1 3 onwards  certainly  the performance of reflection is vastly better than it used to be  and so this is much less of a problem  I suspect you d be hard-pressed to get a meaningful benefit from Externalizable with a modern JVM    Also  the built-in Java serialization mechanism isn t the only one  you can get third-party replacements  such as JBoss Serialization  which is considerably quicker  and is a drop-in replacement for the default   A big downside of Externalizable is that you have to maintain this logic yourself - if you add  remove or change a field in your class  you have to change your writeExternal readExternal methods to account for it   In summary  Externalizable is a relic of the Java 1 1 days  There s really no need for it any more

User · Answer

Object Serialization uses the Serializable and Externalizable interfaces       A Java object is only serializable  if a class or any of its superclasses implements either the java io Serializable interface or its subinterface  java io Externalizable  Most of the java class are serializable    NotSerializableException  packageName ClassName    To participate a Class Object in serialization process  The class must implement either Serializable or Externalizable interface        Serializable Interface  Object Serialization produces a stream with information about the Java classes for the objects which are being saved  For serializable objects  sufficient information is kept to restore those objects even if a different  but compatible  version of the implementation of the class is present  The Serializable interface is defined to identify classes which implement the serializable protocol     package java io   public interface Serializable          The serialization interface has no methods or fields and serves only to identify the semantics of being serializable  For serializing deserializing a class  either we can use default writeObject and readObject methods  or  we can overriding writeObject and readObject methods from a class  JVM will have complete control in serializing the object  use transient keyword to prevent the data member from being serialized  Here serializable objects is reconstructed directly from the stream without executing  InvalidClassException    In deserialization process  if local class serialVersionUID value is different from the corresponding sender s class  then result s in conflict as  java io InvalidClassException  com github objects User  local class incompatible  stream classdesc serialVersionUID   5081877  local class serialVersionUID   50818771 The values of the non-transient and non-static fields of the class get serialized    Externalizable Interface  For Externalizable objects  only the identity of the class of the object is saved by the container  the class must save and restore the contents  The Externalizable interface is defined as follows     package java io   public interface Externalizable extends Serializable       public void writeExternal ObjectOutput out          throws IOException       public void readExternal ObjectInput in          throws IOException  java lang ClassNotFoundException         The Externalizable interface has two methods  an externalizable object must implement a writeExternal and readExternal methods to save restore the state of an object  Programmer has to take care of which objects to be serialized  As a programmer take care of Serialization So  here transient keyword will not restrict any object in Serialization process  When an Externalizable object is reconstructed  an instance is created using the public no-arg constructor  then the readExternal method called  Serializable objects are restored by reading them from an ObjectInputStream  OptionalDataException    The fields MUST BE IN THE SAME ORDER AND TYPE as we wrote them out  If there is any mismatch of type from the stream it throws OptionalDataException      Override public void writeExternal ObjectOutput out  throws IOException       out writeInt  id        out writeUTF  role        out writeObject address      Override public void readExternal ObjectInput in  throws IOException  ClassNotFoundException       this id   in readInt        this address    Address  in readObject        this role   in readUTF         The instance fields of the class which written  exposed  to ObjectOutput get serialized      Example    implements Serializable    class Role       String role    class User extends Role implements Serializable        private static final long serialVersionUID   5081877L      Integer id      Address address       public User             System out println  Default Constructor get executed               public User  String role             this role   role          System out println  Parametarised Constructor              class Address implements Serializable        private static final long serialVersionUID   5081877L      String country        Example    implements Externalizable    class User extends Role implements Externalizable        Integer id      Address address         mandatory public no-arg constructor     public User             System out println  Default Constructor get executed               public User  String role             this role   role          System out println  Parametarised Constructor                 Override     public void writeExternal ObjectOutput out  throws IOException           out writeInt  id            out writeUTF  role            out writeObject address              Override     public void readExternal ObjectInput in  throws IOException  ClassNotFoundException           this id   in readInt            this address    Address  in readObject            this role   in readUTF                Example    public class CustomClass Serialization       static String serFilename    D  serializable CustomClass ser        public static void main String   args  throws IOException           Address add   new Address            add country    IND            User obj   new User  SE            obj id   7          obj address   add              Serialization         objects serialize obj  serFilename           objects deserialize obj  serFilename               Externalization         objects WriteRead External obj  serFilename              public static void objects serialize  User obj  String serFilename   throws IOException          FileOutputStream fos   new FileOutputStream  new File  serFilename              ObjectOutputStream objectOut   new ObjectOutputStream  fos                java io NotSerializableException  com github objects Address         objectOut writeObject  obj            objectOut flush            objectOut close            fos close             System out println  Data Stored in to a file              public static void objects deserialize  User obj  String serFilename   throws IOException          try               FileInputStream fis   new FileInputStream  new File  serFilename                  ObjectInputStream ois   new ObjectInputStream  fis                Object readObject              readObject   ois readObject                String calssName   readObject getClass   getName                System out println  Restoring Class Name      calssName      InvalidClassException              User user    User  readObject              System out format  Obj Id  d  Role  s   n   user id  user role                Address add    Address  user address              System out println  Inner Obj      add country                ois close              catch  ClassNotFoundException e                e printStackTrace                         public static void objects WriteRead External  User obj  String serFilename   throws IOException           FileOutputStream fos   new FileOutputStream new File  serFilename             ObjectOutputStream objectOut   new ObjectOutputStream  fos             obj writeExternal  objectOut            objectOut flush             fos close             System out println  Data Stored in to a file             try                  create a new instance and read the assign the contents from stream              User user   new User                 FileInputStream fis   new FileInputStream new File  serFilename                 ObjectInputStream ois   new ObjectInputStream  fis                 user readExternal ois                System out format  Obj Id  d  Role  s   n   user id  user role                Address add    Address  user address              System out println  Inner Obj      add country                ois close              catch  ClassNotFoundException e                e printStackTrace                             see   What is Object Serialization Object Serialization  Frequently Asked Questions

User · Answer

Some differences    For Serialization there is no need of default constructor of that class because Object because JVM construct the same with help of Reflection API  In case of Externalization contructor with no arg is required  because the control is in hand of programmar and later on assign the deserialized data to object via setters  In serialization if user want to skip certain properties to be serialized then has to mark that properties as transient  vice versa is not required for Externalization  When backward compatiblity support is expected for any class then it is recommended to go with Externalizable  Serialization supports defaultObject persisting and if object structure is broken then it will cause issue while deserializing

User · Answer

When considering options for improving performance  don t forget custom serialization   You can let Java do what it does well  or at least good enough  for free  and provide custom support for what it does badly   This is usually a lot less code than full Externalizable support

User · Answer

There are so many difference exist between Serializable and Externalizable but when we compare difference between custom Serializable overrided writeObject    amp  readObject    and Externalizable  then we find that custom implementation is tightly bind with ObjectOutputStream class where as in Externalizable case   we ourself provide an implementation of ObjectOutput which may be ObjectOutputStream class or it could be some other like org apache mina filter codec serialization ObjectSerializationOutputStream  In case of Externalizable interface    Override public void writeExternal ObjectOutput out  throws IOException       out writeUTF key       out writeUTF value       out writeObject emp       Override public void readExternal ObjectInput in  throws IOException  ClassNotFoundException       this key   in readUTF        this value   in readUTF        this emp    Employee  in readObject             In case of Serializable interface                              We can comment below two method and use default serialization process as well              Sequence of class attributes in read and write methods MUST BE same             below will not work it will not work               Exception   java io StreamCorruptedException  invalid type code  00                private void writeObject java io ObjectOutput stream                                private void writeObject java io ObjectOutputStream Outstream                      throws IOException                    System out println  from writeObject                             We can define custom validation or business rules inside read write methods   This way our validation methods will be automatically      called by JVM  immediately after default serialization      and deserialization process      happens                   checkTestInfo                                        stream writeUTF name                   stream writeInt age                   stream writeObject salary                   stream writeObject address                              private void readObject java io ObjectInputStream Instream                      throws IOException  ClassNotFoundException                   System out println  from readObject                      name    String  stream readUTF                    age   stream readInt                    salary    BigDecimal  stream readObject                    address    Address  stream readObject                       validateTestInfo                    I have added sample code to explain better  please check in out object case of Externalizable  These are not bound to any implementation directly  Where as Outstream Instream are tightly bind to classes  We can extends ObjectOutputStream ObjectInputStream but it will a bit difficult to use

User · Answer

Key differences between Serializable and Externalizable   Marker interface  Serializable is marker interface without any methods  Externalizable interface contains two methods  writeExternal   and readExternal    Serialization process  Default Serialization process will be kicked-in for classes implementing Serializable interface  Programmer defined  Serialization process will be kicked-in for classes implementing Externalizable interface  Maintenance  Incompatible changes may break serialisation   Backward Compatibility and Control  If you have to support multiple versions  you can have full control with Externalizable interface  You can support different versions of your object  If you implement Externalizable  it s your responsibility to serialize super class public No-arg constructor   Serializable uses reflection to construct object and does not require no arg constructor   But Externalizable demands public no-arg constructor    Refer to blog by Hitesh Garg for more details

[java] What is the difference between Serializable and Externalizable in Java?

Examples related to java

Examples related to serialization

Examples related to serializable

Examples related to externalizable