| CONTENTS | PREV | NEXT | Java Object Serialization Specification |
For Externalizable objects, only the identity of the class of the object is saved by the container; the class must save and restore the contents. TheExternalizableinterface is defined as follows:package java.io; public interface Externalizable extends Serializable { public void writeExternal(ObjectOutput out) throws IOException; public void readExternal(ObjectInput in) throws IOException, java.lang.ClassNotFoundException; }The class of an Externalizable object must do the following:
- Implement the
java.io.Externalizableinterface- Implement a
writeExternalmethod to save the state of the object
(It must explicitly coordinate with its supertype to save its state.)- Implement a
readExternalmethod to read the data written by thewriteExternalmethod from the stream and restore the state of the object
(It must explicitly coordinate with the supertype to save its state.)- Have the
writeExternalandreadExternalmethods be solely responsible for the format, if an externally defined format is written- Have a public no-arg constructor
Note - ThewriteExternalandreadExternalmethods are public and raise the risk that a client may be able to write or read information in the object other than by using its methods and fields. These methods must be used only when the information held by the object is not sensitive or when exposing it does not present a security risk.
An Externalizable class can optionally define the following methods:
- A
writeReplacemethod to allow a class to nominate a replacement object to be written to the stream
(See Section 2.5, "The writeReplace Method" for additional information.)- A
readResolvemethod to allow a class to designate a replacement object for the object just read from the stream
(See Section 3.6, "The readResolve Method" for additional information.)