How to exclude field from class serialization in runtime?

Question

How to exclude class field from serialization process in runtime ? There is transient modifier for compilation time but what about runtime ? I mean common java serialization with ObjectOutputStream, not gson or something.

Sorry I think I didn't explain right. This is not exactly about serialization , but about de-serialization. I have batch of legacy files and handle them like this:

public class Deserialize {

/**
 * @param args
 * @throws IOException 
 * @throws ClassNotFoundException 
 */
public static void main(String[] args) throws ClassNotFoundException, IOException {
    File file = new File("/home/developer/workspace/DDFS/some.ddf");
    HackedObjectInputStream in = new HackedObjectInputStream(new GZIPInputStream(new FileInputStream(file)));

    System.out.println("Attempt to open " + file.getAbsolutePath());
    Object obj = in.readObject();
    in.close();


}

 static class HackedObjectInputStream extends ObjectInputStream
    {

        /**
         * Migration table. Holds old to new classes representation.
         */
        private static final Map<String, Class<?>> MIGRATION_MAP = new HashMap<String, Class<?>>();

        static
        {
            MIGRATION_MAP.put("DBOBExit", Exit.class);
        }

        /**
         * Constructor.
         * @param stream input stream
         * @throws IOException if io error
         */
        public HackedObjectInputStream(final InputStream stream) throws IOException
        {
            super(stream);
        }

        @Override
        protected ObjectStreamClass readClassDescriptor() throws IOException, ClassNotFoundException
        {
            ObjectStreamClass resultClassDescriptor = super.readClassDescriptor();

            for (final String oldName : MIGRATION_MAP.keySet())
            {
                if (resultClassDescriptor.getName().equals(oldName))
                {
                    resultClassDescriptor = ObjectStreamClass.lookup(MIGRATION_MAP.get(oldName));   
                }
            }

            return resultClassDescriptor;
        }

    }

}

This code works fine for most of files , but some files throws

Exception in thread "main" java.lang.ClassCastException: cannot assign instance of java.awt.Polygon to field Exit.msgbackPt of type java.awt.Point in instance of Exit
at java.io.ObjectStreamClass$FieldReflector.setObjFieldValues(ObjectStreamClass.java:2053)

because of different versions of Exit class . New version has new fields. Error disappearing when I add transient to new fields, but another files starts to throwing an exception (latest files).

So can I add transient to these new fileds in runtime if I detect legacy serilized file ? Maybe reflection or something ?

You need to either implement `writeObject()` and `readObject()` yourself, or maybe use `Externalizable` instead of `Serializable` which is supposed to give you full control over the process: http://docs.oracle.com/javase/7/docs/platform/serialization/spec/serial-arch.html#4539 (and other parts of that spec.) Do note however that you'll probably have to correctly de-serialize your whole class that way, and that you'll have to handle figuring out what fields you've written during serialisation when deserialising. (By writing a bunch of flags or such before the data.) — millimoose, Jan 29 '13 at 12:21
Looking at the edit: I think you've got your work cut out of you. Builtin serialisation is a really, really clunky choice if you want to persist your data and evolve its schema. — millimoose, Jan 30 '13 at 01:43
I found the solution in simple way http://stackoverflow.com/a/14608062/1085787 — gaponov, Jan 30 '13 at 15:58

Philipp · Answer 1 · 2014-01-29T08:32:11.697

The documentation of ObjectOutputStream says:

The default serialization mechanism for an object writes the class of the object, the class signature, and the values of all non-transient and non-static fields. References to other objects (except in transient or static fields) cause those objects to be written also.

So when you declare a variable as transient, it should be ignored by ObjectOutputStream. Make sure that you use the transient keyword and not a @Transient annotation. Such annotations are used by some ORM frameworks to mark fields which are not supposed to be saved in databases. They are meaningless for the buildin serialization framework.

private transient String foo; // Field gets ignored by ObjectOutputStream
@Transient private String bar; // Treated normally by ObjectOutputStream (might mean something for some other framework)

Example seems to be wrong. Transient fields should be ignored not the Non-Transient. — BlueM, Jul 12 '16 at 12:52
@BlueM That's what I wrote: "when you declare a variable as transient, it should be ignored by ObjectOutputStream" — Philipp, Jul 12 '16 at 13:24

score 4 · Answer 2 · 2019-08-25T22:21:35.857

4

You can use the transient modifier:

http://docs.oracle.com/javase/specs/jls/se7/html/jls-8.html#jls-8.3.1.3

edited Aug 25 '19 at 22:21

answered Jan 30 '13 at 01:12

Ian Roberts · Answer 3 · 2013-01-29T12:18:32.353

0

The serialized representation of a particular class is up to the class itself, you can't change it externally, the nearest you can get is to define a subclass with custom serialization behaviour but that only affects objects of that subclass, not objects of the parent type.

If you can't modify the class in question at all then your only option is to subclass ObjectOutputStream and override replaceObject to replace the problem object at write time with a different one that contains only the data you want, and the mirror image process at read time (subclass ObjectInputStream and override resolveObject).

edited Jan 29 '13 at 12:18

answered Jan 29 '13 at 12:11

Ian Roberts

120,891
16
170
183

2

Not really. You can always use `writeObject()` or `writeReplace()`. – millimoose Jan 29 '13 at 12:17

user207421 · Answer 4 · 2019-08-25T22:31:07.053

0

You're digging the wrong hole here. Instead of messing around with runtime decisions about which fields to serialized and overriding readClassDescriptor(), you should look into overriding readResolve().

edited Aug 25 '19 at 22:31

answered Jan 30 '13 at 00:50

user207421

305,947
44
307
483

Does it mean what I have to add both classes to project, old one and new one version ? For which class readResolve should be overriden ?Whole ticket about deserialization of modified class (was moved to different package and renamed). – gaponov Jan 30 '13 at 13:12

How to exclude field from class serialization in runtime?

4 Answers4

Linked