为什么Java需要Serializable接口？ [英] Why Java needs Serializable interface?

问题描述

我们大量使用序列化，并且必须在我们使用的每个对象上指定Serializable标记是一种负担。特别是当它是第三方类时，我们无法真正改变。

We work heavily with serialization and having to specify Serializable tag on every object we use is kind of a burden. Especially when it's a 3rd-party class that we can't really change.

问题是：因为Serializable是一个空接口，一旦你添加了Java就提供了强大的序列化code>实现Serializable - 为什么他们不能将所有内容都序列化，那就是它？

The question is: since Serializable is an empty interface and Java provides robust serialization once you add implements Serializable - why didn't they make everything serializable and that's it?

我缺少什么？

推荐答案

序列化充满了陷阱。此表单的自动序列化支持使类内部成为公共API的一部分（这就是为什么javadoc为您提供持久化的类形式）。

Serialization is fraught with pitfalls. Automatic serialization support of this form makes the class internals part of the public API (which is why javadoc gives you the persisted forms of classes).

对于长期持久性，该类必须能够解码此表单，这限制了您可以对类设计进行的更改。这打破了封装。

For long-term persistence, the class must be able to decode this form, which restricts the changes you can make to class design. This breaks encapsulation.

序列化也可能导致安全问题。通过能够序列化它有引用的任何对象，类可以访问通常无法访问的数据（通过解析结果字节数据）。

Serialization can also lead to security problems. By being able to serialize any object it has a reference to, a class can access data it would not normally be able to (by parsing the resultant byte data).

那里是其他问题，例如内部类的序列化形式没有很好地定义。

There are other issues, such as the serialized form of inner classes not being well defined.

使所有类可序列化会加剧这些问题。查看 Effective Java Second Edition ，特别是项目74：明智地实施Serializable 。

Making all classes serializable would exacerbate these problems. Check out Effective Java Second Edition, in particular Item 74: Implement Serializable judiciously.

这篇关于为什么Java需要Serializable接口？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！