CONTENTS | PREV | NEXT Java Object Serialization Specification

Table of Contents



1 System Architecture
1.1 Overview
1.2 Writing to an Object Stream
1.3 Reading from an Object Stream
1.4 Object Streams as Containers
1.5 Defining Serializable Fields for a Class
1.6 Documenting Serializable Fields and Data for a Class
1.7 Accessing Serializable Fields of a Class
1.8 The ObjectOutput Interface
1.9 The ObjectInput Interface
1.10 The Serializable Interface
1.11 The Externalizable Interface
1.12 Protecting Sensitive Information

2 Object Output Classes
2.1 The ObjectOutputStream Class
2.2 The ObjectOutputStream.PutField Class
2.3 The writeObject Method
2.4 The writeExternal Method
2.5 The writeReplace Method
2.6 The useProtocolVersion Method

3 Object Input Classes
3.1 The ObjectInputStream Class
3.2 The ObjectInputStream.GetField Class
3.3 The ObjectInputValidation Interface
3.4 The readObject Method
3.5 The readExternal Method
3.6 The readResolve Method

4 Class Descriptors
4.1 The ObjectStreamClass Class
4.2 Dynamic Proxy Class Descriptors
4.3 Serialized Form
4.4 The ObjectStreamField Class
4.5 Inspecting Serializable Classes
4.6 Stream Unique Identifiers

5 Versioning of Serializable Objects
5.1 Overview
5.2 Goals
5.3 Assumptions
5.4 Who's Responsible for Versioning of Streams
5.5 Compatible JavaTM Type Evolution
5.6 Type Changes Affecting Serialization

6 Object Serialization Stream Protocol
6.1 Overview
6.2 Stream Elements
6.3 Stream Protocol Versions
6.4 Grammar for the Stream Format

A Security in Object Serialization
A.1 Overview
A.2 Design Goals
A.3 Security Issues
A.4 Preventing Serialization of Sensitive Data
A.5 Writing Class-Specific Serializing Methods
A.6 Guarding Unshared Deserialized Objects
A.7 Preventing Overwriting of Externalizable Objects
A.8 Encrypting a Bytestream

B Exceptions In Object Serialization

C Example of Serializable Fields
C.1 Example Alternate Implementation of java.io.File


CONTENTS | PREV | NEXT
Copyright © 1997-1999 Sun Microsystems, Inc. All Rights Reserved.