Java serialization is convenient to store the state of Java objects. However, there are some drawbacks of serialized data:
It is not human-readable.
Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
Java serialization is convenient to store the state of Java objects. However, there are some drawbacks of serialized data:
It is not human-readable.
Last month, I wrote an article on open-source Chronicle Wire that discusses how we could serialize an application’s state into different message formats.
Now in this article, I'm going to look at how we can use open-source Chronicle Queue and Chronicle Wire to structure applications to use event-driven architecture (EDA). EDA is a design pattern in which decoupled components (often microservices) can asynchronously publish and subscribe to events.
For any low-latency software, it is vital that the most common operations introduce minimal latency. For example, in trading software, one common and time-sensitive operation is messaging between microservices. To minimize the memory footprint of the communication, all messages are serialized by the sender and deserialized by the receiver. Hence, from a performance perspective, it is vital that the process of serializing/deserializing introduces minimal latency.
Read this article and learn more about the low-latency technique leveraging C++ methodology in Java: Trivially Copyable Objects and memcpy
. Make common operations a little faster thereby saving a lot of time in aggregate operation. Serialization of Trivially Copyable Objects can be more than five times faster than that of regular Java objects and is supported by Chronicle libraries such as Chronicle Services and other libraries as described in this related article on DZone.
Java gained a reputation as a secure programming language when it was introduced in the mid-1990s. At that time, C or C++ was used for the majority of business programming. Java removed many pitfalls and vulnerabilities of those languages, like manual memory allocation.
This reputation as a more secure language does not mean that all Java code is automatically secure. Developers still have to make sure that they deliver secure code. Fortunately, you can stay on top of your Java security by keeping an eye on possible Java threats.
In a previous article, Everything You Need to Know About Java Serialization Explained, I explained how we can serialize/deserialize one object using the Serializable
interface and explain how we can customize the serialization process using writeObject
and readObject
methods.
But these customizations are not sufficient because the JVM has full control of the serialization process and those customization logics are just additions to the default serialization process. We still have to use the default serialization logic by calling ObjectOutputStream.defaultWriteObject()
and ObjectInputStream.defaultReadObject()
from writeObject
and readObject
methods. And if we do not call these default methods, our object will not be serialized/deserialized.
In a previous article, we looked at five different ways to create objects in Java, I have explained how deserializing a serialized object creates a new object, and in this blog, I am going to discuss Serialization and Deserialization in details.
We will use below Employee
class object as an example for the explanation