Analysis of Hessian serialization principle

1. hessian Serialization example

1.1 hessian Protocol Brief

1.1.1 characteristic

Refer to the description in the official document , Here are some brief descriptions ,http://hessian.caucho.com/doc/hessian-serialization.html.

• It must self describe the serialization type , That is, no external schema or interface definition is required
• It must be language independent , Including support for scripting languages
• It must be able to read and write in a single way
• It must be as compact as possible
• It must be simple , Only in this way can we effectively test and implement
• Must be as fast as possible
• It has to support Unicode character string
• It has to support 8 Bit binary data , There is no need to escape or use attachments
• It must support encryption 、 Compress 、 Signature and transaction context envelopes

1.1.2 hessian Syntactic introduction

The following examples , More reference ：http://hessian.caucho.com/doc/hessian-serialization.html.

        #boolean true/false
boolean ::= 'T'
        ::= 'F'
          
        # list/vector
list    ::= 'V' type? length? value* 'z'
        ::= 'v' int int value*          # first int Represents a type reference ,  the second int Length 
          

        #32-bit  signed int （ such as 0x90 Encoded as 0）
int     ::= 'I' b3 b2 b1 b0
        ::= [x80-xbf]                   #-x10 to x3f
        ::= [xc0-xcf] b0                #-x800 to x7ff
        ::= [xd0-xd7] b1 b0             #-x40000 to x3ffff

1.2 hessian Examples of serialization and deserialization

public static void serialize1(Student student){
    
  FileOutputStream fileOutputStream;
  try {
    
    fileOutputStream = new FileOutputStream("/Users/zhuqiuhui/Desktop/studentHession.txt");
    //  Get byte stream from object 
    ByteArrayOutputStream os = new ByteArrayOutputStream();
    Hessian2Output output = new Hessian2Output(os);
    output.writeObject(student);
    output.getBytesOutputStream().flush();
    output.completeMessage();
    output.close();

    //  Write to a file 
    fileOutputStream.write(os.toByteArray());
  } catch (Exception e) {
    
    e.printStackTrace();
  }
}

public static Student deserialize1(){
    
  FileInputStream fileInputStream;
  Object result = null;
  try {
    
    fileInputStream = new FileInputStream("/Users/zhuqiuhui/Desktop/studentHession.txt");
    byte[] data = new byte[1024];
    int len = fileInputStream.read(data);
    System.out.println("read byte length:" + len);

    //  Read the object from the stream 
    ByteArrayInputStream is = new ByteArrayInputStream(data);
    Hessian2Input input = new Hessian2Input(is);
    result = input.readObject();
  } catch (Exception e) {
    
    e.printStackTrace();
  }
  return (Student)result;
}

public static void main(String[] args) {
    

  Student student = new Student();
  student.setId("123");
  student.setName(" Fang Chen ");

  //  serialize 
  // serialize1(student);

  //  Deserialization 
  Student serializestudent = deserialize1();
  System.out.println("deserialize result entity id is "+serializestudent.getId());
  System.out.println("deserialize result entity name is "+serializestudent.getName());
}

1.3 hessian Deal with the jdk difference

• Difference one ：java Serialization cannot cross language
• Difference two ： Versions of old and new objects Java Through one serialVersionUID To relate , Developers need to pay attention to the semantics of serialization
• Difference three ：java Serialization does not support encryption
• Difference 4 ：Java Serialized content ratio hessian Big

2. hessian Serialization analysis

2.1 hessian Serialization must serialVersionUID Do you ？

hessian Serialized objects do not need to be added serialVersionUID,hessian When serializing, write the description information of the class to byte[] in

2.2 hessian Serialization and deserialization source code analysis

2.2.1 （ back ） The corresponding relationship of serializers

2.2.2 Why serialize objects implements Serializable Interface ？

// com.caucho.hessian.io.SerializerFactory  The default serializer will be obtained when serializing 
protected Serializer getDefaultSerializer(Class cl) {
    
  if (_defaultSerializer != null)
    return _defaultSerializer;

  //  If the serialized object is not implemented  Serializable  Interface , It will be thrown out. IllegalStateException
  if (! Serializable.class.isAssignableFrom(cl)
      && ! _isAllowNonSerializable) {
    
    throw new IllegalStateException("Serialized class " + cl.getName() + " must implement java.io.Serializable");
  }

  if (_isEnableUnsafeSerializer
      && JavaSerializer.getWriteReplace(cl) == null) {
    
    return UnsafeSerializer.create(cl);
  }
  else
    return JavaSerializer.create(cl);
}

2.2.3 Serialization process and deserialization process

• Serialization process ：Hessian2Output -> SerializerFactory -> Serializer
• Deserialization process ：Hessian2Input -> SerializerFactory -> Deserializer

2.3 summary

• Serialize objects to achieve Serializable Interface , Otherwise, it will report “must implement java.io.Serializable” abnormal
• If the serialized object passes hessian After serialization , Serialized object without serialVersionUID when , Re change （ Add object properties 、 Delete object properties ） Will not generate deserialization exceptions , namely hessian Serializing objects no longer requires serialVersionUID.
• hessian It stores all the attributes of a complex object in one Map Serialization in . So in the parent class 、 When a subclass has a member variable with the same name , Hessian Serialization , Serialize subclasses first , Then serialize the parent class , Therefore, the result of deserialization will cause the member variable with the same name of the child class to be overwritten by the value of the parent class .
• hessian Medium writeReplace Methods and readResolve The method works the same , If the serialized object has this method , The instance returned by this method will be used to replace the serialized instance , To ensure the singleness of the object .