java 如何将不可序列化的对象转换为字节数组?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2563340/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to convert a non serializable object to byte array?
提问by Tom Brito
I'm trying to use javax.crypto.Cipher.doFinal(byte[]) method to encrypt an object. But, for security reasons, the object cannot be serializable. So, how to convert the object to byte array without serialization?
我正在尝试使用 javax.crypto.Cipher.doFinal(byte[]) 方法来加密对象。但是,出于安全原因,该对象不能序列化。那么,如何在不序列化的情况下将对象转换为字节数组呢?
--update
- 更新
is using serialization the only way to use this Cipher method? Because as I know important data should not be serializable.
使用序列化是使用此 Cipher 方法的唯一方法吗?因为据我所知,重要的数据不应该是可序列化的。
采纳答案by Tom Brito
Solved, instead of use a getByteArray() to call Cipher.doFinal(), I'll use Cipher.doFinal() inside the class, with a getEncryptedByteArray() method; so I serialize the data inside the class without making the class itself serializable, and the return result will be encrypted. Any objection to this approach will be considered.. :)
解决了,我将在类中使用 Cipher.doFinal() 和 getEncryptedByteArray() 方法,而不是使用 getByteArray() 来调用 Cipher.doFinal();所以我将类内部的数据序列化了,而不是让类本身可以序列化,返回的结果会被加密。将考虑对这种方法的任何反对.. :)
回答by Makaku00
I used com.fasterxml.Hymanson.databind.ObjectMapper.
我使用了 com.fasterxml.Hymanson.databind.ObjectMapper。
private static byte[] serialize(Object obj) throws IOException {
ByteArrayOutputStream os = new ByteArrayOutputStream();
ObjectMapper mapper = new ObjectMapper();
mapper.enable(SerializationFeature.INDENT_OUTPUT);
mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
mapper.writeValue(os, obj);
return os.toByteArray();
}
回答by Bill K
You just serialize each of it's components. Recurse. Eventually you end up with native objects that you can serialize.
您只需序列化它的每个组件。递归。最终,您最终会得到可以序列化的本机对象。
If you implement this by implementing java's serialization methods, java will ensure that you do not serialize any object twice and will take care of references for you.
如果您通过实现 java 的序列化方法来实现这一点,java 将确保您不会将任何对象序列化两次,并会为您处理引用。
In short, make the object serializable.
简而言之,使对象可序列化。
回答by Randy Simon
Here is a simple example of serializing a class to a byte array.
这是将类序列化为字节数组的简单示例。
public Class Foo {
private boolean isHappy;
private short happyCount;
private Bar bar;
public byte[] serializeData () throws IOException
{
ByteArrayOutputStream stream = new ByteArrayOutputStream();
DataOutputStream out = new DataOutputStream( stream );
out.writeBoolean(isHappy);
out.writeShort( slope );
// Serialize bar which will just append to this byte stream
bar.doSerializeData(out);
// Return the serialized object.
byte[] data = stream.toByteArray();
// Clean up.
stream.close();
return data;
}
}
Of course, a lot of the details in your case depend on your class structure but hopefully this gets you pointed in the right direction.
当然,您案例中的许多细节取决于您的类结构,但希望这能让您指明正确的方向。
To deserialize you just need to reverse the above.
要反序列化,您只需要反转上述内容即可。
回答by user207421
java.beans.XMLEncoder/Decoder.
java.beans.XMLEncoder/Decoder。
