ObjectInputStream

public class ObjectInputStream
extends InputStream implements ObjectInput, ObjectStreamConstants

java.lang.Object
   ↳ java.io.InputStream
     ↳ java.io.ObjectInputStream


An ObjectInputStream deserializes primitive data and objects previously written using an ObjectOutputStream.

ObjectOutputStream and ObjectInputStream can provide an application with persistent storage for graphs of objects when used with a FileOutputStream and FileInputStream respectively. ObjectInputStream is used to recover those objects previously serialized. Other uses include passing objects between hosts using a socket stream or for marshaling and unmarshaling arguments and parameters in a remote communication system.

ObjectInputStream ensures that the types of all objects in the graph created from the stream match the classes present in the Java Virtual Machine. Classes are loaded as required using the standard mechanisms.

Only objects that support the java.io.Serializable or java.io.Externalizable interface can be read from streams.

The method readObject is used to read an object from the stream. Java's safe casting should be used to get the desired type. In Java, strings and arrays are objects and are treated as objects during serialization. When read they need to be cast to the expected type.

Primitive data types can be read from the stream using the appropriate method on DataInput.

The default deserialization mechanism for objects restores the contents of each field to the value and type it had when it was written. Fields declared as transient or static are ignored by the deserialization process. References to other objects cause those objects to be read from the stream as necessary. Graphs of objects are restored correctly using a reference sharing mechanism. New objects are always allocated when deserializing, which prevents existing objects from being overwritten.

Reading an object is analogous to running the constructors of a new object. Memory is allocated for the object and initialized to zero (NULL). No-arg constructors are invoked for the non-serializable classes and then the fields of the serializable classes are restored from the stream starting with the serializable class closest to java.lang.object and finishing with the object's most specific class.

For example to read from a stream as written by the example in ObjectOutputStream:

      FileInputStream fis = new FileInputStream("t.tmp");
      ObjectInputStream ois = new ObjectInputStream(fis);

      int i = ois.readInt();
      String today = (String) ois.readObject();
      Date date = (Date) ois.readObject();

      ois.close();
 

Classes control how they are serialized by implementing either the java.io.Serializable or java.io.Externalizable interfaces.

Implementing the Serializable interface allows object serialization to save and restore the entire state of the object and it allows classes to evolve between the time the stream is written and the time it is read. It automatically traverses references between objects, saving and restoring entire graphs.

Serializable classes that require special handling during the serialization and deserialization process should implement the following methods:

 private void writeObject(java.io.ObjectOutputStream stream)
     throws IOException;
 private void readObject(java.io.ObjectInputStream stream)
     throws IOException, ClassNotFoundException;
 private void readObjectNoData()
     throws ObjectStreamException;
 

The readObject method is responsible for reading and restoring the state of the object for its particular class using data written to the stream by the corresponding writeObject method. The method does not need to concern itself with the state belonging to its superclasses or subclasses. State is restored by reading data from the ObjectInputStream for the individual fields and making assignments to the appropriate fields of the object. Reading primitive data types is supported by DataInput.

Any attempt to read object data which exceeds the boundaries of the custom data written by the corresponding writeObject method will cause an OptionalDataException to be thrown with an eof field value of true. Non-object reads which exceed the end of the allotted data will reflect the end of data in the same way that they would indicate the end of the stream: bytewise reads will return -1 as the byte read or number of bytes read, and primitive reads will throw EOFExceptions. If there is no corresponding writeObject method, then the end of default serialized data marks the end of the allotted data.

Primitive and object read calls issued from within a readExternal method behave in the same manner--if the stream is already positioned at the end of data written by the corresponding writeExternal method, object reads will throw OptionalDataExceptions with eof set to true, bytewise reads will return -1, and primitive reads will throw EOFExceptions. Note that this behavior does not hold for streams written with the old ObjectStreamConstants.PROTOCOL_VERSION_1 protocol, in which the end of data written by writeExternal methods is not demarcated, and hence cannot be detected.

The readObjectNoData method is responsible for initializing the state of the object for its particular class in the event that the serialization stream does not list the given class as a superclass of the object being deserialized. This may occur in cases where the receiving party uses a different version of the deserialized instance's class than the sending party, and the receiver's version extends classes that are not extended by the sender's version. This may also occur if the serialization stream has been tampered; hence, readObjectNoData is useful for initializing deserialized objects properly despite a "hostile" or incomplete source stream.

Serialization does not read or assign values to the fields of any object that does not implement the java.io.Serializable interface. Subclasses of Objects that are not serializable can be serializable. In this case the non-serializable class must have a no-arg constructor to allow its fields to be initialized. In this case it is the responsibility of the subclass to save and restore the state of the non-serializable class. It is frequently the case that the fields of that class are accessible (public, package, or protected) or that there are get and set methods that can be used to restore the state.

Any exception that occurs while deserializing an object will be caught by the ObjectInputStream and abort the reading process.

Implementing the Externalizable interface allows the object to assume complete control over the contents and format of the object's serialized form. The methods of the Externalizable interface, writeExternal and readExternal, are called to save and restore the objects state. When implemented by a class they can write and read their own state using all of the methods of ObjectOutput and ObjectInput. It is the responsibility of the objects to handle any versioning that occurs.

Enum constants are deserialized differently than ordinary serializable or externalizable objects. The serialized form of an enum constant consists solely of its name; field values of the constant are not transmitted. To deserialize an enum constant, ObjectInputStream reads the constant name from the stream; the deserialized constant is then obtained by calling the static method Enum.valueOf(Class, String) with the enum constant's base type and the received constant name as arguments. Like other serializable or externalizable objects, enum constants can function as the targets of back references appearing subsequently in the serialization stream. The process by which enum constants are deserialized cannot be customized: any class-specific readObject, readObjectNoData, and readResolve methods defined by enum types are ignored during deserialization. Similarly, any serialPersistentFields or serialVersionUID field declarations are also ignored--all enum types have a fixed serialVersionUID of 0L.

Summary

Nested classes

class ObjectInputStream.GetField

Provide access to the persistent fields read from the input stream. 

Inherited constants

Inherited fields

Public constructors

ObjectInputStream(InputStream in)

Creates an ObjectInputStream that reads from the specified InputStream.

Protected constructors

ObjectInputStream()

Provide a way for subclasses that are completely reimplementing ObjectInputStream to not have to allocate private data just used by this implementation of ObjectInputStream.

Public methods

int available()

Returns the number of bytes that can be read without blocking.

void close()

Closes the input stream.

void defaultReadObject()

Read the non-static and non-transient fields of the current class from this stream.

int read()

Reads a byte of data.

int read(byte[] buf, int off, int len)

Reads into an array of bytes.

boolean readBoolean()

Reads in a boolean.

byte readByte()

Reads an 8 bit byte.

char readChar()

Reads a 16 bit char.

double readDouble()

Reads a 64 bit double.

ObjectInputStream.GetField readFields()

Reads the persistent fields from the stream and makes them available by name.

float readFloat()

Reads a 32 bit float.

void readFully(byte[] buf)

Reads bytes, blocking until all bytes are read.

void readFully(byte[] buf, int off, int len)

Reads bytes, blocking until all bytes are read.

int readInt()

Reads a 32 bit int.

String readLine()

This method is deprecated. This method does not properly convert bytes to characters. see DataInputStream for the details and alternatives.

long readLong()

Reads a 64 bit long.

final Object readObject()

Read an object from the ObjectInputStream.

short readShort()

Reads a 16 bit short.

String readUTF()

Reads a String in modified UTF-8 format.

Object readUnshared()

Reads an "unshared" object from the ObjectInputStream.

int readUnsignedByte()

Reads an unsigned 8 bit byte.

int readUnsignedShort()

Reads an unsigned 16 bit short.

void registerValidation(ObjectInputValidation obj, int prio)

Register an object to be validated before the graph is returned.

int skipBytes(int len)

Skips bytes.

Protected methods

boolean enableResolveObject(boolean enable)

Enable the stream to allow objects read from the stream to be replaced.

ObjectStreamClass readClassDescriptor()

Read a class descriptor from the serialization stream.

Object readObjectOverride()

This method is called by trusted subclasses of ObjectOutputStream that constructed ObjectOutputStream using the protected no-arg constructor.

void readStreamHeader()

The readStreamHeader method is provided to allow subclasses to read and verify their own stream headers.

Class<?> resolveClass(ObjectStreamClass desc)

Load the local class equivalent of the specified stream class description.

Object resolveObject(Object obj)

This method will allow trusted subclasses of ObjectInputStream to substitute one object for another during deserialization.

Class<?> resolveProxyClass(String[] interfaces)

Returns a proxy class that implements the interfaces named in a proxy class descriptor; subclasses may implement this method to read custom data from the stream along with the descriptors for dynamic proxy classes, allowing them to use an alternate loading mechanism for the interfaces and the proxy class.

Inherited methods

Public constructors

ObjectInputStream

Added in API level 1
public ObjectInputStream (InputStream in)

Creates an ObjectInputStream that reads from the specified InputStream. A serialization stream header is read from the stream and verified. This constructor will block until the corresponding ObjectOutputStream has written and flushed the header.

If a security manager is installed, this constructor will check for the "enableSubclassImplementation" SerializablePermission when invoked directly or indirectly by the constructor of a subclass which overrides the ObjectInputStream.readFields or ObjectInputStream.readUnshared methods.

Parameters
in InputStream: input stream to read from

Throws
StreamCorruptedException if the stream header is incorrect
IOException if an I/O error occurs while reading stream header
SecurityException if untrusted subclass illegally overrides security-sensitive methods
NullPointerException if in is null

Protected constructors

ObjectInputStream

Added in API level 1
protected ObjectInputStream ()

Provide a way for subclasses that are completely reimplementing ObjectInputStream to not have to allocate private data just used by this implementation of ObjectInputStream.

If there is a security manager installed, this method first calls the security manager's checkPermission method with the SerializablePermission("enableSubclassImplementation") permission to ensure it's ok to enable subclassing.

Throws
SecurityException if a security manager exists and its checkPermission method denies enabling subclassing.
IOException if an I/O error occurs while creating this stream

Public methods

available

Added in API level 1
public int available ()

Returns the number of bytes that can be read without blocking.

Returns
int the number of available bytes.

Throws
IOException if there are I/O errors while reading from the underlying InputStream

close

Added in API level 1
public void close ()

Closes the input stream. Must be called to release any resources associated with the stream.

Throws
IOException If an I/O error has occurred.

defaultReadObject

Added in API level 1
public void defaultReadObject ()

Read the non-static and non-transient fields of the current class from this stream. This may only be called from the readObject method of the class being deserialized. It will throw the NotActiveException if it is called otherwise.

Throws
ClassNotFoundException if the class of a serialized object could not be found.
IOException if an I/O error occurs.
NotActiveException if the stream is not currently reading objects.

read

Added in API level 1
public int read ()

Reads a byte of data. This method will block if no input is available.

Returns
int the byte read, or -1 if the end of the stream is reached.

Throws
IOException If an I/O error has occurred.

read

Added in API level 1
public int read (byte[] buf, 
                int off, 
                int len)

Reads into an array of bytes. This method will block until some input is available. Consider using java.io.DataInputStream.readFully to read exactly 'length' bytes.

Parameters
buf byte: the buffer into which the data is read

off int: the start offset of the data

len int: the maximum number of bytes read

Returns
int the actual number of bytes read, -1 is returned when the end of the stream is reached.

Throws
IOException If an I/O error has occurred.

readBoolean

Added in API level 1
public boolean readBoolean ()

Reads in a boolean.

Returns
boolean the boolean read.

Throws
EOFException If end of file is reached.
IOException If other I/O error has occurred.

readByte

Added in API level 1
public byte readByte ()

Reads an 8 bit byte.

Returns
byte the 8 bit byte read.

Throws
EOFException If end of file is reached.
IOException If other I/O error has occurred.

readChar

Added in API level 1
public char readChar ()

Reads a 16 bit char.

Returns
char the 16 bit char read.

Throws
EOFException If end of file is reached.
IOException If other I/O error has occurred.

readDouble

Added in API level 1
public double readDouble ()

Reads a 64 bit double.

Returns
double the 64 bit double read.

Throws
EOFException If end of file is reached.
IOException If other I/O error has occurred.

readFields

Added in API level 1
public ObjectInputStream.GetField readFields ()

Reads the persistent fields from the stream and makes them available by name.

Returns
ObjectInputStream.GetField the GetField object representing the persistent fields of the object being deserialized

Throws
ClassNotFoundException if the class of a serialized object could not be found.
IOException if an I/O error occurs.
NotActiveException if the stream is not currently reading objects.

readFloat

Added in API level 1
public float readFloat ()

Reads a 32 bit float.

Returns
float the 32 bit float read.

Throws
EOFException If end of file is reached.
IOException If other I/O error has occurred.

readFully

Added in API level 1
public void readFully (byte[] buf)

Reads bytes, blocking until all bytes are read.

Parameters
buf byte: the buffer into which the data is read

Throws
EOFException If end of file is reached.
IOException If other I/O error has occurred.

readFully

Added in API level 1
public void readFully (byte[] buf, 
                int off, 
                int len)

Reads bytes, blocking until all bytes are read.

Parameters
buf byte: the buffer into which the data is read

off int: the start offset of the data

len int: the maximum number of bytes to read

Throws
EOFException If end of file is reached.
IOException If other I/O error has occurred.

readInt

Added in API level 1
public int readInt ()

Reads a 32 bit int.

Returns
int the 32 bit integer read.

Throws
EOFException If end of file is reached.
IOException If other I/O error has occurred.

readLine

Added in API level 1
public String readLine ()

This method is deprecated.
This method does not properly convert bytes to characters. see DataInputStream for the details and alternatives.

Reads in a line that has been terminated by a \n, \r, \r\n or EOF.

Returns
String a String copy of the line.

Throws
IOException if there are I/O errors while reading from the underlying InputStream

readLong

Added in API level 1
public long readLong ()

Reads a 64 bit long.

Returns
long the read 64 bit long.

Throws
EOFException If end of file is reached.
IOException If other I/O error has occurred.

readObject

Added in API level 1
public final Object readObject ()

Read an object from the ObjectInputStream. The class of the object, the signature of the class, and the values of the non-transient and non-static fields of the class and all of its supertypes are read. Default deserializing for a class can be overridden using the writeObject and readObject methods. Objects referenced by this object are read transitively so that a complete equivalent graph of objects is reconstructed by readObject.

The root object is completely restored when all of its fields and the objects it references are completely restored. At this point the object validation callbacks are executed in order based on their registered priorities. The callbacks are registered by objects (in the readObject special methods) as they are individually restored.

Exceptions are thrown for problems with the InputStream and for classes that should not be deserialized. All exceptions are fatal to the InputStream and leave it in an indeterminate state; it is up to the caller to ignore or recover the stream state.

Returns
Object the object read from the stream

Throws
ClassNotFoundException Class of a serialized object cannot be found.
InvalidClassException Something is wrong with a class used by serialization.
StreamCorruptedException Control information in the stream is inconsistent.
OptionalDataException Primitive data was found in the stream instead of objects.
IOException Any of the usual Input/Output related exceptions.

readShort

Added in API level 1
public short readShort ()

Reads a 16 bit short.

Returns
short the 16 bit short read.

Throws
EOFException If end of file is reached.
IOException If other I/O error has occurred.

readUTF

Added in API level 1
public String readUTF ()

Reads a String in modified UTF-8 format.

Returns
String the String.

Throws
IOException if there are I/O errors while reading from the underlying InputStream
UTFDataFormatException if read bytes do not represent a valid modified UTF-8 encoding of a string

readUnshared

Added in API level 1
public Object readUnshared ()

Reads an "unshared" object from the ObjectInputStream. This method is identical to readObject, except that it prevents subsequent calls to readObject and readUnshared from returning additional references to the deserialized instance obtained via this call. Specifically:

  • If readUnshared is called to deserialize a back-reference (the stream representation of an object which has been written previously to the stream), an ObjectStreamException will be thrown.
  • If readUnshared returns successfully, then any subsequent attempts to deserialize back-references to the stream handle deserialized by readUnshared will cause an ObjectStreamException to be thrown.
Deserializing an object via readUnshared invalidates the stream handle associated with the returned object. Note that this in itself does not always guarantee that the reference returned by readUnshared is unique; the deserialized object may define a readResolve method which returns an object visible to other parties, or readUnshared may return a Class object or enum constant obtainable elsewhere in the stream or through external means. If the deserialized object defines a readResolve method and the invocation of that method returns an array, then readUnshared returns a shallow clone of that array; this guarantees that the returned array object is unique and cannot be obtained a second time from an invocation of readObject or readUnshared on the ObjectInputStream, even if the underlying data stream has been manipulated.

ObjectInputStream subclasses which override this method can only be constructed in security contexts possessing the "enableSubclassImplementation" SerializablePermission; any attempt to instantiate such a subclass without this permission will cause a SecurityException to be thrown.

Returns
Object reference to deserialized object

Throws
ClassNotFoundException if class of an object to deserialize cannot be found
StreamCorruptedException if control information in the stream is inconsistent
ObjectStreamException if object to deserialize has already appeared in stream
OptionalDataException if primitive data is next in stream
IOException if an I/O error occurs during deserialization

readUnsignedByte

Added in API level 1
public int readUnsignedByte ()

Reads an unsigned 8 bit byte.

Returns
int the 8 bit byte read.

Throws
EOFException If end of file is reached.
IOException If other I/O error has occurred.

readUnsignedShort

Added in API level 1
public int readUnsignedShort ()

Reads an unsigned 16 bit short.

Returns
int the 16 bit short read.

Throws
EOFException If end of file is reached.
IOException If other I/O error has occurred.

registerValidation

Added in API level 1
public void registerValidation (ObjectInputValidation obj, 
                int prio)

Register an object to be validated before the graph is returned. While similar to resolveObject these validations are called after the entire graph has been reconstituted. Typically, a readObject method will register the object with the stream so that when all of the objects are restored a final set of validations can be performed.

Parameters
obj ObjectInputValidation: the object to receive the validation callback.

prio int: controls the order of callbacks;zero is a good default. Use higher numbers to be called back earlier, lower numbers for later callbacks. Within a priority, callbacks are processed in no particular order.

Throws
NotActiveException The stream is not currently reading objects so it is invalid to register a callback.
InvalidObjectException The validation object is null.

skipBytes

Added in API level 1
public int skipBytes (int len)

Skips bytes.

Parameters
len int: the number of bytes to be skipped

Returns
int the actual number of bytes skipped.

Throws
IOException If an I/O error has occurred.

Protected methods

enableResolveObject

Added in API level 1
protected boolean enableResolveObject (boolean enable)

Enable the stream to allow objects read from the stream to be replaced. When enabled, the resolveObject method is called for every object being deserialized.

If enable is true, and there is a security manager installed, this method first calls the security manager's checkPermission method with the SerializablePermission("enableSubstitution") permission to ensure it's ok to enable the stream to allow objects read from the stream to be replaced.

Parameters
enable boolean: true for enabling use of resolveObject for every object being deserialized

Returns
boolean the previous setting before this method was invoked

Throws
SecurityException if a security manager exists and its checkPermission method denies enabling the stream to allow objects read from the stream to be replaced.

readClassDescriptor

Added in API level 1
protected ObjectStreamClass readClassDescriptor ()

Read a class descriptor from the serialization stream. This method is called when the ObjectInputStream expects a class descriptor as the next item in the serialization stream. Subclasses of ObjectInputStream may override this method to read in class descriptors that have been written in non-standard formats (by subclasses of ObjectOutputStream which have overridden the writeClassDescriptor method). By default, this method reads class descriptors according to the format defined in the Object Serialization specification.

Returns
ObjectStreamClass the class descriptor read

Throws
IOException If an I/O error has occurred.
ClassNotFoundException If the Class of a serialized object used in the class descriptor representation cannot be found

readObjectOverride

Added in API level 1
protected Object readObjectOverride ()

This method is called by trusted subclasses of ObjectOutputStream that constructed ObjectOutputStream using the protected no-arg constructor. The subclass is expected to provide an override method with the modifier "final".

Returns
Object the Object read from the stream.

Throws
ClassNotFoundException Class definition of a serialized object cannot be found.
OptionalDataException Primitive data was found in the stream instead of objects.
IOException if I/O errors occurred while reading from the underlying stream

readStreamHeader

Added in API level 1
protected void readStreamHeader ()

The readStreamHeader method is provided to allow subclasses to read and verify their own stream headers. It reads and verifies the magic number and version number.

Throws
IOException if there are I/O errors while reading from the underlying InputStream
StreamCorruptedException if control information in the stream is inconsistent

resolveClass

Added in API level 1
protected Class<?> resolveClass (ObjectStreamClass desc)

Load the local class equivalent of the specified stream class description. Subclasses may implement this method to allow classes to be fetched from an alternate source.

The corresponding method in ObjectOutputStream is annotateClass. This method will be invoked only once for each unique class in the stream. This method can be implemented by subclasses to use an alternate loading mechanism but must return a Class object. Once returned, if the class is not an array class, its serialVersionUID is compared to the serialVersionUID of the serialized class, and if there is a mismatch, the deserialization fails and an InvalidClassException is thrown.

The default implementation of this method in ObjectInputStream returns the result of calling

     Class.forName(desc.getName(), false, loader)
 
where loader is determined as follows: if there is a method on the current thread's stack whose declaring class was defined by a user-defined class loader (and was not a generated to implement reflective invocations), then loader is class loader corresponding to the closest such method to the currently executing frame; otherwise, loader is null. If this call results in a ClassNotFoundException and the name of the passed ObjectStreamClass instance is the Java language keyword for a primitive type or void, then the Class object representing that primitive type or void will be returned (e.g., an ObjectStreamClass with the name "int" will be resolved to Integer.TYPE). Otherwise, the ClassNotFoundException will be thrown to the caller of this method.

Parameters
desc ObjectStreamClass: an instance of class ObjectStreamClass

Returns
Class<?> a Class object corresponding to desc

Throws
IOException any of the usual Input/Output exceptions.
ClassNotFoundException if class of a serialized object cannot be found.

resolveObject

Added in API level 1
protected Object resolveObject (Object obj)

This method will allow trusted subclasses of ObjectInputStream to substitute one object for another during deserialization. Replacing objects is disabled until enableResolveObject is called. The enableResolveObject method checks that the stream requesting to resolve object can be trusted. Every reference to serializable objects is passed to resolveObject. To insure that the private state of objects is not unintentionally exposed only trusted streams may use resolveObject.

This method is called after an object has been read but before it is returned from readObject. The default resolveObject method just returns the same object.

When a subclass is replacing objects it must insure that the substituted object is compatible with every field where the reference will be stored. Objects whose type is not a subclass of the type of the field or array element abort the serialization by raising an exception and the object is not be stored.

This method is called only once when each object is first encountered. All subsequent references to the object will be redirected to the new object.

Parameters
obj Object: object to be substituted

Returns
Object the substituted object

Throws
IOException Any of the usual Input/Output exceptions.

resolveProxyClass

Added in API level 1
protected Class<?> resolveProxyClass (String[] interfaces)

Returns a proxy class that implements the interfaces named in a proxy class descriptor; subclasses may implement this method to read custom data from the stream along with the descriptors for dynamic proxy classes, allowing them to use an alternate loading mechanism for the interfaces and the proxy class.

This method is called exactly once for each unique proxy class descriptor in the stream.

The corresponding method in ObjectOutputStream is annotateProxyClass. For a given subclass of ObjectInputStream that overrides this method, the annotateProxyClass method in the corresponding subclass of ObjectOutputStream must write any data or objects read by this method.

The default implementation of this method in ObjectInputStream returns the result of calling Proxy.getProxyClass with the list of Class objects for the interfaces that are named in the interfaces parameter. The Class object for each interface name i is the value returned by calling

     Class.forName(i, false, loader)
 
where loader is that of the first non-null class loader up the execution stack, or null if no non-null class loaders are on the stack (the same class loader choice used by the resolveClass method). Unless any of the resolved interfaces are non-public, this same value of loader is also the class loader passed to Proxy.getProxyClass; if non-public interfaces are present, their class loader is passed instead (if more than one non-public interface class loader is encountered, an IllegalAccessError is thrown). If Proxy.getProxyClass throws an IllegalArgumentException, resolveProxyClass will throw a ClassNotFoundException containing the IllegalArgumentException.

Parameters
interfaces String: the list of interface names that were deserialized in the proxy class descriptor

Returns
Class<?> a proxy class for the specified interfaces

Throws
IOException any exception thrown by the underlying InputStream
ClassNotFoundException if the proxy class or any of the named interfaces could not be found