（源码解读）java.io.ObjectStreamConstants写入对象序列化流的常量

最新推荐文章于 2025-03-24 20:18:22 发布

原创最新推荐文章于 2025-03-24 20:18:22 发布 · 304 阅读

0 ·

CC 4.0 BY-SA版权

源码解读专栏收录该内容

1 篇文章

订阅专栏

本文深入解析Java序列化机制，介绍序列化过程中字节数据的含义，包括对象序列化头信息、类描述信息及属性值描述规则。探讨了序列化安全性问题，并提出自定义序列化作为解决方案。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

该类定义了一系列的常量，用来表示对象进行序列化时单个字节数据的含义

/*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*/

package java.io;

/**
* Constants written into the Object Serialization Stream.
*
* @author unascribed
* @since JDK 1.1
*/
public interface ObjectStreamConstants {

/**
* Magic number that is written to the stream header.
* 用于标记序列化协议的信息
*/
final static short STREAM_MAGIC = (short)0xaced;

/**
* Version number that is written to the stream header.
* 用于标记序列化协议的版本信息
*/
final static short STREAM_VERSION = 5;

/* Each item in the stream is preceded by a tag
* 流中的每一项前面都有一个标记
* 标记的每一个值都代表了一种含义
* 序列化存放的规则：首先在序列化对象时，把序列化对象的信息分为三部分来存储
* 第一部分是序列化头信息：用于描述序列化协议的信息和版本。
* 第二部分是类描述的信息：用于描述序列化类的名称，属性和父类的名称、属性。
* 第三部分是属性域的值的描述：用于记录当前类中属性的值。
* 第二部分描述的规则如下：
* 首先声明标记的是TC_OBJECT = 0x73那么下一位就是声明接下来是一个新类的描述TC_CLASSDESC = 0x72 然后下一个
* 标志就是类名长度，然后类名，然后序列化ID，然后是标记该类使用的序列化方式，然后标记类属性域的个数、域类型、域
* 名称长度、域名称，描述完所有的属性域之后添加标记对象数据块结束标志TC_ENDBLOCKDATA = 0x78；然后开始父类
* 的描述，标记的方式和前面一致，当再没有新的父类时，添加标记TC_NULL = 0x70。
* 第三部分的描述规则：按照从父类到子类的顺序填充属性域的实际值，而对象的属性按照从基本数据类型到对象类型的顺序
* 填充实际值。
* 在第二部分和第三部分都采用了递归的方式进行填充。
* 这种序列化的方式并不安全，因为只要了解了序列化的规则，就很容易能从截获下来的二进制文件中解读出真实的数据。
* 所以如果进行传输的数据是具有保密属性的，最好还是使用自定义序列化的方式增加数据在传输过程中的安全性。
*/

/**
* First tag value.
*/
final static byte TC_BASE = 0x70;

/**
* Null object reference.
*/
final static byte TC_NULL = (byte)0x70;

/**
* Reference to an object already written into the stream.
*/
final static byte TC_REFERENCE = (byte)0x71;

/**
* new Class Descriptor.
*/
final static byte TC_CLASSDESC = (byte)0x72;

/**
* new Object.
*/
final static byte TC_OBJECT = (byte)0x73;

/**
* new String.
*/
final static byte TC_STRING = (byte)0x74;

/**
* new Array.
*/
final static byte TC_ARRAY = (byte)0x75;

/**
* Reference to Class.
*/
final static byte TC_CLASS = (byte)0x76;

/**
* Block of optional data. Byte following tag indicates number
* of bytes in this block data.
*/
final static byte TC_BLOCKDATA = (byte)0x77;

/**
* End of optional block data blocks for an object.
*/
final static byte TC_ENDBLOCKDATA = (byte)0x78;

/**
* Reset stream context. All handles written into stream are reset.
*/
final static byte TC_RESET = (byte)0x79;

/**
* long Block data. The long following the tag indicates the
* number of bytes in this block data.
*/
final static byte TC_BLOCKDATALONG= (byte)0x7A;

/**
* Exception during write.
*/
final static byte TC_EXCEPTION = (byte)0x7B;

/**
* Long string.
*/
final static byte TC_LONGSTRING = (byte)0x7C;

/**
* new Proxy Class Descriptor.
*/
final static byte TC_PROXYCLASSDESC = (byte)0x7D;

/**
* new Enum constant.
* @since 1.5
*/
final static byte TC_ENUM = (byte)0x7E;

/**
* Last tag value.
*/
final static byte TC_MAX = (byte)0x7E;

/**
* First wire handle to be assigned.
*/
final static int baseWireHandle = 0x7e0000;

/******************************************************/
/* Bit masks for ObjectStreamClass flag.*/

/**
* Bit mask for ObjectStreamClass flag. Indicates a Serializable class
* defines its own writeObject method.
*/
final static byte SC_WRITE_METHOD = 0x01;

/**
* Bit mask for ObjectStreamClass flag. Indicates Externalizable data
* written in Block Data mode.
* Added for PROTOCOL_VERSION_2.
*
* @see #PROTOCOL_VERSION_2
* @since 1.2
*/
final static byte SC_BLOCK_DATA = 0x08;

/**
* Bit mask for ObjectStreamClass flag. Indicates class is Serializable.
*/
final static byte SC_SERIALIZABLE = 0x02;

/**
* Bit mask for ObjectStreamClass flag. Indicates class is Externalizable.
*/
final static byte SC_EXTERNALIZABLE = 0x04;

/**
* Bit mask for ObjectStreamClass flag. Indicates class is an enum type.
* @since 1.5
*/
final static byte SC_ENUM = 0x10;

/* *******************************************************************/
/* Security permissions */

/**
* Enable substitution of one object for another during
* serialization/deserialization.
*
* @see java.io.ObjectOutputStream#enableReplaceObject(boolean)
* @see java.io.ObjectInputStream#enableResolveObject(boolean)
* @since 1.2
*/
final static SerializablePermission SUBSTITUTION_PERMISSION =
new SerializablePermission("enableSubstitution");

/**
* Enable overriding of readObject and writeObject.
*
* @see java.io.ObjectOutputStream#writeObjectOverride(Object)
* @see java.io.ObjectInputStream#readObjectOverride()
* @since 1.2
*/
final static SerializablePermission SUBCLASS_IMPLEMENTATION_PERMISSION =
new SerializablePermission("enableSubclassImplementation");
/**
* A Stream Protocol Version. <p>
*
* All externalizable data is written in JDK 1.1 external data
* format after calling this method. This version is needed to write
* streams containing Externalizable data that can be read by
* pre-JDK 1.1.6 JVMs.
*
* @see java.io.ObjectOutputStream#useProtocolVersion(int)
* @since 1.2
*/
public final static int PROTOCOL_VERSION_1 = 1;

/**
* A Stream Protocol Version. <p>
*
* This protocol is written by JVM 1.2.
*
* Externalizable data is written in block data mode and is
* terminated with TC_ENDBLOCKDATA. Externalizable class descriptor
* flags has SC_BLOCK_DATA enabled. JVM 1.1.6 and greater can
* read this format change.
*
* Enables writing a nonSerializable class descriptor into the
* stream. The serialVersionUID of a nonSerializable class is
* set to 0L.
*
* @see java.io.ObjectOutputStream#useProtocolVersion(int)
* @see #SC_BLOCK_DATA
* @since 1.2
*/
public final static int PROTOCOL_VERSION_2 = 2;
}