4

I often hear people saying that Serialization breaks encapsulation and this loss of encapsulation can be somewhat minimized by providing custom serialization. Can someone provide a concrete example that justifies the loss of encapsulation due to default serialization and how can this loss be minimized by resorting to custom serialization?

I am tagging this question as Java related but the answer can be language agnostic as I think this is a common problem across platforms and languages.

Geek
  • 23,609
  • 39
  • 133
  • 212
  • 1
    This [article](http://java.dzone.com/articles/serialization-breaks) provides a good example of how serialization breaks encapsulation – Darshan Mehta Jun 12 '13 at 15:34

2 Answers2

2

Excellent question! First, let's get a definition for encapsulation and go from there. This wikipedia article defines encapsulation in the following way:

  • A language mechanism for restricting access to some of the object's components.
  • A language construct that facilitates the bundling of data with the methods (or other functions) operating on that data.

Serialization, at least the way Java does it, has ramifications for both of these notions. When you implement the Serializable interface in Java, you are essentially telling the JVM that all of your non-transient member variables and the order in which they are declared defines the contract by which objects can be reconstructed from a byte stream. This works recursively if and only if all of your member variable's class definitions also implement Serializable, and this is where you can get into trouble.

The Encapsulation Problem

Based on the previous definition of encapsulation, particularly the first item, encapsulation prevents you from knowing anything about how the object you are dealing with actually works under the hood, with respect to its member variables. Implementing Serializable "correctly" forces you as a developer to know more about the objects you are dealing with than you probably care about in the functional sense. In this sense, implementing Serializable directly opposes encapsulation.

Custom Serialization

In every case, serialization requires knowledge about what data constitutes an "object" of a particular type. Java's Serializable interface takes this to the extreme by forcing you to know the transient state of every member variable of every Object you hope to serialize. You could get around this by defining a serialization mechanism external to the types that need to be serialized, but there will be design tradeoffs - e.g. you'd probably need to deal with Objects at the level of the interface(s) they implement instead of direct interaction with their member variables, and you may lose some of the ability to reconstruct the exact Object type from a serialized byte stream.

CodeBlind
  • 4,284
  • 1
  • 20
  • 34
0

Java default serialiation writes and reads field by field this way it exposes object's internal structure which breaks encapsulation. If you change the class's internal structure you might not be able to restore the object state correctly. While with custom serialization if you changed the class you can try and change readObject so that saved objects can be restored correctly.

Evgeniy Dorofeev
  • 124,221
  • 27
  • 187
  • 258