1.11 The Externalizable Interface

For Externalizable objects, only the identity of the class of the object is saved by the container; the class must save and restore the contents. The Externalizable interface is defined as follows:

package java.io;

public interface Externalizable extends Serializable
{
    public void writeExternal(ObjectOutput out)
        throws IOException;

    public void readExternal(ObjectInput in)
        throws IOException, java.lang.ClassNotFoundException;
}

The class of an Externalizable object must do the following:

• Implement the java.io.Externalizable interface
• Implement a writeExternal method to save the state of the object

(It must explicitly coordinate with its supertype to save its state.)

• Implement a readExternal method to read the data written by the writeExternal method from the stream and restore the state of the object

(It must explicitly coordinate with the supertype to save its state.)

• Have the writeExternal and readExternal methods be solely responsible for the format, if an externally defined format is written
• Have a public no-arg constructor

---

Note - The writeExternal and readExternal methods are public and raise the risk that a client may be able to write or read information in the object other than by using its methods and fields. These methods must be used only when the information held by the object is not sensitive or when exposing it does not present a security risk.

---

An Externalizable class can optionally define the following methods:

• A writeReplace method to allow a class to nominate a replacement object to be written to the stream

(See Section 2.5, "The writeReplace Method" for additional information.)

• A readResolve method to allow a class to designate a replacement object for the object just read from the stream

(See Section 3.6, "The readResolve Method" for additional information.)