How do I use ObjectOutputStream with record?

By I Wayan Saryada in IO 0 Comment

To use ObjectOutputStream with a Java record, you need to make the record implement the java.io.Serializable interface.

One of the great things about records is that they are designed to be “data carriers,” and Java’s serialization mechanism handles them more robustly and securely than regular classes. Specifically, records are serialized using only their components (the fields defined in the header), and the deserialization process uses the record’s canonical constructor, ensuring that any validation logic you’ve placed there is always executed.

Here is a complete example of how to write a record to a file and read it back:

1. Define the Record

Make sure it implements Serializable.

package org.kodejava.io;

import java.io.Serializable;

/**
 * A simple record representing a Person.
 * Records are implicitly final and their fields are private and final.
 */
public record Person(String name, int age) implements Serializable {
    // Compact constructor for validation
    public Person {
        if (age < 0) {
            throw new IllegalArgumentException("Age cannot be negative");
        }
    }
}

2. Serialize and Deserialize

Use ObjectOutputStream to write the object and ObjectInputStream to read it.

package org.kodejava.io;

import java.io.*;

public class RecordSerializationDemo {
    public static void main(String[] args) {
        String filename = "person.ser";
        Person person = new Person("John Doe", 30);

        // 1. Serialize the record
        try (FileOutputStream fos = new FileOutputStream(filename);
             ObjectOutputStream oos = new ObjectOutputStream(fos)) {

            oos.writeObject(person);
            System.out.println("Record saved: " + person);

        } catch (IOException e) {
            e.printStackTrace();
        }

        // 2. Deserialize the record
        try (FileInputStream fis = new FileInputStream(filename);
             ObjectInputStream ois = new ObjectInputStream(fis)) {

            Person savedPerson = (Person) ois.readObject();
            System.out.println("Record loaded: " + savedPerson);

        } catch (IOException | ClassNotFoundException e) {
            e.printStackTrace();
        }
    }
}

Key Points to Remember:

  • Immutability: Since records are immutable, serialization is very straightforward.
  • No serialVersionUID Required (mostly): While you can define a serialVersionUID, Java’s serialization for records ignores the field-matching rules that usually require it. The serialization is based strictly on the component names.
  • Security: Records are less susceptible to “deserialization attacks” because they don’t allow the creation of “ghost” objects; they must go through the canonical constructor.
  • Customization: Records do not support writeObject, readObject, readObjectNoData, or writeExternal methods. If you need custom serialization logic, you should use a regular class instead.

How do I serialize and deserialize objects safely?

By I Wayan Saryada in IO 0 Comment

In a modern Java environment, “safely” means avoiding the pitfalls of standard Java Serialization, which is often vulnerable to gadget attacks and remote code execution.

Here are the best practices for safe serialization and deserialization:

1. Prefer Data-Only Formats (JSON/XML)

Instead of standard Java serialization, use JSON with a library like Jackson (already common in Spring projects). It separates data from logic, making it much harder for an attacker to trigger malicious code during deserialization.

Example using Jackson:

import com.fasterxml.jackson.databind.ObjectMapper;

public class SerializationDemo {
    private final ObjectMapper mapper = new ObjectMapper();

    public String serialize(Object obj) throws Exception {
        return mapper.writeValueAsString(obj);
    }

    public <T> T deserialize(String json, Class<T> clazz) throws Exception {
        // Safe because it only maps data to fields in the specified class
        return mapper.readValue(json, clazz);
    }
}

2. If You Must Use Java Serialization: Use Filtered Deserialization

If you are forced to use java.io.Serializable, you should implement a SerializationFilter. Introduced in Java 9 (and perfected in later versions), this allows you to “allowlist” only the classes you expect.

Example of an ObjectInputFilter:

import java.io.*;

public class SafeDeserializer {
    public static Object deserialize(byte[] data) throws IOException, ClassNotFoundException {
        try (ByteArrayInputStream bais = new ByteArrayInputStream(data);
             ObjectInputStream ois = new ObjectInputStream(bais)) {

            // Allow ONLY specific classes (and primitives/arrays)
            ObjectInputFilter filter = ObjectInputFilter.Config.createFilter(
                "com.yourpackage.MySafeClass;java.base/*;!*"
            );
            ois.setObjectInputFilter(filter);

            return ois.readObject();
        }
    }
}

3. Use transient for Sensitive Data

Always mark fields that shouldn’t be serialized (like passwords, tokens, or internal state) as transient.

public class User implements Serializable {
    private String username;
    private transient String password; // Will not be saved/transmitted
}

4. Implement readObject for Validation

If you use standard serialization, override readObject to validate the object’s state after it is reconstructed. This prevents “half-baked” or illegal objects from being created.

private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
    ois.defaultReadObject();
    // Validate state
    if (this.age < 0) {
        throw new InvalidObjectException("Age cannot be negative");
    }
}

Summary of “Safe” Rules:

  1. Don’t accept serialized objects from untrusted sources.
  2. Use JSON/Jackson whenever possible (it’s the industry standard for a reason).
  3. Use allowlists (via ObjectInputFilter) if you use native Java serialization.
  4. Keep dependencies updated to patch known “gadget” classes that attackers use to exploit deserialization.

How do I use ByteBuffer to process binary files?

By I Wayan Saryada in IO 0 Comment

Using ByteBuffer to process binary files is a core part of Java NIO (New I/O). It provides a more efficient way to handle raw bytes compared to traditional stream-based I/O by allowing direct interaction with memory and OS-level optimizations.

Here is a guide on how to effectively use ByteBuffer for binary file processing.

1. The Core Lifecycle of a Buffer

When processing files, you’ll constantly switch between “writing” to the buffer (filling it from a file) and “reading” from it (processing the bytes).

  1. Allocate: Create a buffer.
  2. Write/Fill: Put data into the buffer (using channel.read(buffer) or buffer.put()).
  3. Flip: Call flip() to switch from writing mode to reading mode.
  4. Read/Process: Get data out (using buffer.get()).
  5. Clear/Compact: Call clear() to prepare for the next fill.

2. Reading a Binary File

To read a file, you use a FileChannel to fill your ByteBuffer. For binary data, you can extract specific types like int, long, or double directly.

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.FileChannel;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;

public class BinaryReader {
    public void readBinaryData(Path path) throws IOException {
        try (FileChannel channel = FileChannel.open(path, StandardOpenOption.READ)) {
            // Allocate a buffer (8KB is a common size)
            ByteBuffer buffer = ByteBuffer.allocate(8192);

            while (channel.read(buffer) != -1) {
                // 1. Prepare for reading
                buffer.flip();

                // 2. Process data (e.g., reading 4-byte integers)
                while (buffer.remaining() >= 4) {
                    int value = buffer.getInt(); 
                    System.out.println("Read value: " + value);
                }

                // 3. Prepare for next read from channel
                buffer.compact(); // Keeps unprocessed bytes at the start
            }
        }
    }
}

3. Writing a Binary File

When writing, you fill the buffer with values and then “drain” it into the FileChannel.

public void writeBinaryData(Path path) throws IOException {
    try (FileChannel channel = FileChannel.open(path, 
            StandardOpenOption.CREATE, StandardOpenOption.WRITE)) {

        ByteBuffer buffer = ByteBuffer.allocate(1024);

        // Put various binary types
        buffer.putInt(42);
        buffer.putDouble(3.14159);
        buffer.putLong(System.currentTimeMillis());

        // Prepare for the channel to read from this buffer
        buffer.flip();

        while (buffer.hasRemaining()) {
            channel.write(buffer);
        }
    }
}

4. Key Considerations for Binary Files

  • Byte Order (Endianness): Binary formats often specify a byte order (Big-Endian or Little-Endian). You can set this easily:
buffer.order(java.nio.ByteOrder.LITTLE_ENDIAN);
  • Direct vs. Heap Buffers:
    • ByteBuffer.allocate(size): Creates a buffer on the Java heap.
    • ByteBuffer.allocateDirect(size): Allocates memory outside the JVM heap. Use this for large, long-lived buffers or when performance is critical, as it allows the OS to perform I/O directly without extra memory copies.
  • Memory Mapping: For extremely large files (larger than your available RAM), use channel.map(). This maps the file directly into virtual memory, allowing you to treat the entire file like a huge ByteBuffer without manual read() calls.

Summary of Methods

Method Purpose
flip() Switches from writing to reading.
clear() Resets the buffer (doesn’t erase data, just pointers) for a fresh start.
compact() Moves leftover bytes to the start; useful if you didn’t finish reading everything.
rewind() Resets position to 0 so you can read the same data again.
get...() / put...() Typed methods (e.g., getInt, putLong) to handle primitive binary types.

How do I use FileChannel for efficient file IO?

By I Wayan Saryada in IO 0 Comment

Using FileChannel from the java.nio.channels package is a powerful way to perform high-performance file operations. It allows for advanced features like memory-mapped files and direct transfer between channels, which are often much faster than traditional stream-based I/O.

Here are the most efficient ways to use FileChannel.

1. Fast File Copying with transferTo or transferFrom

This is arguably the most efficient way to copy files. It uses “zero-copy” technology, where the operating system transfers data directly from the file system cache to the target channel without copying it into application memory (the heap).

package org.kodejava.nio;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.nio.channels.FileChannel;
import java.io.IOException;
import java.io.File;

public class FastCopy {
    public static void copyFile(File source, File dest) throws IOException {
        try (FileChannel sourceChannel = new FileInputStream(source).getChannel();
             FileChannel destChannel = new FileOutputStream(dest).getChannel()) {

            long position = 0;
            long count = sourceChannel.size();

            // Transfer data directly between channels
            sourceChannel.transferTo(position, count, destChannel);
        }
    }
}

2. Reading/Writing with ByteBuffer

FileChannel works with ByteBuffer. For maximum efficiency, use Direct Buffers (ByteBuffer.allocateDirect()). Direct buffers are allocated outside the standard JVM heap, allowing the OS to perform I/O operations directly on the memory.

package org.kodejava.nio;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.FileChannel;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;

public class EfficientRead {
    public void readWithBuffer(Path path) throws IOException {
        try (FileChannel channel = FileChannel.open(path, StandardOpenOption.READ)) {
            // Use a direct buffer for better performance with OS I/O
            ByteBuffer buffer = ByteBuffer.allocateDirect(1024 * 8); // 8KB

            while (channel.read(buffer) != -1) {
                buffer.flip(); // Prepare buffer for reading

                // Process the data...
                // while(buffer.hasRemaining()) { System.out.print((char) buffer.get()); }

                buffer.clear(); // Prepare buffer for writing (reading from channel)
            }
        }
    }
}

3. Memory-Mapped Files (MappedByteBuffer)

For very large files, memory mapping is often the fastest approach. It maps a region of the file directly into virtual memory. The OS handles loading the data from disk as you access it.

package org.kodejava.nio;

import java.io.IOException;
import java.nio.MappedByteBuffer;
import java.nio.channels.FileChannel;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;

public class MemoryMappedExample {
    public void mapLargeFile(Path path) throws IOException {
        try (FileChannel channel = FileChannel.open(path, StandardOpenOption.READ)) {
            long size = channel.size();
            // Map the entire file into memory
            MappedByteBuffer buffer = channel.map(FileChannel.MapMode.READ_ONLY, 0, size);

            if (buffer.hasRemaining()) {
                // You can access data like an array without calling read()
                byte firstByte = buffer.get(0);
            }
        }
    }
}

Key Tips for Efficiency:

  • Use try-with-resources: FileChannel implements AutoCloseable. Always ensure it is closed to release file locks and native resources.
  • Direct Buffers: Use ByteBuffer.allocateDirect() if the buffer is long-lived or used for heavy I/O, but remember that allocating/deallocating them is more expensive than heap buffers.
  • File Locks: FileChannel provides lock() and tryLock() methods, which are useful for synchronizing file access between different JVM processes.
  • StandardOpenOption: When opening a channel via FileChannel.open(), use specific options like READ, WRITE, CREATE, or SPARSE to hint at your intentions to the OS.

How do I use Files.probeContentType() to detect file type?

By I Wayan Saryada in IO 0 Comment

To use Files.probeContentType(Path path) in Java, you simply pass a Path object to the method. It returns a string representing the MIME type (e.g., image/png, text/plain) or null if the type cannot be determined.

Here is a practical example of how to implement it:

package org.kodejava.nio;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;

public class ProbeContentTypeExample {
    public static void main(String[] args) {
        // Paths to different types of files
        Path imagePath = Paths.get("logo.png");
        Path textPath = Paths.get("example.txt");
        Path htmlPath = Paths.get("google.html");

        try {
            // Detect and print the content types
            System.out.println("Logo type: " + Files.probeContentType(imagePath));
            System.out.println("Text type: " + Files.probeContentType(textPath));
            System.out.println("HTML type: " + Files.probeContentType(htmlPath));
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

Key points to remember:

  • Implementation-Dependent: The detection mechanism depends on the installed FileTypeDetector implementations and the underlying operating system. On Windows, it usually checks the registry based on the file extension.
  • Returns Null: If the system cannot determine the file type, it returns null rather than throwing an exception.
  • IOException: While rare for this specific method, it can throw an IOException if an I/O error occurs.
  • No Content Inspection: By default, Files.probeContentType usually relies on file extensions and metadata rather than reading the actual byte content of the file. If you need deep content inspection (magic bytes), you might need a library like Apache Tika.