Java Serialization vs JSON vs XML
Asked Answered
G

5

46

I am wondering what serialized mechanism should we choose when dealing with object transferring over the network. What are the pros and cons ?

I know most of the time we use JSON or XML for AJAX since the transfer format are pretty much Javascript format, and plus JSON is pretty lightweight with its small footprint, therefore is Java serialization totally out of the table ?

Godliman answered 19/6, 2012 at 14:1 Comment(0)
K
41

In general the important question is which client will receive the serialized objects - browsers/JavaScript engines like (node-js), Java client, unknown/multiple clients.

JSON - JSON syntax is basically JavaScript and therefore any component with a JS engine will handle its parsing very well - even complicated data-structures will be converted to "living" objects efficiently. JSON parsers exist for practically any language and it is easy to use even when not using a JS engine, (Take Google Gson for example that is able to convert JSON into corresponding objects with ease) which makes is a good candidate for cross-language communication - for example in a messaging architecture.

XML - Shares many of JSON's benefits - cross-language, lightweight, etc. Adobe Flex for example handles XML very well, even better than JSON. It's definitely an appropriate substitute for JSON. I personally prefer JSON for its JS like syntax, but XML is also good.

Java Serialization - Should be considered only for Java-to-Java communication. An important note is that the class definitions should be on the sending and the receiving ends and often you wouldn't gain much by passing the entire object. I wouldn't rule out RMI as a communication protocol, it does simplify development. However the resulting application components will be hard coupled which will make it very difficult to replace.

One more notes - Serialization in general has its overhead. However when the communication is performed over a network the bottleneck is often the network rather than the serialization/deserialization itself.

Keyboard answered 19/6, 2012 at 14:50 Comment(2)
So will you still consider JSON or XML over java serialization when it's JAVA-to-JAVA communication ?Godliman
If all you're passing is data I would go for XML or JSON. I wouldn't go into serializing and transmitting Java objects manually. Look into Java RMI if it makes sense to have the same object definition on both ends, and in case you're interested in invoking methods on the remote object. Hope it helps.Keyboard
D
10

I think it depends. If you're sending an http request or something then JSON or XML is obviously a good choice. If you are just sending a java object over a tcp socket for some distributed algorithm or something I think the java serialization is easier/better

Dropforge answered 19/6, 2012 at 14:10 Comment(0)
W
6

While serialization over the network both XML and JSON would work. It depends on the consumer of this information.

  • If the consumer is a browser using Ajax to request some information and render something on the screen, generally JSON is the best bet as its already in Javascript object format and there is no overhead of converting to Javascript compatible objects. In fact many Ajax libs (e.g. jQuery) have good support for JSON.

  • If you consumer is another application which may or may not be in java, then XML is the prefer serialization mechanism. Web services use XML very heavily.

  • If your consumer is another Java program then definitely java serialization is preferred option (e.g. RMI). So its not out yet :-).

But yes there is blurred line between XML and JSON. What I mentioned here is the general practice. Here is a nice article putting all the aspect on XML vs JSON.

Weissberg answered 19/6, 2012 at 14:46 Comment(0)
R
4

I once attended a security engineer training, it's not recommending using Java native serialization due to some security weakness on the Java native deserialization side which can accept any (potentially injected malicious) byte streams. Also XML has a known security issue when definition/schema is not defined correctly, which is called XXE (XML Enternal Entities). It may cause "billion laugh" attack on the consuming side.

Roo answered 21/9, 2020 at 23:7 Comment(0)
V
1

I think as developer we need not take care of serialization of Response Objects. but if we consider JSON , it has decent advantanges to choose over XML.

  1. JSON Response doesnt not need encoded response unlike XML.
  2. handling and processing of JSON is faster compared to XML because its not parsed.
  3. XML response for AJAX is always encoded hence processing takes time.
  4. JSON best fits with Jquery for UI related coding and is faster.
  5. Processing huge data Eg: fetching indexing data to/from server, JSON handling is faster.
Visconti answered 19/6, 2012 at 14:14 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.