JAVA 对象转为二级制流，再转化为base64

在Java中将对象转换为二进制流再转为Base64字符串，通常涉及序列化过程。以下是几种实现方式：

1. 使用标准Java序列化

import java.io.*; import java.util.Base64; public class ObjectToBase64 { // 对象必须实现Serializable接口 static class Person implements Serializable { private String name; private int age; public Person(String name, int age) { this.name = name; this.age = age; } @Override public String toString() { return "Person{name='" + name + "', age=" + age + "}"; } } /** * 对象序列化为Base64字符串 */ public static String objectToBase64(Serializable obj) throws IOException { // 序列化对象到字节数组 ByteArrayOutputStream baos = new ByteArrayOutputStream(); try (ObjectOutputStream oos = new ObjectOutputStream(baos)) { oos.writeObject(obj); } // 将字节数组转为Base64 return Base64.getEncoder().encodeToString(baos.toByteArray()); } /** * 从Base64字符串反序列化对象 */ public static Object base64ToObject(String base64Str) throws IOException, ClassNotFoundException { // Base64解码为字节数组 byte[] data = Base64.getDecoder().decode(base64Str); // 从字节数组反序列化对象 ByteArrayInputStream bais = new ByteArrayInputStream(data); try (ObjectInputStream ois = new ObjectInputStream(bais)) { return ois.readObject(); } } public static void main(String[] args) { try { // 创建测试对象 Person person = new Person("张三", 25); // 序列化为Base64 String base64 = objectToBase64(person); System.out.println("Base64字符串: " + base64); // 反序列化 Person restoredPerson = (Person) base64ToObject(base64); System.out.println("反序列化对象: " + restoredPerson); } catch (Exception e) { e.printStackTrace(); } } }

2. 使用JSON序列化（推荐）

import com.fasterxml.jackson.databind.ObjectMapper; import java.util.Base64; public class JsonToBase64 { static class Product { private String id; private String name; private double price; // 无参构造函数 public Product() {} public Product(String id, String name, double price) { this.id = id; this.name = name; this.price = price; } // getters and setters public String getId() { return id; } public void setId(String id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; } public double getPrice() { return price; } public void setPrice(double price) { this.price = price; } } /** * 对象转Base64（JSON格式） */ public static String toBase64(Object obj) throws Exception { ObjectMapper mapper = new ObjectMapper(); byte[] jsonBytes = mapper.writeValueAsBytes(obj); return Base64.getEncoder().encodeToString(jsonBytes); } /** * Base64转对象 */ public static <T> T fromBase64(String base64Str, Class<T> clazz) throws Exception { ObjectMapper mapper = new ObjectMapper(); byte[] jsonBytes = Base64.getDecoder().decode(base64Str); return mapper.readValue(jsonBytes, clazz); } public static void main(String[] args) { try { Product product = new Product("P001", "笔记本电脑", 5999.99); // 转为Base64 String base64 = toBase64(product); System.out.println("Base64字符串: " + base64); // 从Base64恢复 Product restored = fromBase64(base64, Product.class); System.out.println("恢复的对象: " + "id=" + restored.getId() + ", name=" + restored.getName() + ", price=" + restored.getPrice()); } catch (Exception e) { e.printStackTrace(); } } }

3. 使用Apache Commons工具类

import org.apache.commons.codec.binary.Base64; import java.io.*; public class CommonsBase64Util { /** * 序列化对象到Base64字符串 */ public static String serializeToBase64(Serializable obj) throws IOException { ByteArrayOutputStream baos = new ByteArrayOutputStream(); try (ObjectOutputStream oos = new ObjectOutputStream(baos)) { oos.writeObject(obj); } return Base64.encodeBase64String(baos.toByteArray()); } /** * 从Base64字符串反序列化对象 */ public static Object deserializeFromBase64(String base64Str) throws IOException, ClassNotFoundException { byte[] data = Base64.decodeBase64(base64Str); ByteArrayInputStream bais = new ByteArrayInputStream(data); try (ObjectInputStream ois = new ObjectInputStream(bais)) { return ois.readObject(); } } }

4. 封装工具类

import java.io.*; import java.util.Base64; public class SerializationUtils { /** * 将对象序列化为Base64字符串 */ public static String serializeToBase64(Serializable object) { if (object == null) { return null; } try (ByteArrayOutputStream baos = new ByteArrayOutputStream(); ObjectOutputStream oos = new ObjectOutputStream(baos)) { oos.writeObject(object); oos.flush(); return Base64.getEncoder().encodeToString(baos.toByteArray()); } catch (IOException e) { throw new RuntimeException("序列化失败", e); } } /** * 从Base64字符串反序列化对象 */ @SuppressWarnings("unchecked") public static <T> T deserializeFromBase64(String base64Str) { if (base64Str == null || base64Str.isEmpty()) { return null; } byte[] data = Base64.getDecoder().decode(base64Str); try (ByteArrayInputStream bais = new ByteArrayInputStream(data); ObjectInputStream ois = new ObjectInputStream(bais)) { return (T) ois.readObject(); } catch (IOException | ClassNotFoundException e) { throw new RuntimeException("反序列化失败", e); } } /** * 安全的反序列化，避免反序列化漏洞 */ public static <T> T safeDeserializeFromBase64(String base64Str, Class<T> expectedClass) { if (base64Str == null || base64Str.isEmpty()) { return null; } byte[] data = Base64.getDecoder().decode(base64Str); try (ByteArrayInputStream bais = new ByteArrayInputStream(data); ObjectInputStream ois = new ObjectInputStream(bais)) { Object obj = ois.readObject(); if (expectedClass.isInstance(obj)) { return expectedClass.cast(obj); } else { throw new RuntimeException("反序列化类型不匹配"); } } catch (IOException | ClassNotFoundException e) { throw new RuntimeException("反序列化失败", e); } } }

5. 使用示例

public class Example { // 定义可序列化的类 static class User implements Serializable { private static final long serialVersionUID = 1L; private String username; private String email; private transient String password; // transient字段不会被序列化 public User(String username, String email, String password) { this.username = username; this.email = email; this.password = password; } // getters and setters } public static void main(String[] args) { // 创建对象 User user = new User("john_doe", "john@example.com", "secret123"); // 序列化为Base64 String base64 = SerializationUtils.serializeToBase64(user); System.out.println("Base64: " + base64); System.out.println("长度: " + base64.length()); // 反序列化 User restoredUser = SerializationUtils.deserializeFromBase64(base64); System.out.println("用户名: " + restoredUser.username); System.out.println("邮箱: " + restoredUser.email); System.out.println("密码: " + restoredUser.password); // 为null，因为是transient } }

注意事项

1. 安全性：Java原生序列化存在安全风险，可能被恶意利用

2. 版本兼容：序列化对象修改后，旧版本可能无法反序列化

3. 性能：JSON序列化通常比Java原生序列化更高效

4. transient字段：使用transient关键字标记的字段不会被序列化

5. serialVersionUID：建议显式定义，避免自动生成导致版本兼容问题

推荐方案

1. 网络传输或存储：推荐使用JSON + Base64

2. 本地持久化：考虑使用protobuf、Avro等二进制格式

3. 安全性要求高：避免使用Java原生序列化，使用JSON或自定义序列化

选择哪种方式取决于具体需求，JSON方式更通用、更安全，而Java原生序列化更适合Java系统间的通信。