Serialization and Deserialization in Java with Examples

Serialization and deserialization are key concepts in Java. They help you save the state of an object and then recreate it later. This process helps you store object data or send it across networks.

This guide helps you understand Java serialization and deserialization. You will learn how to use them effectively in your projects.

What is Serialization in Java?

Serialization in Java is the process of converting an object state into a byte stream. You can then store this byte stream in a file or transmit it over a network. This makes objects persistent.

Serialization helps you save object data. Imagine you have an object holding user settings. You can serialize this object to a file. When the user opens your application again, you deserialize the object. This restores the user settings.

Serialization also helps in distributed systems. You can send objects between different Java Virtual Machines (JVMs). This allows applications on separate machines to share complex data.

Learn Java from scratch with this comprehensive Java course, covering everything from fundamentals like variables and control structures to advanced object-oriented programming concepts such as classes, inheritance, and polymorphism.

How Serialization Works

The java.io.Serializable interface is the core of serialization. Your class must implement this marker interface to be serializable. A marker interface has no methods to implement. It simply tells the JVM that objects of this class can be serialized.

You use the ObjectOutputStream class to serialize objects. This class writes Java objects to an output stream.

Here is how you serialize an object:

  • Create a class that implements Serializable. This tells Java the object can be converted to bytes.
  • Create an ObjectOutputStream. This stream handles writing objects.
  • Call writeObject() on the ObjectOutputStream. Pass the object you want to serialize.

Step-by-Step Example: Serializing an Object

Let us say you have a Student class. You want to save student data.

1. Create the Student Class:

import java.io.Serializable;public class Student implements Serializable {
    private String name;
    private int age;
    private transient String secretPassword; // This field will not be serialized

    public Student(String name, int age, String secretPassword) {
        this.name = name;
        this.age = age;
        this.secretPassword = secretPassword;
    }

    public String getName() {
        return name;
    }

    public int getAge() {
        return age;
    }

    // You will not have a getter for secretPassword to emphasize transient
}

Notice the transient keyword for secretPassword. This tells the JVM to ignore this field during serialization. This is useful for sensitive data or data that can be recomputed.

2. Serialize the Student Object:

import java.io.FileOutputStream;import java.io.ObjectOutputStream;import java.io.IOException;public class SerializeStudent {
    public static void main(String[] args) {
        Student student = new Student("Alice", 20, "mySecurePass");

        try (FileOutputStream fileOut = new FileOutputStream("student.ser");
             ObjectOutputStream out = new ObjectOutputStream(fileOut)) {

            out.writeObject(student);
            System.out.println("Student object serialized successfully.");

        } catch (IOException i) {
            i.printStackTrace();
        }
    }
}

This code creates a Student object. It then writes the object to a file named student.ser. The try-with-resources statement ensures streams close automatically.

What is Deserialization in Java?

Deserialization is the reverse process of serialization. It converts a byte stream back into an object. This reconstructs the object in memory.

How Deserialization Works

You use the ObjectInputStream class to deserialize objects. This class reads Java objects from an input stream.

Here is how you deserialize an object:

  • Create an ObjectInputStream. This stream handles reading objects.
  • Call readObject() on the ObjectInputStream. This method reads the serialized object.
  • Cast the result to the original object type.

Step-by-Step Example: Deserializing an Object

Now, let us read the Student object back from the student.ser file.

import java.io.FileInputStream;import java.io.ObjectInputStream;import java.io.IOException;import java.lang.ClassNotFoundException;public class DeserializeStudent {
    public static void main(String[] args) {
        Student student = null;

        try (FileInputStream fileIn = new FileInputStream("student.ser");
             ObjectInputStream in = new ObjectInputStream(fileIn)) {

            student = (Student) in.readObject();
            System.out.println("Student object deserialized successfully.");

            System.out.println("Name: " + student.getName());
            System.out.println("Age: " + student.getAge());
            // System.out.println("Secret Password: " + student.getSecretPassword()); // This would be null

        } catch (IOException i) {
            i.printStackTrace();
            return;
        } catch (ClassNotFoundException c) {
            System.out.println("Student class not found.");
            c.printStackTrace();
            return;
        }
    }
}

This code reads the student.ser file. It then casts the read object back to a Student type. You can then access its data. Notice that the secretPassword field is not available because it was marked transient.

Best Practices for Serialization

Use serialVersionUID

Implement serialVersionUID in your Serializable classes. This static final long field identifies the version of your serialized class. When you deserialize an object, the JVM compares the serialVersionUID of the class with the one in the serialized data. If they differ, it throws an InvalidClassException. This prevents compatibility issues when you change your class.

You can generate a serialVersionUID using your IDE or a command-line tool.

public class Student implements Serializable {
    private static final long serialVersionUID = 1L; // Example serialVersionUID
    private String name;
    private int age;
    private transient String secretPassword;

    // ... constructors and methods
}

Use transient Keyword

Use the transient keyword for fields you do not want to serialize. This includes sensitive data (like passwords) or data that can be recomputed (like a calculated average). This saves space and improves security.

Consider Alternatives

Serialization has some limitations. It can be fragile if class structures change frequently. It also tightly couples the sender and receiver.

Consider alternatives for complex scenarios:

  • JSON (Jackson, GSON): These libraries offer flexible and human-readable data formats. They are language-agnostic.
  • Protocol Buffers (Google): These are language-neutral, platform-neutral, and extensible mechanisms for serializing structured data. They are efficient for performance-critical applications.
  • Externalizable Interface: For more control over the serialization process, implement the Externalizable interface. This allows you to define custom read and write methods.

Avatar photo
Great Learning Editorial Team
The Great Learning Editorial Staff includes a dynamic team of subject matter experts, instructors, and education professionals who combine their deep industry knowledge with innovative teaching methods. Their mission is to provide learners with the skills and insights needed to excel in their careers, whether through upskilling, reskilling, or transitioning into new fields.

Academy Pro Subscription

Grab 50% off
on Top Courses - Free Trial Available

×
Scroll to Top