Master Java Serialization & Deserialization: Core Concepts and Implementation

1. Basic Concepts

What are serialization and deserialization? Serialization converts a Java object into a byte sequence; deserialization restores the object from that byte sequence.

Serialization preserves an object's state for storage or network transmission, while deserialization rebuilds the object from the stored bytes.

In essence, serialization writes an object's state to an ordered byte stream; deserialization reads the stream to reconstruct the object.

Why use them? They enable persistent storage, remote communication, and inter‑process object transfer by converting objects to a portable byte format.

Permanent object storage (e.g., files or databases)

Object transmission over networks as byte streams

Inter‑process object passing

2. How Java Implements Serialization & Deserialization

JDK APIs java.io.ObjectOutputStream: provides writeObject(Object obj) to serialize an object to an output stream. java.io.ObjectInputStream: provides readObject() to deserialize bytes from an input stream back into an object.

Requirements

Only classes that implement Serializable or Externalizable can be serialized; otherwise an exception is thrown.

Serialization methods for a sample User class

If User implements only Serializable, default serialization is used.

If User implements Serializable and defines custom writeObject / readObject, those methods are invoked.

If User implements Externalizable, the class must provide writeExternal and readExternal implementations.

Serialization steps

ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("D:\\object.out"));
oos.writeObject(new User("xuliugen", "123456", "male"));

Deserialization steps

ObjectInputStream ois = new ObjectInputStream(new FileInputStream("object.out"));
User user = (User) ois.readObject();

It is crucial that the order of writes matches the order of reads.

Example diagrams

3. Important Considerations

Only the object's state is serialized; methods are not.

If a superclass implements Serializable, subclasses inherit serialization automatically.

Referenced objects are also serialized recursively.

Not all objects are serializable (e.g., those holding sockets, threads, or security‑sensitive fields).

Static and transient fields are excluded from serialization.

A serialVersionUID version identifier ensures compatibility between serialized forms and class definitions.

Many core Java classes (e.g., String, Vector) are already serializable; some (e.g., Hashtable) are not.

Serialization can be used for deep copying when an object's fields are themselves objects.

4. Summary

Java provides built‑in serialization mechanisms via ObjectOutputStream and ObjectInputStream, allowing objects to be persisted or transmitted. Understanding the underlying process, required interfaces, custom methods, and pitfalls such as non‑serializable fields or versioning is essential for reliable use.