BestHub
Sign in
Backend Development 14 min read

Mastering Java Serialization: From Basics to Advanced Pitfalls

This article explores Java's serialization mechanism in depth, covering its history, the Serializable and Externalizable interfaces, practical code examples, the impact of static and transient fields, serialVersionUID nuances, and common pitfalls to help developers write robust, version‑compatible Java code.

Java Backend Technology
Java Backend Technology
Java Backend Technology
Mastering Java Serialization: From Basics to Advanced Pitfalls

For a long time I only knew the shallow rule that a class must implement the Serializable interface to be serialized, but curiosity drove me to explore the inner workings of Java serialization.

01. Theory

Java serialization was introduced in JDK 1.1 to convert objects into byte arrays for storage or transmission, and later reconstruct them back into objects. The idea is to "freeze" an object's state for persistence or network transfer, then "thaw" it during deserialization.

The Serializable interface is empty; its presence merely marks a class as eligible for serialization.

public interface Serializable {
}

02. Practical Example

We create a simple class with two fields and their getters/setters, then serialize and deserialize it using ObjectOutputStream and ObjectInputStream.

class Wanger {
    private String name;
    private int age;

    public String getName() { return name; }
    public void setName(String name) { this.name = name; }
    public int getAge() { return age; }
    public void setAge(int age) { this.age = age; }
}
public class Test {
    public static void main(String[] args) {
        // Initialize
        Wanger wanger = new Wanger();
        wanger.setName("王二");
        wanger.setAge(18);
        System.out.println(wanger);

        // Serialize
        try (ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("chenmo"))) {
            oos.writeObject(wanger);
        } catch (IOException e) {
            e.printStackTrace();
        }

        // Deserialize
        try (ObjectInputStream ois = new ObjectInputStream(new FileInputStream(new File("chenmo")))) {
            Wanger wanger1 = (Wanger) ois.readObject();
            System.out.println(wanger1);
        } catch (IOException | ClassNotFoundException e) {
            e.printStackTrace();
        }
    }
}

Because Wanger does not implement Serializable, the program throws java.io.NotSerializableException.

03. Important Notes

Fields marked static or transient are not serialized. Adding them to the class demonstrates their behavior:

class Wanger implements Serializable {
    private static final long serialVersionUID = -2095916884810199532L;
    private String name;
    private int age;
    public static String pre = "沉默";
    transient String meizi = "王三";
    @Override
    public String toString() {
        return "Wanger{" + "name=" + name + ",age=" + age + ",pre=" + pre + ",meizi=" + meizi + "}";
    }
}

After serialization, modifying pre changes the deserialized object's value, while meizi becomes null because it is transient.

04. Advanced: Externalizable

Besides Serializable, Java provides Externalizable, which requires explicit implementation of writeExternal and readExternal. The class must also have a public no‑arg constructor.

class Wanger implements Externalizable {
    private String name;
    private int age;
    public Wanger() {}
    @Override
    public void writeExternal(ObjectOutput out) throws IOException {
        out.writeObject(name);
        out.writeInt(age);
    }
    @Override
    public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {
        name = (String) in.readObject();
        age = in.readInt();
    }
    @Override
    public String toString() { return "Wanger{" + "name=" + name + ",age=" + age + "}"; }
}

Without proper writeExternal / readExternal implementations, deserialization yields default field values.

05. SerialVersionUID Tips

The serialVersionUID field determines compatibility between serialized data and class definitions. Changing its value causes InvalidClassException during deserialization.

private static final long serialVersionUID = 1L; // simple stable ID

Using @SuppressWarnings("serial") generates a random ID, which can also break compatibility.

06. Summary

Java serialization, though seemingly simple, involves many subtle details: the role of marker interfaces, the effect of static and transient modifiers, the importance of a consistent serialVersionUID, and the alternative Externalizable approach for full control.

Serialization before: Wanger{name=王二,age=18} Serialization after: Wanger{name=王二,age=18}
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

JavaserializationserializablestatictransientserialVersionUIDExternalizable
Java Backend Technology
Written by

Java Backend Technology

Focus on Java-related technologies: SSM, Spring ecosystem, microservices, MySQL, MyCat, clustering, distributed systems, middleware, Linux, networking, multithreading. Occasionally cover DevOps tools like Jenkins, Nexus, Docker, and ELK. Also share technical insights from time to time, committed to Java full-stack development!

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment