Serialization: Saving Object State

1. The Hook (The "Byte-Sized" Intro)

In a Nutshell: Serialization converts Java objects → bytes for storage/transmission. Deserialization converts bytes → objects. Implement Serializable (marker interface), use ObjectOutputStream.writeObject() and ObjectInputStream.readObject(). transient keyword excludes fields. serialVersionUID ensures compatibility.
Use cases: session persistence, caching, RMI, deep cloning.
Warning: Security risk (deserialization attacks)—prefer JSON/Protobuf for external data!

Think of freeze-drying food. Serialization = freeze-dry fresh food (object → bytes) for storage. Deserialization = add water to restore (bytes → object). transient = ingredients you don't preserve (like garnish)!

2. Conceptual Clarity (The "Simple" Tier)

💡 The Analogy

Serialization: Taking photo of 3D object (flattening to 2D)
Deserialization: 3D printing from photo (reconstructing)
transient: "Don't photograph this part"

Serialization Flow

3. Technical Mastery (The "Deep Dive")

Serializable vs Externalizable

Feature	Serializable	Externalizable
Control	Automatic	Manual (writeExternal/readExternal)
Performance	Slower	Faster (you optimize)
Ease	Simple (marker interface)	Complex
Use when	Default is fine	Need performance/custom logic

4. Interactive & Applied Code

java

import java.io.*;

public class SerializationDemo {
    public static void main(String[] args) {
        demonstrateBasicSerialization();
        demonstrateTransient();
        demonstrateSerialVersionUID();
    }
    
    // Basic serialization
    static void demonstrateBasicSerialization() {
        System.out.println("=== BASIC SERIALIZATION ===");
        String file = "user.ser";
        
        // Serialize (write object)
        User user = new User("Alice", "alice@example.com", 30);
        try (ObjectOutputStream oos = new ObjectOutputStream(
                new FileOutputStream(file))) {
            
            oos.writeObject(user);
            System.out.println("Object serialized: " + user);
        } catch (IOException e) {
            e.printStackTrace();
        }
        
        // Deserialize (read object)
        try (ObjectInputStream ois = new ObjectInputStream(
                new FileInputStream(file))) {
            
            User deserializedUser = (User) ois.readObject();
            System.out.println("Object deserialized: " + deserializedUser);
        } catch (IOException | ClassNotFoundException e) {
            e.printStackTrace();
        }
    }
    
    // Transient fields
    static void demonstrateTransient() {
        System.out.println("\n=== TRANSIENT FIELDS ===");
        String file = "account.ser";
        
        Account account = new Account("john_doe", "secret123", 1000.0);
        System.out.println("Before serialization: " + account);
        
        // Serialize
        try (ObjectOutputStream oos = new ObjectOutputStream(
                new FileOutputStream(file))) {
            oos.writeObject(account);
        } catch (IOException e) {
            e.printStackTrace();
        }
        
        // Deserialize
        try (ObjectInputStream ois = new ObjectInputStream(
                new FileInputStream(file))) {
            Account deserialized = (Account) ois.readObject();
            System.out.println("After deserialization: " + deserialized);
            // Password is null (transient field not serialized)
        } catch (IOException | ClassNotFoundException e) {
            e.printStackTrace();
        }
    }
    
    // serialVersionUID
    static void demonstrateSerialVersionUID() {
        System.out.println("\n=== SERIAL VERSION UID ===");
        System.out.println("SerialVersionUID ensures class compatibility");
        System.out.println("If class changes without updating UID:");
        System.out.println("  → InvalidClassException on deserialization!");
    }
}

// Serializable class
class User implements Serializable {
    private static final long serialVersionUID = 1L; // Version control
    
    private String name;
    private String email;
    private int age;
    
    public User(String name, String email, int age) {
        this.name = name;
        this.email = email;
        this.age = age;
    }
    
    @Override
    public String toString() {
        return "User{name='" + name + "', email='" + email + "', age=" + age + "}";
    }
}

// Class with transient field
class Account implements Serializable {
    private static final long serialVersionUID = 1L;
    
    private String username;
    private transient String password; // Won't be serialized!
    private double balance;
    
    public Account(String username, String password, double balance) {
        this.username = username;
        this.password = password;
        this.balance = balance;
    }
    
    @Override
    public String toString() {
        return "Account{username='" + username + "', password='" + password + 
               "', balance=" + balance + "}";
    }
}

// Custom serialization
class SecureUser implements Serializable {
    private static final long serialVersionUID = 1L;
    
    private String username;
    private transient String password;
    
    // Custom serialization logic
    private void writeObject(ObjectOutputStream oos) throws IOException {
        oos.defaultWriteObject(); // Serialize non-transient fields
        // Encrypt password before writing
        String encrypted = encryptPassword(password);
        oos.writeObject(encrypted);
    }
    
    private void readObject(ObjectInputStream ois) 
            throws IOException, ClassNotFoundException {
        ois.defaultReadObject(); // Deserialize non-transient fields
        // Decrypt password after reading
        String encrypted = (String) ois.readObject();
        password = decryptPassword(encrypted);
    }
    
    private String encryptPassword(String pwd) {
        return new StringBuilder(pwd).reverse().toString(); // Simple example
    }
    
    private String decryptPassword(String encrypted) {
        return new StringBuilder(encrypted).reverse().toString();
    }
}

5. The Comparison & Decision Layer

Scenario	Solution
Sensitive data	Use `transient` + custom serialization
Version changes	Update `serialVersionUID`
External APIs	Use JSON/XML (not Java serialization)
Performance critical	Implement `Externalizable`

6. The "Interview Corner" (The Edge)

The "Killer" Interview Question: "What happens if you forget serialVersionUID?" Answer: JVM auto-generates UID—class changes break compatibility!

java

// Version 1 (no UID specified)
class User implements Serializable {
    private String name;
    // JVM generates UID based on class structure
}

// Serialize object with Version 1

// Version 2 (added field)
class User implements Serializable {
    private String name;
    private int age; // ← New field!
    // JVM generates DIFFERENT UID!
}

// Deserialize → InvalidClassException (UIDs don't match!)

// ✅ SOLUTION: Explicit UID
class User implements Serializable {
    private static final long serialVersionUID = 1L;
    // Increment when incompatible changes made
}

Pro-Tip: Serialization inheritance rules:

java

// If parent NOT Serializable
class Parent {
    int x = 10;
}

class Child extends Parent implements Serializable {
    int y = 20;
}

// Only Child fields serialized!
// Parent fields reset to default on deserialization
// x = 0 (not 10!)

// ✅ Make parent Serializable too
class Parent implements Serializable {
    int x = 10;
}

1. The Hook (The "Byte-Sized" Intro)

2. Conceptual Clarity (The "Simple" Tier)

💡 The Analogy

Serialization Flow

3. Technical Mastery (The "Deep Dive")

Serializable vs Externalizable

4. Interactive & Applied Code

5. The Comparison & Decision Layer

6. The "Interview Corner" (The Edge)

Topics Covered

Tags

Last Updated