Serialization & Deserialization in Java

Serialization and Deserialization are mechanisms in Java that allow objects to be converted to bytes and restored back to objects. They are mainly used for saving object data, transferring objects over networks, caching, and deep cloning.

What is Serialization?

Serialization is the process of converting a Java object into a byte stream.

This byte stream can then be:

• Saved to a file
• Stored in a database
• Sent over a network
• Cached
• Transferred between JVMs

Serialization allows the object’s state to be preserved.

Basic Example of Serialization

import java.io.*;

class Student implements Serializable {
    int id;
    String name;

    Student(int id, String name) {
        this.id = id;
        this.name = name;
    }
}

public class SerializeExample {
    public static void main(String[] args) {
        Student s = new Student(101, "Durgesh");

        try (ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("student.ser"))) {
            oos.writeObject(s);
            System.out.println("Object serialized successfully!");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

How to Make a Class Serializable?

To serialize an object, the class must implement:

class Student implements Serializable { }

What is Deserialization?

Deserialization is the reverse process — converting a byte stream back into an actual Java object.

This restores the object into memory with the same values that it had when serialized.

Deserialization Example

import java.io.*;

public class DeserializeExample {
    public static void main(String[] args) {
        try (ObjectInputStream ois = new ObjectInputStream(new FileInputStream("student.ser"))) {
            Student s = (Student) ois.readObject();
            System.out.println("ID: " + s.id);
            System.out.println("Name: " + s.name);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

Important Rules of Serialization

A) Fields marked transient are NOT serialized

Used for sensitive or temporary data.

transient String password;

B) Static fields are NOT serialized

Because they belong to the class, not the object.

C) Class should have a serialVersionUID

To avoid version mismatch errors.

serialVersionUID

Used to verify that a serialized object matches the class definition.

private static final long serialVersionUID = 1L;

If missing, JVM auto-generates it (not recommended).

Custom Serialization (writeObject/readObject)

You can customize how objects are serialized:

private void writeObject(ObjectOutputStream oos) throws Exception {
    oos.defaultWriteObject();
}

private void readObject(ObjectInputStream ois) throws Exception {
    ois.defaultReadObject();
}

When Serialization Fails?

• Class does not implement Serializable
• Field inside the class is not serializable (solution → mark it transient)
• serialVersionUID mismatch

Serialization Real-World Use Cases

1. Save Application State

Example: Game progress, UI state, form data.

2. Transfer Objects Over Network

Used in:

• RMI (Remote Method Invocation)
• Socket programming
• Microservices communication (legacy)

3. Store Objects in Files or Databases

Storing user profiles, logs, sessions.

4. Caching Objects

Frameworks like Ehcache store serialized objects.

5. Deep Cloning of Objects

Serialize → Deserialize → Get new copy.

Advantages of Serialization

• Easy to save/restore objects
• Helps in distributed systems
• Good for caching
• Supports deep cloning
• Works automatically using default mechanism
• Simple and easy to implement

Disadvantages of Serialization

• Slow for large objects
• Produces bigger byte streams compared to JSON/Binary protocols
• Not language-independent
• Hard to maintain across versions
• Security issues (deserialization attacks)
• Tight coupling between sender and receiver