Java / Java Serialization
Java serialization is the process by which Java objects are serialized by storing object's state into a file with extension .ser. Restoring object's state from that file is called deserialization.
Object Serialization converts Java object into a binary format which can be persisted to disk or sent over network to other JVM.
Implement java.io.Serializable interface in the Java class and JVM will allow to serialize its objects in default serialization format.
Externalizable provides writeExternal() and readExternal() methods which gives flexibility to override java serialization mechanism instead of using on default serialization.
Externalizable Interface allows us to control serialization mechanism which may help improve application performance.
Yes. It has no methods.
Yes, a Serialized object can be transmitted via the network as Java serialized object remains in form of bytes. Serialized objects can also be stored in Disk or database as Blob.
Static and transient variables cannot be serialized.
Every time an object is serialized the Java serialization mechanism automatically computes a hash value called serialVersionUID. ObjectStreamClass's computeSerialVersionUID() method passes the class name, sorted member names, modifiers, and interfaces to the secure hash algorithm (SHA), which returns a hash value.The serialVersionUID is also called suid.
No. Serializable interface is a marker interface.
Transient variables are not included in the serialization and are not the part of the object's serialized state. A transient variable can be created by specifying transient keyword.
The static variables are class level variables and are not the part of the object state so they are not saved as the part of serialized object.
No. It has two methods readExternal and writeExternal to be implemented.
At runtime NotSerializableException is thrown when try to serialize the class when one of the members does not implement serializable interface.
When the parent implements serializable then the child Class also be serializable although it doesn't implement Serializable interface.
As a workaround, implement writeObject() and readObject() method in the child class and throw NotSerializableException from those methods.
Adding new field or method is a compatible change and changing class hierarchy or UN-implementing Serializable interface are non compatible changes.
Java serialzation performance directly rely on the number and size of attributes in the Java object. To improve the performance,
- Mark the unwanted or non Serializable attributes as transient.
- Save only the state of the object, not the derived attributes.Some times, serializing them can be expensive.
- Serialize attributes only with NON-default values.
- Use Externalizable interface and implement the readExternal and writeExternal methods to dynamically identify the attributes to be serialized.
Use of transient keyword enables selective attribute serialization, however, use of Externalizable interface can be really effective in some cases when you have to serialize only some dynamically selected attributes of a large object.
Saving object state to database using ORM tools,
Xml based data transfer,
and JSON Data Transfer.
All standard implementations of collections List, Set and Map interface already implement java.io.Serializable. However ensure all the objects added in collection are Serializable as well.
Adding a new field will not affect serialization. The newly added field will be set to its default values when the object of an older version of the class is unmarshaled.
Changes In access modifiers such as private, public, protected or default is compatible since they are not reflected in the serialized object stream.
Changing a transient field to a non-transient field, static to non-static are compatible changes.
Adding or removing writeObject()/readObject() methods.
Changing implementation from Serializable to Externalizable interface,
Deleting an existing Serializable field,
Changing non-transient field to transient, non-static to static,
Changing the field type,
Updating the class package.
Modifying the writeObject() / readObject() method, we must not modify these methods, though adding or removing is a compatible change.
Java Serialization is done by java.io.ObjectOutputStream class, a filter stream which is wrapped around a lower-level byte stream to handle the serialization mechanism. To store any object via serialization mechanism we call ObjectOutputStream.writeObject(saveThisobject) and to deserialize that object we call ObjectInputStream.readObject() method.
It will be set to its default value. For example, an int transient variable will be set to zero.
Declaring a serialVersionUID field in a Java class saves CPU time the first time the JVM process serializes a given Class. However the performance gain is not very significant, In case when you have not declared the serialVersionUID its value is computed by JVM once and subsequently kept in a soft cache for future use.
If the class implements Serializable, the constructor is not called during deserialization process. However, if the class implements Externalizable, the constructor is called during deserialization process.
There are 3 ways to create a serialVersionUID value.
Using serialVer command bundled with JDK, pass the serializable class name as command parameter to get its version identifier.
Using Eclipse IDE, hover at the class and from the context menu choose Add default serial version ID, or Add generated serial version ID.
Assign your own value and postfix with 'L'.
private static final long serialVersionUID = 19L;
| Serializable | Externalizable |
| Serializable has its own default serialization process, we just need to implement Serializable interface. We can customize default serialization process by defining following methods in our class, readObject() and writeObject(). Note: We are not overriding these methods, we are defining them in our class. | Override writeExternal() and readExternal() for serialization process to happen when implementing Externalizable interface. |
| This is a marker interface, does not have any methods. | This has 2 methods readExternal and writeExternal, hence it is not a marker interface. |
| Constructor is not called during deSerialization. | Constructor is called during deSerialization. |
Yes, all the primitive data types are part of serialization.
If the serialVersionUID is not defined, then after any modification made in class, we won?t be able to deSerialize existing objects for same class because serialVersionUID generated by Java compiler for the modified class will be different from the old serialized object. Deserialization process will fail by throwing java.io.InvalidClassException.
If superclass implements Serializable - constructor is not called while if the superclass doesn't implement Serializable - constructor is called during DeSerialization process of child class.
For Serializable and Externalizable classes, the readResolve method allows a class to replace/resolve the object read from the stream before it is returned to the caller. By implementing the readResolve method, a class can directly control the types and instances of its own instances being deserialized. This method is called when ObjectInputStream has read an object from the stream and is preparing to return it to the caller.
For serializable objects, the readObject method allows a class to control the deserialization of its own fields and held responsible for restoring the state of the class.
Use readResolve method to return the same instance of a class, rather than creating a new instance.
Yes, it is limited by the amount of memory your JVM can allocate to the creation and maintenance of your object. As for writing it out to disk, it is limited by the maximum file size of the underlying OS. Linux, as an example, has a 2GB limit on one file.
If the third party class is not final you could just extend it, have that implement Serializable and write your own writeObject and readObject methods.
The serialization process performance heavily depends on the number and size of attributes of the object to be serialized. Below are some tips to speed up the marshaling and un-marshaling of objects during Java serialization process.
- Mark the unnecessary or non Serializable attributes as transient. Eliminate unwanted properties to be serialized. Save only the state of the object, not the derived attributes.
- Serialize attributes only with NON-default values.
- Use Externalizable interface and implement the readExternal and writeExternal methods to dynamically identify the attributes to be serialized.
The readResolve method is called when ObjectInputStream has read an object from the stream and is preparing to return it to the caller. ObjectInputStream checks whether the class of the object defines the readResolve method. If the method is defined, the readResolve method is called to allow the object in the stream to designate the object to be returned. The object returned should be of a type that is compatible with all uses. If it is not compatible, a ClassCastException will be thrown when the type mismatch is discovered.
