...
| Wiki Markup |
|---|
Serialization enables the state of objects in a Java program to be captured and written out to a byte stream \[[Sun 04b|AA. Bibliography#Sun 04b]\]. This allows for the object state to be preserved so that it can be reinstated (by deserialization). Serialization also allows for Java method calls to be transmitted over a network for Remote Method Invocation (RMI). An object (called {{someObject}} in the following example) can be serialized as follows: |
| Code Block |
|---|
ObjectOutputStream oos = new ObjectOutputStream ( new FileOutputStream ("SerialOutput") ); oos.writeObject (someObject); oos.flush ( ); |
The object can be deserialized as follows:
| Code Block |
|---|
ObjectInputStream ois = new ObjectInputStream ( new FileInputStream ("SerialOutput") ); someObject = (SomeClass) ois.readObject ( ); |
Serialization captures all the fields of a class, provided the class implements the Serializable interface, including the non-public fields that are not normally accessible (unless the field is declared transient). If the byte stream to which the serialized values are written is readable, then the values of the normally inaccessible fields may be read. Moreover, it may be possible to modify or forge the preserved values so that when the class is deserialized, the values become corrupted.
...