Serialization

Wiki MarkupSerialization enables the state of objects in a Java program to be captured and written out to a byte stream \ [[Sun 04b|AA. Bibliography#Sun 04b]\]. This allows for the object state to be preserved so that it can be reinstated in the future (by deserialization). Serialization also allows for Java method calls to be transmitted over a network for Remote Method Invocation (RMI) wherein objects are marshalled (serialized), exchanged between distributed virtual machines, and unmarshalled (deserialized). Serialization is also extensively used in Java Beans.

An object can be serialized as follows:

ObjectOutputStream oos = new ObjectOutputStream(
    new FileOutputStream("SerialOutput"));
oos.writeObject( someObject);
oos.flush();

...

Serialization captures all the fields of an object , provided that its class implements the Serializable interface, including the non-public fields that are normally inaccessible, provided that the object's class implements the Serializable interface. If the byte stream to which the serialized values are written is readable, the values of the normally inaccessible fields may be readdeduced. Moreover, it may be possible to modify or forge the preserved values so that when the class is deserialized, the values become corrupted.

...

Classes that require special handling during object serialization or deserialization can implement the following methods with exactly the following signatures [API 2006]:

private void writeObject(java.io.ObjectOutputStream out) throws IOException
private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException;

...