Serialization

 The process of saving (or) writing state of an object to a file is called

serialization.

 But strictly speaking it is the process of converting an object from java

supported form to either network supported form (or) file supported form.
 By using FileOutputStream and ObjectOutputStream classes we can
achieve serialization process.
 Serialization is the process of converting object into bytes stream.

Serialized can be: Transferred over network and Persisted/Save in db.

Ex: big balloon

The object (Balloon) is not in transport supported format, so we need to

convert into transport supported format from original state, at the receiver end
we need to convert again into its original state.

// Once object have been transferred over network or persisted in file or in DB,
we could de-serialized the object and retain its state as it was serialized.

Q) What is the need of serialization?

 To send a state of an object or more objects over the n/w through
socket.
 To send the state of an object in a file.
#OOS, take object and convert into binary data, file OS (FOS) write the binary data
to file.

De-Serialization:

1. The process of reading state of an object from a file is called De-

Serialization.

2. But strictly speaking it is the process of converting an object from files

supported form (or) network supported form to java supported form.
3. By using FileInputStream and ObjectInputStream classes we can achieve
De-Serialization.

I have one object and I want to write the object to the file, binary data.
FileOutputStream by using oos.write(Object obj);

Diagram:

FIS, OIS

Example 1:
readObject(): It is used to read bytes from the persistence and to create object
from those bytes and it’s return an object which needs to be type cast to correct
type.

 Java serialization is done by ObjectOutPutStream class.

Note:

1. We can perform Serialization only for Serializable objects.

2. An object is said to be Serializable if and only if the

corresponding class implements Serializable interface.
3. Serializable interface present in java.io package and does not
contain any methods. It is marker interface. The required ability
will be provided automatically by JVM.
4. We can add any no. Of objects to the file and we can read all those
objects from the file but in which order we wrote objects in the same
order only the objects will come back. That is order is important.
5. If we are trying to serialize a non-serializable object then we
will get RuntimeException saying "NotSerializableException".

Example 2:
#Transient Keyword:

1. Transient is the modifier applicable only for variables.

2. While performing serialization if we don't want to save the value of a

particular variable to meet security constraint such type of variable, then
we should declare that variable with "transient" keyword.

3. At the time of serialization JVM ignores the original value of transient

variable and save default value to the file.
4. That is transient means “no to serialize”.

Note:

 While saving the data in file, maybe we have sensitive data.

 If we don’t want to store, save the value of a particular variable to meet
security constraint.
 If we declare a variable as transient what will happen, at the time of
serialization JVM will check if any variable is transient or not, if the variable is
transient, JVM ignore original value and save default value to the file.

Static VS Transient:

1. Static variable is not part of object state hence they won't participate
in serialization because of this declaring a static variable as transient
there is no use. Serialization applicable on object.
 2. If it is participating JVM will ignore original value and store default
value.
(Static variable created at the time of class loading.
//j will be created at the time of class loading. Static is related to class, No way
related to object.
10 ---> Coming from the file,
20 ---> coming from class level method area.

Transient VS Final: (means constant)

1. Final variables will be participated into serialization directly by their

values. Hence declaring a final variable as transient there is no use.
2. At the time of compile only final variable will be replaced with the
value. At runtime, final variable not in variable form.
//the compiler assigns the value to final variable

Final int a=10;

Int b=20;
Sop(a); // Compile time (10) always 10.
Sop(b): // SOP(b); // Not always 20.
//After seeing variable in No form JVM will not check whether it is transient or
not.
If a will be not change at runtime, so at the compile time a will be replaced by
10.
// every final variable, will be participated in serialization directly by value.

Example 3:

O/P: 1 ------ 10
Table:

Note:

We can serialize any no of objects to the file but in which order we serialized in the
same order only we have to de-serialize. If we don’t follow order then
ClassCastException.

Example:
If we don’t know order of the objects:

Example:

Object graph in Serialization:

1. Whenever we are serializing an object the set of all objects which are
reachable from that object will be serialized automatically. This group of
objects is nothing but object graph in serialization.

2. In object graph every object should be Serializable otherwise we will get

runtime exception saying"NotSerializableException".
Example:

//Explicitly I created one object, but internally 3 objects got created.

// whenever we serialized d object, the set of all object which are reachable from
the object will be serialized automatically cat, rat object will be serialized because
dog have Cat, Cat have the Rat, Rat have j so J=20.
  In the above example whenever we are serializing Dog object
automatically Cat and Rat objects will be serialized because these are
part of object graph of Dog object.

 Among Dog, Cat, Rat if at least one object is not serializable then we
will get runtime exception saying "NotSerializableException".

Diagram:
#Customized Serialization:

During default Serialization there may be a chance of loose of information

due to transient keyword. (Ex : mango ,money , box).

Example:
Diagram:
  In the above example before serialization Account object can provide
proper username and password. But after Deserialization Account object
can provide only username bur not password. This is due to declaring
password as transient. Hence doing default serialization there may be a
chance of loss of information due to transient keyword.

 We can recover this loss of information by using customized serialization.

We can implements customized serialization by using the following two methods.

1. private void writeObject(ObjectOutputStream oos) throws Exception.

This method will be executed automatically by JVM at the time of

serialization. It is a callback method. Hence at the time of serialization if
we want to perform any extra work we have to define that in this
method only.

(Prepare encrypted password and write encrypted password separate to

the file)
2. private void readObject(ObjectInputStream ois) throws Exception.

This method will be executed automatically by JVM at the time of

Deserialization. Hence at the time of Deserialization if we want to
perform any extra activity we have to define that in this method only.
(Read encrypted password , perform decryption and assign decrypted
password to the current object password variable )

Example: Demo program for customized serialization to recover loss of information

which is happen due to transient keyword.
Diagram:
  To recover loss of info, because of transient keyword, we should go for
customized Serialization.

At the time of Account object serialization JVM will check is there any
writeObject() method in Account class or not. If it is not available then JVM is
responsible to perform serialization (default serialization). If Account class
contains writeObject() method then JVM feels very happy and executes that
Account class writeObject() method. The same rule is applicable for readObject()
method also.

Serialization with respect to Inheritance:

 If parent class implements Serializable then automatically every child

class by default implements Serializable. That is Serializable nature is
inheriting from parent to child.

 Hence even though child class doesn't implements Serializable , we can

serialize child class object if parent class implements serializable interface

Parent Implements Serializable < -------------- Child

Example:
Even though Dog class does not implement Serializable interface explicitly but
we can Serialize Dog object because its parent class animal already implements
Serializable interface.

(Generic Servlet ---> Serializable )

Note: Object class doesn't implement Serializable interface. If serializable then all
class in java implements serializable, if the serializable, then all class in java
implements serializable.

Parent <---------- Child implements Serializable

Case 2:

1. Even though parent class does not implements Serializable we can

serialize child object if child class implements Serializable interface.

2. At the time of serialization JVM ignores the values of instance variables

which are coming from non Serializable parent then instead of original
value JVM saves default values for those variables to the file.
3. At the time of Deserialization JVM checks whether any parent class is non
Serializable or not. If any parent class is non-Serializable JVM creates a
 separate object for every non Serializable parent and shares its instance
variables to the current object.
4. To create an object for non-serializable parent JVM always calls no-arg
constructor(default constructor) of that non Serializable parent hence
every non Serializable parent should compulsory contain no arg
constructor otherwise we will get runtime exception
"InvalidClassException" .
5. If non-serializable parent is abstract class then just instance control flow
will be performed and share it's instance variable to the current object

Diagram:

// While executing instance variable flow of non-Serialization parent, compulsory

JVM will call no-arg constructor. (Default constructor (no-arg))

Instance Control-Flow: (JVM is responsible)

1) Identification of instance method

 2) Execution of instance variable, assignment and instance blocks.
3) Execution of constructor (no-arg Constructor compulsory) (Invalid Class Cast
Exception)

#Externalization:

1. In default serialization everything takes care by JVM and programmer

doesn't have any control.

2. In serialization total object will be saved always and it is not possible to

save part of the object, which creates performance problems at certain
point.
3. To overcome these problems we should go for externalization where
everything takes care by programmer and JVM doesn't have any control.
4. The main advantage of externalization over serialization is we can save
either total object or part of the object based on our requirement.
5. To provide Externalizable ability for any object compulsory the
corresponding class should implements externalizable interface.
6. Externalizable interface is child interface of serializable interface.
7. If we will go for transient, then also same default value will be store.

Externalizable Interface defines 2 methods:

1. writeExternal( )

2. readExternal( )

public void writeExternal(ObjectOutput out) throws IOException

  This method will be executed automatically at the time of
Serialization with in this method; we have to write code to save
required variables to the file.

public void readExternal(ObjectInput in) throws IOException ,

ClassNotFoundException

 This method will be executed automatically at the time of deserialization

with in this method , we have to write code to save read required variable
from file and assign to the current object
 At the time of deserialization JVM will create a separate new object by
executing public no-arg constructor on that object JVM will call
readExternal() method.
 Every Externalizable class should compulsory contains public no-arg
constructor otherwise we will get RuntimeExcepion saying
"InvaidClassException"

Example:
1. If the class implements Externalizable interface then only part of the
object will be saved in the case output is

public no-arg constructor

ashok ---- 10 ----- 0

2. If the class implements Serializable interface then the output is ashok --- 10
--- 20
3. In externalization transient keyword won't play any role, hence
transient keyword not required.
Difference between Serialization & Externalization:

SerialVersionUID:

 To perform Serialization & Deserialization internally JVM will use a unique

identifier, which is nothing but serialVersionUID .
  At the time of serialization JVM will save serialVersionUID with object.
 At the time of Deserialization JVM will compare serialVersionUID and if it
is matched then only object will be De-serialized otherwise we will get
RuntimeException saying "InvalidClassException".

The process in depending on default serialVersionUID are:

1. After Serializing object if we change the .class file then we can't

perform deserialization because of mismatch in serialVersionUID of
local class and serialized object in this case at the time of
Deserialization we will get RuntimeException saying in
"InvalidClassException".

2. Both sender and receiver should use the same version of JVM if there any
incompatibility in JVM versions then receive enable to deserializable
because of different serialVersionUID , in this case receiver will get
RuntimeException saying "InvalidClassException" .
3. To generate serialVersionUID internally JVM will use complex Algorithm
which may create performance problems.

We can solve above problems by configuring our own serialVersionUID

/* At the time of serialization with every object, sender side JVM will save one
Unique ID, at the time of de-Serialization receives side JVM will compare that
object UNIQUE ID with local UNIQUE ID, if both are match, de-serialization will be
happen if not match ‘InvalidClassException’.

// suppose, we have a class which you serialized it and stored in persistence and
later modified that class to add a new field. What will happen if you de-
serialization the object already serialization.

Ans: It’s dependent on whether class has its own serialVersion ID or not.

we can configure serialVersionUID as follows :

private static final long serialVersionUID = 1L;

Example:
Diagram:
In the above program after serialization even though if we perform any change to
Dog.class file, we can de-serialize object.

 At the time of serialization with every object, sender side JVM will save
one unique ID, at the time of de-serialization receives side JVM will
compare that object with unique ID with local class unique ID, if both
are match, de-serialization will be happen. If not match
“InvalidClassException”.

We if configure our own serialVersionUID both sender and receiver not

required to maintain the same JVM versions.

Note: some IDE's generate explicit serialVersionUID

Suppose, we have a class which you serialized it and stored in persistent and later
modified that class to add a new field. What will happen if you de-serialized the
object already serialized.

Ans: It’s depends on whether class has its, own serial version ID or not.
 Interview Questions

Q) While serializing you want some of the members not to serialize? How do you
achieve it?

Q) What will happen if one of the members in the class doesn’t implement
Serializable interface?

Q) If a class is serializable but its super class in not what will be the state of the
instance variables inherited from super class after de-Serialization.

Q) Can you customize Serialization process or can you override default Serialization
process in java?

Q) Suppose super class of a new class implement Serializable interface, how can
you avoid new class to being serialized?

Q) Which methods are used during Serialization and De-Serialization process in

java?

Q) Suppose you have a class which you serialized it and stored in persistence and
later modified that class to add a new field. What will happen if you De-
Serialization the object already serialized?

Q) What are the compatible changes and incompatible changes in Java Serialization
Mechanism?

Q) Can we transfer a Serialized object vie network?

Q) Which kind of variables is not serialized during Java Serialization?

Q) Impact of not defining SerialVersionUID in class?

serialVersionUID is used for version control of object.

If we  don’t define serialVersionUID in the class, and any modification is made in
class, then we won’t be able to deSerialize our class because serialVersionUID
generated by java compiler for modified class will be different from old serialized
object. And deserialization process will end up throwing
java.io.InvalidClassException  (because of serialVersionUID mismatch)

Let’s frame another question by twisting few words in it.

If you have serialized a class & then added few fields in it and then deserialize already
serialized version of class, how can you ensure that you don’t end up throwing
InvalidClassException?
>Simply we need to define serialVersionUID in class.

When we Deserialize class ( class which has been modified after Serialization and
also class doesn’t declare SerialVersionUID) InvalidClassException is thrown.

When we Deserialize class ( class which has been modified after Serialization and
also class declare SerialVersionUID) its gets DeSerialized successfully.

Q) What if Serialization is not available?

>We can can convert JSON to transfer the object. JSON is helpful in stringifying and
de stringifying object.
>Hibernate (ORM tool) helps in persisting object as it in database and later we can
read persisted object.
>We can convert object into XML (as done in web services) and transfer object over
network

Transient Variables:

Serialization is not applicable on transient variables (it helps in saving time and space
during Serialization process), we must mark all rarely used variables as transient.
We can initialize transient variables during deSerialization by customizing
deSerialization process
Q) What will happen if we have used List, Set and Map as member of class?
ArrayList, HashSet and HashMap implements Serializable interface, so if we will use
them as member of class they will get Serialized and DeSerialized as well.

Q) Is constructor of class called during DeSerialization process?

* primitive types are part of serialization process.

Q) How you can avoid Deserialization process creating another instance of

Singleton class (Important)?

We can simply use readResove() method to return same instance of class, rather
than creating a new one.
private Object readResolve() throws ObjectStreamException {
      return INSTANCE;
 }

Q) What are the ways to speed up Object Serialization? How to improve

Serialization performance?

What would happen if the SerialVersionUID of an object is not defined?

If you don't define serialVersionUID in your serilizable class, Java compiler will make
one by creating a hash code using most of your class attributes and features. When
an object gets serialized, this hash code is stamped on the object which is known as
the SerialVersionUID of that object. This ID is required for the version control of an
object. SerialVersionUID can be specified in the class file also. In case, this ID is not
specified by you, then Java compiler will regenerate a SerialVersionUID based on
updated class and it will not be possible for the already serialized class to recover
when a class field is added or modified. Its recommended that you always declare a
serialVersionUID in your Serializable classes.