Welcome!

Java Authors: Lori MacVittie, JP Morgenthal, Ivan Antsipau, Esmeralda Swartz, Trevor Parsons

Related Topics: Java

Java: Article

Java Serialization

Lesson 7, Java Basics

In lessons 5 and 6 of this series, you've learned how to use some of the Java streams to read or write bytes, characters or numeric data. This lesson is about reading or writing entire Java objects into streams.

Let's say your application uses a class that looks like this:

class Employee {
 String lName;
 String fName;
 double salary;
 java.util.Date hireDate;
 String address;
}

Now consider the following scenario: a program HeadQuarterEmpProcessor creates an instance of the object Employee. The values of its attributes (object's state) have to be saved in a file or some other stream. Later on, another program called BranchEmpProcessor needs to recreate the instance of this object Employee in memory.

We could have done it by using one of the streams like DataOutputStream, FileWriter or others. In this case both programs would need to know a format of the saved file (data types, order of the attributes and delimiters). Luckily, Java offers a more elegant way called object serialization, which greatly simplifies the process of objects exchange.

To send the entire object to a stream a program can use the class java.io.ObjectOutputStream, while the class java.io.ObjectInputStream knows how to get an object from a stream. To serialize an object means to convert it into a set of bytes and send it to a stream. To deserialize and object means to read these bytes from a stream and recreate the instance of the received object.

How to Make a Class Serializable

To make a class serializable, just declare that this class implements the interface Serializable:

class Employee implements java.io.Serializable {
 String lName;
 String fName;
 double salary;
 java.util.Date hireDate;
 String address;
}

The good news is that Serializable interface does not force you to implement any methods, that's why modification of the class Employee was minimal.

All attributes of the class Employee must have either primitive data types, or represent objects that are also serializable.

How to Serialize an Object

To serialize an object into a stream perform the following actions:

  • Open one of the output streams, for example FileOutputStream
  • Chain it with the ObjectOutputStream
  • Call the method writeObject() providing the instance of a Serializable object as an argument.
  • Close the streams

    The following example performs all these steps and creates a snapshot of the object Employee in the file called NewEmployee.ser

    import java.io.*;
    import java.util.Date;
    
    public class HeadQuarterEmpProcessor {
    
     public static void main(String[] args) {
    	Employee emp = new Employee();
    	emp.lName = "John";
    	emp.fName = "Smith"; 
    	emp.salary = 50000;
          emp.address = "12 main street";
          emp.hireDate = new Date(); 
        
          FileOutputStream fOut=null;
          ObjectOutputStream oOut=null;
    	   
          try{
           fOut= new FileOutputStream("c:\\NewEmployee.ser");
    	 oOut = new ObjectOutputStream(fOut);
    	 oOut.writeObject(emp);  //serializing employee
    	 System.out.println(
            "An employee is serialized into c:\\NewEmployee.ser");
          }catch(IOException e){
    	  e.printStackTrace(); 
          }finally{
      	  try {
    	    oOut.flush();
    	    oOut.close();
    	    fOut.close();
    	  } catch (IOException e1) {
    	   e1.printStackTrace();
    	  }
    	}
        }
    }
    

    If you do not want to serialize sensitive information such as salary, declare this variable using the keyword transient:

    transient double salary;

    The values of static and transient member variables are not serialized.

    How to Deserialize an Object

    To deserialize an object, perform the following steps:

  • Open an input stream
  • Chain it with the ObjectInputStream
  • Call the method readObject() and cast the returned object to the class that is being deserialized.
  • Close the streams

    The next example reads our file NewEmployee.ser and recreates the instance of the object Employee:

    import java.io.*;
    
    public class BranchEmpProcessor {
    
      public static void main(String[] args) {
       FileInputStream fIn=null;
       ObjectInputStream oIn=null;
    	   
       try{
        fIn= new FileInputStream("c:\\NewEmployee.ser");
        oIn = new ObjectInputStream(fIn);
       
        //de-serializing employee
        Employee emp = (Employee) oIn.readObject();
    				 
        System.out.println("Deserialized " + emp.fName + " " 
                     + emp.lName + " from NewEmployee.ser ");
       }catch(IOException e){
    	  e.printStackTrace(); 
       }catch(ClassNotFoundException e){
            e.printStackTrace(); 
       }finally{
    	try {
            oIn.close();
    	  fIn.close();
    	} catch (IOException e1) {
    	  e1.printStackTrace();
    	}
       }
     }
    }
    

    The class BranchEmpProcessor will produce the following output:

    Deserialized Smith John from NewEmployee.ser

    Please note that we did not explicitly created an instance of the object Employee - JVM did it for us. Make sure that definition of the class Employee is available to JVM that reads the stream. In distributed applications it usually runs on a remote machine.

    During the process of deserialization all transient variables will be initialized with default values according to their type, for example, integer variables will have the value of zero.

    Interface Externalizable

    The method writeObject() sends all attributes of an object into a stream. This could lead to unnecessary large object footprint, especially if you need to serialize the values only of some of the instance variables. Java provides Externalizable interface that gives you more control over what is being serialized and it can produce smaller object footprint.

    Externalizable interface is a subclass of Serializable.

    This interface defines 2 methods: readExternal() and writeExternal() and you have to implement these methods in the class that will be serialized (Employee). In these methods you'll have to write code that reads/writes only the values of the attributes you are interested in. Programs that perform serialization and deserialization have to write and read these attributes in the same sequence.

    The following class Employee2 serializes only the values of the last name and salary.

    import java.io.ObjectOutput;
    import java.io.ObjectInput;
    class Employee2 implements Externalizable {
     String lName;
     String fName;
     double salary; 
     java.util.Date hireDate;
     String address;
     
      public void writeExternal(ObjectOutput stream)
      				 throws java.io.IOException {
      // Serializing only salary and last name  
       stream.writeDouble(salary); 
       stream.writeUTF(lName);  // String encoded in UTF-8 format
      }
    
     public void readExternal(ObjectInput stream)
     				 throws java.io.IOException {
          salary = stream.readDouble();  
    	  lName  = stream.readUTF();
     }
    
    }
    

    The class HeadQuaterEmpProcessor2 shows how to externalize the object Employee2:

    import java.io.*;
    import java.util.Date;
    
    public class HeadQuarterEmpProcessor2 {
    
    	public static void main(String[] args) {
    		Employee2 emp = new Employee2();
    		emp.fName = "John";
    		emp.lName = "Smith"; 
    		emp.salary = 50000;
    	    emp.address = "12 main street";
    	    emp.hireDate = new Date(); 
        
    	   FileOutputStream fOut=null;
    	   ObjectOutputStream oOut=null;
    	   
    	   try{
    	     fOut= new FileOutputStream("c:\\NewEmployee2.ser");
    	     oOut = new ObjectOutputStream(fOut);
    	     emp.writeExternal(oOut);  //serializing employee
    	     System.out.println(
                "An employee is serialized into c:\\NewEmployee2.ser");
    
    	   }catch(IOException e){
    	   	  e.printStackTrace(); 
    	   }finally{
    		try {
    			oOut.flush();
    			oOut.close();
    			fOut.close();
    		} catch (IOException e1) {
    			e1.printStackTrace();
    		}
    	   }
    	}
    }
    

    Unlike with Serializable interface, we had to write a little more code to implement Externalizable interface, but the size of the file NewEmployee2.ser is only 21 bytes, whereas the file NewEmployee.ser has 207 bytes. First of all, we serialized the values of only two attributes, and the other reason is that files created using Externalizable interface contain data only, while files created by default Java serialization contain class metadata that include attribute names.

    The next code snippet shows you how to recreate an externalized object:

    fIn= new FileInputStream("c:\\NewEmployee2.ser");
    oIn = new ObjectInputStream(fIn);
    
    Employee2 emp = new Employee2();
    emp.readExternal(oIn);
    

    Serialization in the Real World

    In some types of applications you have to write the code to serialize objects, but in many cases serialization is performed behind the scenes by various server-side containers. These are some of the typical uses of serialization:

  • To persist data for future use.
  • To send data to a remote computer using such client/server Java technologies as RMI or socket programming.
  • To "flatten" an object into array of bytes in memory.
  • To exchange data between applets and servlets.
  • To store user session in Web applications.
  • To activate/passivate enterprise java beans.
  • To send objects between the servers in a cluster.

    When you use serialization in time-critical applications, for example real-time stock trading systems, the size of the serialized objects should be minimal. Keep in mind that variables with longer names produce larger footprints during serialization, and this may substantially slow down your application. Think of a high volume of trade orders that is being serialized. I remember working on the application where a class TradeOrder had about a hundred member variables. After renaming the variables into meaningless v1, v2, and so on, the size of one TradeOrder instance was reduced by a thousand bytes. And we are talking about serializing of thousands orders over the network!

    If performance is your primary goal, use Externalizable interface instead of Serializable. Yes, you'll have to write code to serialize each attribute, but this may speed up serialization process substantially.

    While applets can connect to a remote computer using socket or RMI programming (these technologies will be explained in the future lessons of this series), HTTP protocol and such Java classes as URL and URLConnection simplify network programming. With an HTTP protocol, applets can receive or send not only a text, but also binary objects using Java Serialization.

    When an EJB container decides to passivate (unload from memory) so-called stateful session bean, JVM persists its state in a safe place (usually on a disk). Later on, when this bean will be activated again, all its variables will be automatically deserialized by the EJB container.

    While it may not be too difficult for JVM to convert a primitive integer variable into four bytes for serialization, it's not as simple in case of classes containing variables with references to other objects. The process of converting such complex object into a sequence of bytes is called marshalling and the process of reconstructing of the objects from these bytes is called unmarshalling and Java does this job for you.

    Even though we have not learned yet how to create Web applications, I still want to mention that objects used for tracking of the user sessions should be serializable, otherwise you may not be able to deploy these application in a cluster of servers.

    Java serialization is a simple but powerful feature of the language, and you definitely will have a chance to use it in your applications.

  • More Stories By Yakov Fain

    Yakov Fain is a co-founder of two software companies: Farata Systems and SuranceBay. He authored several technical books and lots of articles on software development. Yakov is Java Champion (https://java-champions.java.net). He leads leads Princeton Java Users Group. Two of Yakov's books will go in print this year: "Enterprise Web Development" (O'Reilly) and "Java For Kids" (No Starch Press).

    Comments (9)

    Share your thoughts on this story.

    Add your comment
    You must be signed in to add a comment. Sign-in | Register

    In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


    @ThingsExpo Stories
    The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at Internet of @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, will discuss how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money! Speaker Bio: Esmeralda Swartz, CMO of MetraTech, has spent 16 years as a marketing, product management, and busin...
    Samsung VP Jacopo Lenzi, who headed the company's recent SmartThings acquisition under the auspices of Samsung's Open Innovaction Center (OIC), answered a few questions we had about the deal. This interview was in conjunction with our interview with SmartThings CEO Alex Hawkinson. IoT Journal: SmartThings was developed in an open, standards-agnostic platform, and will now be part of Samsung's Open Innovation Center. Can you elaborate on your commitment to keep the platform open? Jacopo Lenzi: Samsung recognizes that true, accelerated innovation cannot be driven from one source, but requires a...
    SYS-CON Events announced today that Red Hat, the world's leading provider of open source solutions, will exhibit at Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Red Hat is the world's leading provider of open source software solutions, using a community-powered approach to reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As the connective hub in a global network of enterprises, partners, a...
    P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at Internet of @ThingsExpo, Robin Raymond, Chief Architect at Hookflash Inc., will walk through the shifting landscape of traditional telephone a...
    SYS-CON Events announced today that Matrix.org has been named “Silver Sponsor” of Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Matrix is an ambitious new open standard for open, distributed, real-time communication over IP. It defines a new approach for interoperable Instant Messaging and VoIP based on pragmatic HTTP APIs and WebRTC, and provides open source reference implementations to showcase and bootstrap the new standard. Our focus is on simplicity, security, and supporting the fullest feature set.
    BSQUARE is a global leader of embedded software solutions. We enable smart connected systems at the device level and beyond that millions use every day and provide actionable data solutions for the growing Internet of Things (IoT) market. We empower our world-class customers with our products, services and solutions to achieve innovation and success. For more information, visit www.bsquare.com.
    How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic • Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff happens, where data lives and where the interface lies. For instance, it’s a mix of architectural style...
    SYS-CON Events announced today that SOA Software, an API management leader, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. SOA Software is a leading provider of API Management and SOA Governance products that equip business to deliver APIs and SOA together to drive their company to meet its business strategy quickly and effectively. SOA Software’s technology helps businesses to accelerate their digital channels with APIs, drive partner adoption, monetize their assets, and achieve a...
    From a software development perspective IoT is about programming "things," about connecting them with each other or integrating them with existing applications. In his session at @ThingsExpo, Yakov Fain, co-founder of Farata Systems and SuranceBay, will show you how small IoT-enabled devices from multiple manufacturers can be integrated into the workflow of an enterprise application. This is a practical demo of building a framework and components in HTML/Java/Mobile technologies to serve as a platform that can integrate new devices as they become available on the market.
    SYS-CON Events announced today that Utimaco will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Utimaco is a leading manufacturer of hardware based security solutions that provide the root of trust to keep cryptographic keys safe, secure critical digital infrastructures and protect high value data assets. Only Utimaco delivers a general-purpose hardware security module (HSM) as a customizable platform to easily integrate into existing software solutions, embed business logic and build s...
    Connected devices are changing the way we go about our everyday life, from wearables to driverless cars, to smart grids and entire industries revolutionizing business opportunities through smart objects, capable of two-way communication. But what happens when objects are given an IP-address, and we rely on that connection, sometimes with our lives? How do we secure those vast data infrastructures and safe-keep the privacy of sensitive information? This session will outline how each and every connected device can uphold a core root of trust via a unique cryptographic signature – a “bir...
    Internet of @ThingsExpo Silicon Valley announced on Thursday its first 12 all-star speakers and sessions for its upcoming event, which will take place November 4-6, 2014, at the Santa Clara Convention Center in California. @ThingsExpo, the first and largest IoT event in the world, debuted at the Javits Center in New York City in June 10-12, 2014 with over 6,000 delegates attending the conference. Among the first 12 announced world class speakers, IBM will present two highly popular IoT sessions, which will take place November 4-6, 2014 at the Santa Clara Convention Center in Santa Clara, Calif...
    Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.
    WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at Internet of @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, will discuss how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.

    SUNNYVALE, Calif., Oct. 20, 2014 /PRNewswire/ -- Spansion Inc. (NYSE: CODE), a global leader in embedded systems, today added 96 new products to the Spansion® FM4 Family of flexible microcontrollers (MCUs). Based on the ARM® Cortex®-M4F core, the new MCUs boast a 200 MHz operating frequency and support a diverse set of on-chip peripherals for enhanced human machine interfaces (HMIs) and machine-to-machine (M2M) communications. The rich set of periphera...

    SYS-CON Events announced today that Aria Systems, the recurring revenue expert, has been named "Bronze Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Aria Systems helps leading businesses connect their customers with the products and services they love. Industry leaders like Pitney Bowes, Experian, AAA NCNU, VMware, HootSuite and many others choose Aria to power their recurring revenue business and deliver exceptional experiences to their customers.
    The Internet of Things (IoT) is going to require a new way of thinking and of developing software for speed, security and innovation. This requires IT leaders to balance business as usual while anticipating for the next market and technology trends. Cloud provides the right IT asset portfolio to help today’s IT leaders manage the old and prepare for the new. Today the cloud conversation is evolving from private and public to hybrid. This session will provide use cases and insights to reinforce the value of the network in helping organizations to maximize their company’s cloud experience.
    The Internet of Things (IoT) is making everything it touches smarter – smart devices, smart cars and smart cities. And lucky us, we’re just beginning to reap the benefits as we work toward a networked society. However, this technology-driven innovation is impacting more than just individuals. The IoT has an environmental impact as well, which brings us to the theme of this month’s #IoTuesday Twitter chat. The ability to remove inefficiencies through connected objects is driving change throughout every sector, including waste management. BigBelly Solar, located just outside of Boston, is trans...
    SYS-CON Events announced today that Matrix.org has been named “Silver Sponsor” of Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Matrix is an ambitious new open standard for open, distributed, real-time communication over IP. It defines a new approach for interoperable Instant Messaging and VoIP based on pragmatic HTTP APIs and WebRTC, and provides open source reference implementations to showcase and bootstrap the new standard. Our focus is on simplicity, security, and supporting the fullest feature set.
    Predicted by Gartner to add $1.9 trillion to the global economy by 2020, the Internet of Everything (IoE) is based on the idea that devices, systems and services will connect in simple, transparent ways, enabling seamless interactions among devices across brands and sectors. As this vision unfolds, it is clear that no single company can accomplish the level of interoperability required to support the horizontal aspects of the IoE. The AllSeen Alliance, announced in December 2013, was formed with the goal to advance IoE adoption and innovation in the connected home, healthcare, education, aut...