Serialization in Java: Everything You Need To Know [2024]

With the ever-increasing boom of the IT industry, our reliance on it seems to be growing with every passing day. This steady growth has pushed many working professionals to take up programming languages in a bid to stay relevant within the industry. While the industry makes use of several languages to service its clients, a few languages are more frequently used than others. Java is one such language. 

Irrespective of whether you’re a fresher or a veteran, a sound knowledge of Java will stand to benefit you at every turn of your software journey. Like any other programming language, Java also packs a comprehensive syllabus of its own. One has to practice the language daily to get a hold of all the various concepts that punctuate the language. One such concept that helps users a lot is the practice of serialization in Java. 

Check out our free courses to get an edge over the competition.

Introduction

Serialization in the context of Java refers to the process in which a Java code object is systematically converted into a Byte Stream. This is done to enable the efficient transfer of the said object code from one Java virtual machine to another. Subsequently, this allows for its recreation with the help of deserialization. We use serialization to meet multiple objectives. Let’s have a look at the most popular and relevant ones in the section below.

Check out upGrad’s Advanced Certification in Cyber Security

Why is Serialization used?

The phenomenon of representing an object as a sequence of bytes has its fair share of usage within the programming paradigm. When the process extends itself to representing the object’s data as well, the utility increases many-fold. Listed below are some of the most common uses of serialization in Java.

Communication

Serialization in Java allows for effective and prompt communication between multiple computer systems. These units make use of object serialization and transmission to facilitate the simultaneous sharing and designing of various objects. Consequently, this results in smooth eventual execution as well. In the case of voluminous databases, serialization allows for a highly streamlined approach to object handling.

Check out upGrad’s Advanced Certification in Blockchain

Caching

Caching, in a broader sense, refers to the method of storing information to access it at a later point of time, by investing minimal time on it. Serialization in Java prompts caching by minimizing the time consumed in deserializing a large object. It is common knowledge that the time taken in building an object is much more when compared to the time that it takes for deserialization. Hence, serialization helps in optimizing this time consumption by caching the relatively larger objects in the mix. 

Deep Copy

Deep copy in Java refers to the process of copying objects from a tree in such a manner that it isn’t dependent on any of its prior versions that might be subject to a degree of change. This cloning process is made a whole lot easier by adopting serialization. By serializing the object to a byte array and then subsequently deserializing it, the user can achieve a replica of said object.

Cross Java Virtual Machine Synchronization

The main advantage of practising serialization lies in the fact that it enables the user to operate across different JVMs. Once serialization is adopted, it does not matter if these JVMs are working on the same or different architectures and Operating Systems or not. 

Persistence

By applying serialization to an object, one can directly store the state of the item without any inconvenience whatsoever. Further, it also allows the user to save the mentioned state in a database that can be retrieved later at any point of time in the future. 

Read: Java Serialization Interview Questions & Answers

Serializing an Object- The Process Involved

Before proceeding with serializing an object, we first need to establish whether it is serializable or not in the first place. Now, how do we determine that? An object in Java is serializable if and only if its class or any of its parent classes allow for the implementation of the java.io.Serializable interface. The criteria are also met if these classes implement its subinterface as well, which is java.io.Externalizable. 

As discussed above, cross JVM synchronization is one of the most potent applications of using serialization. When we serialize an object, we convert the state of this object into a byte stream. As a result, it becomes possible for us to transfer the object from one Java Virtual Machine to another. Consequently, this byte stream can be converted back into the original object as well.

This conversion is also referred to as deserialization. It is the reverse process of serialization in which the byte stream of an object from the sender that has been previously serialized is recreated at the receiving end. 

Advantages of Serialization in Java

In discussing the uses and applications of serialization in the previous sections, we have already shed some light upon its various merits. It is now time to take a deeper dive into them. 

• One of the most significant advantages of serialization is the fact that it is a built-in feature. To implement or execute serialization, you do not need to take the help of any third-party software.
• Even for users who are beginners and are just learning their ropes, serialization is a fairly easy process to learn and understand. 
• Often developers hailing from different programming backgrounds get a touch background when they have to deal with the nuances of a new language. However, in the case of serialization, the process is universal and hence rather familiar with all developers out there. 
• Not only is it easy to use and implement but also equally easy to customize as well. 
• Currently, there are a number of critical technologies that make use of serialization in their operations. This is because data streams that are serialized support encryption, authentication, compression, and secure java computing. 

Disadvantages of serialization in Java

No programming language is a hundred per cent perfect, and neither can they claim to be. As a result, the concepts and the processes that constitute them are not without their own set of flaws either. Here are some of the general disadvantages that are associated with the process of serialization. 

• Some serialization processes require deserialization to be applied in tandem as well. Now, the downside to applying deserialization is that it makes objects brittle. As a result, there is never a complete certainty that the said object will get deserialized effectively.
• When the process of serialization is invoked, it causes the creation of a bunch of Transient variables. These transient variables, when created, take up extra memory space. However, a lot of these transient variables fail to get initialized because the constructor is not called during these processes. Subsequently, they end up affecting a variation to the Standard Java Flow. 
• For all its time consumption optimizations, the process of serialization is increasingly inefficient when it comes to memory utilization.
• The process of serialization does not offer any transition control mechanism per every Standard Edition of Java. As a result, it is not preferred to be used in association with applications which need parallel access without the requirement of third party APIs. 
• While using serialization, one often has to compromise on obtaining a fine-grained control to access the Objects.

Serialization as seen through a Practical Lens

Thus far, we’ve discussed the process of serialization as a theoretical concept, including its various advantages and disadvantages. It is now time to delve into a discussion that allows us to visualize serialization from a practical point of view and its implementation thereof. Listed below are a few cases that help us understand the practical realization of serialization.

Must Read: JavaBeans Properties & Benefits: How Should You Utilize?

Serialization and Inheritance

Inheritance in Java is broadly defined as the phenomenon in which one class acquires or inherits the methods and the fields of another class. The class which inherits the properties is referred to as the subclass, and the class whose properties are inherited is referred to as the superclass. The term superclass is also interchangeably used with the base class and parent class. 

Our first case deals with serialization in the context of superclasses. Generally, if a superclass is serializable, then its subclasses can also be considered to be serializable by default. Of course, this holds true only if the superclass is implementing the Serializable interface. However, there are also certain cases when the subclass can be serialized even if the superclass does not implement the Serializable interface.

This takes place when the subclass manages to implement the Serializable interface in its one capacity. If the superclass fails to implement the Serializable interface under any circumstances, then the objects of the subclass can be manually serialized when the subclass itself implements the serializable interface. 

At times, the user might run into a third possibility as well. This possibility arises when the superclass is serializable, but the user does not quite need to adopt the process with respect to the subclass.

In situations like these, there are ways in which the unwanted serialization of the subclass can be consciously prevented. This can be done by implementing the writeObject() and readObject() methods in the subclass. However, implementing these methods alone is not sufficient enough. Along with writing these methods, the user also has to ensure that the said methods do not throw the NotSerializableException from their implementation.

Serialization with the help of a static member

When the process of serialization is implemented, it ends up ignoring the static field members in the process. This is primarily because serialization as a procedure largely concerns itself with the latest state of the object in question. As a result, while the data associated with a specific instance of a class is successfully serialized, the static member field in connection with it is not. 

Serialization with respect to XML Documents

Serialization of Java objects to XML can be achieved in a number of ways. Primarily they are realized with the help of XMLEncoder and XMLDecoder. The primary aim of serializing Java objects to XML documents lies in trying to limit the various disadvantages that the process of serialization entails inherently. 

One of the most relevant problems in the process of serialization is that the logic that saves and restores the serialized objects is only based on the internal structure of the constituent classes. It fails to take into account any of the changes that may have been caused to those classes in the time that lapses between saving the object and retrieving it. Subsequently, this results in the imminent failure of the deserialization process. 

Serialization gives rise to versioning problems as well. This happens when the user saves an object using one version of the class but attempts to deserialize the same class by using a different or a new version of the class. In this case, the deserialization process fails as well. 

Thus to avoid all of these issues, some users prefer serializing objects to XML Documents rather than taking the conventional approach of serializing them to binary format. Moreover serializing Java objects to XML documents also ensures that the object becomes human-readable, thus facilitating a superior degree of convenience. 

Checkout: Java Interview Questions & Answers

Understanding the Externalizable Interface

The Externalizable interface in Java is quite similar to that of the serialization interface. The difference lies in their abilities to offer customized serialization. The externalizable interface gives you the option of choosing the objects that you want to be stored in the stream, whereas the serialization interface does not accord you the same privilege. 

One can avail the externalizable interface under java.io. The externalizable interface provides the user with two methods as well. The first one is the public void writeExternal(ObjectOutput out) throws IOException. The other one is the public void readExternal(ObjectOutput in) throws IOException.

Difference between Serialization and Externalization

Apart from their capabilities to offer customized serialization, some other key variables set serialization and externalization apart as well. The following segment takes a closer look at them.

Implementation

One of the major differences between the serializable and the externalizable interfaces lies in their implementation. The externalizable interface expects the user to explicitly mention the objects that they wish to be serialized. This is not the case when one deals with the serializable interface. In the serializable interface, all objects and variables are serialized, without any differentiation, during the run time.

Methods

The Externalizable interface mainly consists of two methods. These are the writeExternal() method and the readExternal() method. The serializable interface, on the other hand, does not comprise any methods whatsoever. 

Process

When one is carrying out the process of serialization in the externalizable interface, they are afforded the privilege of customized serialization. Whereas in the serializable interface one has subject themselves to the default serialization process. 

Backwards Compatibility and Control

The Externalizable Interface supports serialization with no reservations to the version control in question. The only problem with this approach is that the user has to be responsible themselves while serializing the superclass. On the contrary, the serialization interface requires the same version of the JVMs to be present on both the ends. However, it does allow for a default serialization of all the objects and classes, including the superclass as well. 

Public No-Arg Constructor

While reconstructing the serialized object, the externalization interface requires the usage of the public no-arg constructor. This is different in the case of the serialization interface which does not explicitly require the no-arg constructor, but rather makes use of reflection to reconstruct the serialized objects and classes.

Serialization in Java: The Controversies

There are quite a few controversies that attach themselves with the concept of serialization in Java. A lot of them concern themselves with the removal of serialization as a procedure in the first place. It is widely considered that Oracle’s architects have long been considering removing serialization from Java as they deem it to be a horrible mistake of 1997. 

According to their research, the flaws in the design of the serialization procedure are such that they pose a threat to the data itself. To that extent, Mark Reinhold in 1997 attributed almost a third of all Java vulnerabilities to the process of serialization, even stating that the quotient might be comfortably more than that as well.

Hence, there is a good possibility that serialization as a construct would be altogether removed or replaced from the annals of Java in its upcoming updates. This might also be because a majority of experts do not consider serialization to be an idealistic option that beginners in Java can implement in their projects.

Also Read: Java Project Ideas & Topics

Get Software Development Course from the World’s top Universities. Earn Executive PG Programs, Advanced Certificate Programs, or Masters Programs to fast-track your career.

Conclusion

A discussion and deliberation on serialization can not be concluded by shedding some light on a few of its best practices. Here are a few ones that the user must adopt in order to ensure the best experience for themselves.

• For denoting serializable fields, one must use the javadoc@serial tag. 
• For files that represent serialized objects, it is preferred that one use the .ser extension.
• Normally the process of subjecting static or transient fields to default serialization is frowned upon.
• Unless it is absolutely mandatory, one must, under all circumstances, try to avoid the serialization of Extendable Classes.
• While implementing serialization, one must make sure to avoid Inner Classes from getting involved in the Serialization process. 

If you’re interested to learn more about Java, OOPs & full-stack software development, check out upGrad & IIIT-B’s Executive PG Program in Full-stack Software Development which is designed for working professionals and offers 500+ hours of rigorous training, 9+ projects, and assignments, IIIT-B Alumni status, practical hands-on capstone projects & job assistance with top firms.