Java Serialization and Deserialization explained with a simple example
Shardul Lavekar
August 14, 2023

Serialization and deserialization are powerful techniques in Java that allow you to transform objects into byte streams and back again. In this comprehensive guide, we'll dive deep into these concepts, explore their inner workings, provide a sample code illustration, and guide you through testing the process.

Understanding Serialization and Deserialization

Serialization involves converting the state of an object into a format that can be easily stored or transmitted. Think of it as creating a "snapshot" of the object's current state. This snapshot, often represented as a sequence of bytes, can then be saved to a file, sent over a network, or stored in a database. Conversely, deserialization is the process of transforming that sequence of bytes back into an object with its original state.

The Serialization Process

1. Implementing Serializable Interface: To make a class serializable, implement the `Serializable` interface. This interface acts as a marker, indicating that objects of this class can be serialized.

2. Object Graph Traversal: When you serialize an object, Java recursively traverses the object graph, including all reachable objects. This ensures the entire state of the object and its referenced objects is captured.

3. Metadata Generation: For each object, metadata is generated, containing class information and field details.

4. Field Serialization: The values of fields are converted into a byte representation based on their types. Java handles primitive types and certain standard classes (e.g., `String`) automatically.

5. Writing to Output Stream: The serialized metadata and field data are written to an output stream, often using `ObjectOutputStream`.

Let’s take a look at an example.

Note that transient fields are not serialized. Such fields can contain sensitive data.

Here is an example of serialization.

The Deserialization Process

1. Reading from Input Stream: The serialized byte stream is read from an input stream, commonly `ObjectInputStream`.

2. Metadata and Class Loading: Metadata is used to reconstruct the class structure. The class loader loads appropriate classes based on the metadata.

3. Object Creation: An instance of the class is created using a constructor, either the default constructor or a constructor marked with `@ConstructorProperties`.

4. Field Deserialization: Field values are populated by reading bytes from the input stream and setting the fields.

Sample Code Illustration

Let's add a simple example of deserializing in the above example.

Testing Serialization and Deserialization

1. Click on this method, open Direct Invoke and input and and name details.

2. Execute the method

3. The method should return the employee data you inputed.

Serialization and deserialization are essential tools in the Java developer's toolkit. By understanding their mechanisms, you gain the ability to save and restore complex object states, facilitating persistence and data exchange across applications. Armed with the knowledge of these processes, you can confidently design and implement applications that harness the power of object transformation.

Unlogged, while logging probes data, heavily uses serialization and stores class names, method names, variable names, and variable states in log files. It then scans and uses deserialization to reconstruct these details. 


Shardul Lavekar
August 21, 2023
Begin your shift-left testing journey, now!