Serialization And Deserialization Interface in Java

Serialization And Deserialization

When we think about modern applications, many of them function on a distributed architecture. These distributed applications often involve interactions between a local machine and a remote machine, each playing its own crucial role. While local machines handle interactive user experiences, remote machines provide services and data storage that are essential for the application’s functionality.

Understanding Distributed Applications

• In Distributed applications, we will use local machine and Remote Machine, where Remote machine will have remote services that are consumed by the local machine applications.
• In general, in distributed applications we will transfer messages from local machine to Remote machine and from Remote machine to local machine.
• In this applications, it is the minimum convention to carry an object from local machine to Remote machine and from Remote Machine to Local Machine.

In this architecture, it’s a common requirement to transfer objects between machines. This transfer involves several steps :

1. Create an Object that you wish to send to a remote machine.

2. Separate Data from the Object, which allows you to prepare the information for transmission.

3. Convert the Data from its system representation (how it exists on your local machine) to a network representation (a format suitable for sending over the network).

4. Send Data to the network where the remote machine is waiting.

Receiving the Object on the Remote Machine

Once your data reaches the remote machine, it undergoes its own set of actions :

1. Convert data back from network representation to system representation.

2. Reconstruct the Object based on the received data to make it usable again.

Understanding these processes leads us to important terminology in serialization and deserialization :

1. Serialization : The process of separating data from an object.

2. Marshalling : Converting data from system representation to network representation.

3. Deserialization : Reconstructing an object based on the received data.

4. Unmarshalling : Transforming data from network representation back to system representation.

Serialization and Deserialization in Java

Java has made it relatively straightforward to handle serialization and deserialization through its predefined byte-oriented streams. The two key components are :

1. ObjectOutputStream for Serialization.

2. ObjectInputStream for Deserialization.

To illustrate these processes, let’s take a closer look at how you would serialize and deserialize an object in a standalone application.

Performing Serialization in Java

To serialize an object in Java, follow these simple steps:

Step 1: Prepare a Serializable Class

In Java, not all objects are eligible for serialization. Only the objects whose classes implement the `java.io.Serializable` marker interface can be serialized. For instance :

public class Employee implements Serializable

{

}

Student std = new Student();

Step 2: Prepare FileOutputStream

Next, you’ll need to set up a `FileOutputStream` to direct where data will be stored once serialized :

FileOutputStream fos = new FileOutputStream(“khushi.txt”);

Step 3: Create ObjectOutputStream

Now, create an `ObjectOutputStream`. It bridges the gap between your object and the file output stream. where in the Java applications the role of the developer is to supply the Serializable object to the ObjectOutputStream.

ObjectOutputStream oos = new ObjectOutputStream(fos);

Step 4: Write the Serializable Object

Finally, it’s time to write the serializable object to the `ObjectOutputStream` like this :

oos.writeObject(std);

As you can see, when you call `writeObject`, `ObjectOutputStream` takes over and handles the serialization, sending the data to the `FileOutputStream`, which in turn saves it to your specified file. It’s almost like having a reliable courier service to handle your important documents!

Example for Serialization and Deserialization

Student class implementing Serializable Interface

class with main method

Output with std.txt file

However, there’s a catch. If you try to serialize an object without implementing the java.io.Serializable interface, you’ll likely run into a problem known as java.io.NotSerializableException. This is the Java Virtual Machine (JVM) trying to protect itself and your application from potential issues.

Example :

Student class without implementing Serializable Interface

Security Considerations

While serialization is handy, it does raise some security concerns. If you’ve got sensitive information — like passwords or PIN numbers — serializing the entire object means those details could end up in plain text in your file. That’s not ideal!

Making Variables Transient

If you want to prevent certain properties from being serialized, simply declare those variables as transient. Here's how to do it:

Superclass and Subclass Serialization

In Java, when you serialize an object of a subclass that extends a superclass, if the superclass implements Serializable, the subclass can be serialized as well without any issues.

Example with Inheritance

Conclusion

Serialization and deserialization in Java play a crucial role in distributed applications by enabling the transfer of objects between local and remote machines. By implementing the java.io.Serializable interface, objects can be easily converted to a byte stream (serialization) and then reconstructed (deserialization) on a remote machine. This process ensures that the object's state is preserved across the network. However, it's important to be aware of the security implications, such as the potential exposure of sensitive information, and to use features like transient variables to mitigate these risks.

Short Notes

Serialization

• Definition: The process of converting an object’s state into a byte stream.
• Key Classes: ObjectOutputStream and FileOutputStream.
• Steps:

1. Implement java.io.Serializable interface in the class.
2. Create a FileOutputStream to specify the output file.
3. Create an ObjectOutputStream connected to the FileOutputStream.
4. Use writeObject() method to serialize the object.

Deserialization

• Definition: The process of converting a byte stream back into an object’s state.
• Key Classes: ObjectInputStream and FileInputStream.
• Steps:

1. Create a FileInputStream to read the serialized file.
2. Create an ObjectInputStream connected to the FileInputStream.
3. Use readObject() method to deserialize the object.

Important Concepts

• Marshalling: Converting data from system representation to network representation.
• Unmarshalling: Converting data from network representation back to system representation.
• Transient Variables: Fields that are not serialized, preventing sensitive information from being exposed.
• Inheritance: Subclasses can be serialized if their superclass implements Serializable.