A mini guide for implementing serializable interface in java

We all know what Serializable interface guarantees i.e. ability to serialize the classes. This interface recommends you to use serialVersioUID also. Now, even if you use both in your classes, do know what can break your design even now?? Lets identify the future changes in your class which will be compatible and others which will prove incompatible.

Ads by Google
Sections in this post:

Incompatible Changes
Compatible Changes
Recommendations for serialVersionUID
Recommendations for readObject and writeObject
Other points to keep remember
Sample implementation class
Serialization and deserialization of class

Incompatible Changes

Incompatible changes to classes are those changes for which the guarantee of interoperability cannot be maintained. The incompatible changes that may occur while evolving a class are (considering default serialization or de-serialization):

  1. Deleting fields -- If a field is deleted in a class, the stream written will not contain its value. When the stream is read by an earlier class, the value of the field will be set to the default value because no value is available in the stream. However, this default value may adversely impair the ability of the earlier version to fulfill its contract.
  2. Moving classes up or down the hierarchy -- This cannot be allowed since the data in the stream appears in the wrong sequence.
  3. Changing a non-static field to static or a non-transient field to transient -- When relying on default serialization, this change is equivalent to deleting a field from the class. This version of the class will not write that data to the stream, so it will not be available to be read by earlier versions of the class. As when deleting a field, the field of the earlier version will be initialized to the default value, which can cause the class to fail in unexpected ways.
  4. Changing the declared type of a primitive field -- Each version of the class writes the data with its declared type. Earlier versions of the class attempting to read the field will fail because the type of the data in the stream does not match the type of the field.
  5. Changing the writeObject or readObject method so that it no longer writes or reads the default field data or changing it so that it attempts to write it or read it when the previous version did not. The default field data must consistently either appear or not appear in the stream.
  6. Changing a class from Serializable to Externalizable or vice-versa is an incompatible change since the stream will contain data that is incompatible with the implementation of the available class.
  7. Changing a class from a non-enum type to an enum type or vice versa since the stream will contain data that is incompatible with the implementation of the available class.
  8. Removing either Serializable or Externalizable is an incompatible change since when written it will no longer supply the fields needed by older versions of the class.
  9. Adding the writeReplace or readResolve method to a class is incompatible if the behavior would produce an object that is incompatible with any older version of the class.

Compatible Changes

  1. Adding fields -- When the class being reconstituted has a field that does not occur in the stream, that field in the object will be initialized to the default value for its type. If class-specific initialization is needed, the class may provide a readObject method that can initialize the field to non default values.
  2. Adding classes -- The stream will contain the type hierarchy of each object in the stream. Comparing this hierarchy in the stream with the current class can detect additional classes. Since there is no information in the stream from which to initialize the object, the class’s fields will be initialized to the default values.
  3. Removing classes -- Comparing the class hierarchy in the stream with that of the current class can detect that a class has been deleted. In this case, the fields and objects corresponding to that class are read from the stream. Primitive fields are discarded, but the objects referenced by the deleted class are created, since they may be referred to later in the stream. They will be garbage-collected when the stream is garbage-collected or reset.
  4. Adding writeObject/readObject methods -- If the version reading the stream has these methods then readObject is expected, as usual, to read the required data written to the stream by the default serialization. It should call defaultReadObject first before reading any optional data. The writeObject method is expected as usual to call defaultWriteObject to write the required data and then may write optional data.
  5. Removing writeObject/readObject methods -- If the class reading the stream does not have these methods, the required data will be read by default serialization, and the optional data will be discarded.
  6. Adding java.io.Serializable -- This is equivalent to adding types. There will be no values in the stream for this class so its fields will be initialized to default values. The support for subclassing nonserializable classes requires that the class’s super type have a no-arg constructor and the class itself will be initialized to default values. If the no-arg constructor is not available, the InvalidClassException is thrown.
  7. Changing the access to a field -- The access modifiers public, package, protected, and private have no effect on the ability of serialization to assign values to the fields.
  8. Changing a field from static to non-static or transient to non transient -- When relying on default serialization to compute the serializable fields, this change is equivalent to adding a field to the class. The new field will be written to the stream but earlier classes will ignore the value since serialization will not assign values to static or transient fields.

Recommendations for serialVersionUID

The serialVersionUID is a universal version identifier for a Serializable class. Deserialization uses this number to ensure that a loaded class corresponds exactly to a serialized object. If no match is found, then an InvalidClassException is thrown.

  1. Always include it as a field, for example: “private static final long serialVersionUID = 7526472295622776147L; ” include this field even in the first version of the class, as a reminder of its importance.
  2. Do not change the value of this field in future versions, unless you are knowingly making changes to the class which will render it incompatible with old serialized objects. If needed, follow above given guidelines.

Recommendations for readObject and writeObject

  1. Deserialization must be treated as any constructor : validate the object state at the end of deserializing -- this implies that readObject should almost always be implemented in Serializable classes, such that this validation is performed.
  2. If constructors make defensive copies for mutable object fields, so must readObject.

Other points to keep remember

  1. Use javadoc’s @serial tag to denote Serializable fields.
  2. The .ser extension is conventionally used for files representing serialized objects.
  3. No static or transient fields undergo default serialization.
  4. Extendable classes should not be Serializable, unless necessary.
  5. Inner classes should rarely, if ever, implement Serializable.
  6. Container classes should usually follow the style of Hashtable, which implements Serializable by storing keys and values, as opposed to a large hash table data structure.

Sample implementation class

package staticTest;

import java.io.Serializable;
import java.text.StringCharacterIterator;
import java.util.*;
import java.io.*;

public final class UserDetails implements Serializable {

/**
* This constructor requires all fields
*
* @param aFirstName
* contains only letters, spaces, and apostrophes.
* @param aLastName
* contains only letters, spaces, and apostrophes.
* @param aAccountNumber
* is non-negative.
* @param aDateOpened
* has a non-negative number of milliseconds.
*/
public UserDetails(String aFirstName, String aLastName, int aAccountNumber,
Date aDateOpened) {
	super();
	setFirstName(aFirstName);
	setLastName(aLastName);
	setAccountNumber(aAccountNumber);
	setDateOpened(aDateOpened);
	// there is no need here to call verifyUserDetails.
}

// The default constructor
public UserDetails() {
	this("FirstName", "LastName", 0, new Date(System.currentTimeMillis()));
}

public final String getFirstName() {
	return fFirstName;
}

public final String getLastName() {
	return fLastName;
}

public final int getAccountNumber() {
	return fAccountNumber;
}

/**
* Returns a defensive copy of the field so that no one can change this
* field.
*/
public final Date getDateOpened() {
	return new Date(fDateOpened.getTime());
}

/**
* Names must contain only letters, spaces, and apostrophes. Validate before
* setting field to new value.
*
* @throws IllegalArgumentException
* if the new value is not acceptable.
*/
public final void setFirstName(String aNewFirstName) {
	verifyNameProperty(aNewFirstName);
	fFirstName = aNewFirstName;
}

/**
* Names must contain only letters, spaces, and apostrophes. Validate before
* setting field to new value.
*
* @throws IllegalArgumentException
* if the new value is not acceptable.
*/
public final void setLastName(String aNewLastName) {
	verifyNameProperty(aNewLastName);
	fLastName = aNewLastName;
}

/**
* Validate before setting field to new value.
*
* @throws IllegalArgumentException
* if the new value is not acceptable.
*/
public final void setAccountNumber(int aNewAccountNumber) {
	validateAccountNumber(aNewAccountNumber);
	fAccountNumber = aNewAccountNumber;
}

public final void setDateOpened(Date aNewDate) {
	// make a defensive copy of the mutable date object
	Date newDate = new Date(aNewDate.getTime());
	validateAccountOpenDate(newDate);
	fDateOpened = newDate;
}

/**
* The client's first name.
*
* @serial
*/
private String fFirstName;

/**
* The client's last name.
*
* @serial
*/
private String fLastName;

/**
* The client's account number.
*
* @serial
*/
private int fAccountNumber;

/**
* The date the account was opened.
*
* @serial
*/
private Date fDateOpened;

/**
* Determines if a de-serialized file is compatible with this class.
* Included here as a reminder of its importance.
*/
private static final long serialVersionUID = 7526471155622776147L;

/**
* Verify that all fields of this object take permissible values
*
* @throws IllegalArgumentException
* if any field takes an unpermitted value.
*/
private void verifyUserDetails() {
	validateAccountNumber(fAccountNumber);
	verifyNameProperty(fFirstName);
	verifyNameProperty(fLastName);
	validateAccountOpenDate(fDateOpened);
}

/**
* Ensure names contain only letters, spaces, and apostrophes.
*
* @throws IllegalArgumentException
* if field takes an unpermitted value.
*/
private void verifyNameProperty(String aName) {
boolean nameHasContent = (aName != null) && (!aName.equals(""));
	if (!nameHasContent) {
		throw new IllegalArgumentException(
		"Names must be non-null and non-empty.");
	}

StringCharacterIterator iterator = new StringCharacterIterator(aName);
char character = iterator.current();
	while (character != StringCharacterIterator.DONE) {
		boolean isValidChar = (Character.isLetter(character)
		|| Character.isSpaceChar(character) || character == ''');
		if (isValidChar) {
			// do nothing
		} else {
			String message = "Names can contain only letters, spaces, and apostrophes.";
			throw new IllegalArgumentException(message);
		}
		character = iterator.next();
	}
}

/**
* AccountNumber must be non-negative.
*
* @throws IllegalArgumentException
* if field takes an unpermitted value.
*/
private void validateAccountNumber(int aAccountNumber) {
	if (aAccountNumber < 0) {
		String message = "Account Number must be greater than or equal to 0.";
		throw new IllegalArgumentException(message);
	}
}

/**
* DateOpened must be after 1970.
*
* @throws IllegalArgumentException
* if field takes an unpermitted value.
*/
private void validateAccountOpenDate(Date aDateOpened) {
	if (aDateOpened.getTime() < 0) {
		throw new IllegalArgumentException(
			"Date Opened must be after 1970.");
	}
}

/**
* Always treat de-serialization as a full-blown constructor, by validating
* the final state of the de-serialized object.
*/
private void readObject(ObjectInputStream aInputStream)
throws ClassNotFoundException, IOException {
	// always perform the default de-serialization first
	aInputStream.defaultReadObject();

	// make defensive copy of the mutable Date field
	fDateOpened = new Date(fDateOpened.getTime());

	// ensure that object state has not been corrupted or tampered with
	// malicious code
	verifyUserDetails();
}

/**
* This is the default implementation of writeObject. Customise if
* necessary.
*/
private void writeObject(ObjectOutputStream aOutputStream)
throws IOException {
	// perform the default serialization for all non-transient, non-static
	// fields
	aOutputStream.defaultWriteObject();
}
}

Lets see now how to do serialization and deserialization.

Serialization and deserialization of object

package serializationTest;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.util.Calendar;
import java.util.Date;
public class TestUserDetails {
	public static void main(String[] args) {
		// Create new UserDetails object
		UserDetails myDetails = new UserDetails("Lokesh", "Gupta", 102825,
		new Date(Calendar.getInstance().getTimeInMillis()));

		// Serialization code
		try {
			FileOutputStream fileOut = new FileOutputStream("userDetails.ser");
			ObjectOutputStream out = new ObjectOutputStream(fileOut);
			out.writeObject(myDetails);
			out.close();
			fileOut.close();
		} catch (IOException i) {
			i.printStackTrace();
		}

		// De-serialization code
		@SuppressWarnings("unused")
		UserDetails deserializedUserDetails = null;
		try {
			FileInputStream fileIn = new FileInputStream("userDetails.ser");
			ObjectInputStream in = new ObjectInputStream(fileIn);
			deserializedUserDetails = (UserDetails) in.readObject();
			in.close();
			fileIn.close();

			// verify the object state
			System.out.println(deserializedUserDetails.getFirstName());
			System.out.println(deserializedUserDetails.getLastName());
			System.out.println(deserializedUserDetails.getAccountNumber());
			System.out.println(deserializedUserDetails.getDateOpened());
		} catch (IOException ioe) {
			ioe.printStackTrace();
		} catch (ClassNotFoundException cnfe) {
			cnfe.printStackTrace();
		}
	}
}
Output:

Lokesh
Gupta
102825
Wed Nov 21 15:06:34 GMT+05:30 2012

References:

http://docs.oracle.com/javase/7/docs/platform/serialization/spec/serialTOC.html

Ads by Google

12 thoughts on “A mini guide for implementing serializable interface in java”

  1. Hi lokes, I have a query regarding serialization. As we know that at the time of deserialization the class constructor does not run. As far as i know if we deserialize our object, its constructors doesn’t get called, but default constructor of its parent will be called. My question is that at the time of the deserializtion, how the jvm creates the object without calling the constructor ??
    I serialized a class’s object and then deserialized it and compared the references. Both references were not same. Please can you help :)

    1. While serializing an object, the object’s type (class metadata) , field’s data types and field’s data values are converted into a series of bytes and written in form of bytes. This same information is used in reconstructing the object back during deserialization process.

      In fact, this is very interesting topic and I just thought to write a separate post on it. Wait till tomorrow. I will explain in detail.

      1. Good article. I have come across a framework where the bean objects which get stored in session are to be serialized (a kind of mandate). Few modern day frameworks involve concepts of passivation of data.

      2. in case the DTO object is changed as incompatible level later , what will happen to the old serialized session data (DTO object) in the server? is it get cleaned automatically? assume serialVersionUID is incremented to avoid mixing different versions as you mentioned in the related article.
        Congrats for your great texts!!!

  2. I am understanding what text you have provided in this guide….It helping me a lot. but i could not able to understand the code thoroughly. Can you give me a suggestion for that and how to be a good programmer?

      1. Hi Lokesh,

        Can you please tell us how can we control the fields to be serialized with the help of readObject.
        I dont want to use transient .

Note:- In comment box, please put your code inside [java] ... [/java] OR [xml] ... [/xml] tags otherwise it may not appear as intended.

Leave a Reply

Your email address will not be published. Required fields are marked *


+ 3 = eight

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>