Serialization

1) What is object serialization?

Serializing an object involves encoding its state in a structured way within a byte array. Once an object is serialized, the byte array can be manipulated in various ways; it can be written to a file, sent over a network using a socket-based connection or RMI, or persisted within a database as a BLOB.
The serialization process encodes enough information about the object type within the byte stream, allowing the original object to be easily recreated upon deserialization, at a later point in time.
2) Can I persist my objects using serialization instead of using a relational or object database?
No. While serialization is a highly versatile mechanism having numerous applications, your long term storage needs should continue to be addressed by conventional relational or object databases.
Note that serialization does not provide any features for transaction management and concurrency control. Nor does it provide typical database features like indexed access, caching and a query language.
3) Why doesn't serialization save the value of static variables?
Variables declared as static members are not considered part of the state of an object because they are shared by all instances of that class. Classes which need to preserve the value of static members during serialization should save and restore these values explicitly using private void readObject(ObjectInputStream) and private void writeObject(ObjectOutputStream).
4) What are the advantages and disadvantags of serialization?
The advantages of serialization are:
 It is easy to use and can be customized.
 The serialized stream can be encrypted, authenticated and compressed, supporting the needs of secure Java computing.
 Serialized classes can support coherent versioning and are flexible enough to allow gradual evolution of your application's object schema.
 Serialization can also be used as a mechanism for exchanging objects between Java and C++ libraries, using third party vendor libraries (like RogueWave's Tools.h++ ) within C++.
 There are simply too many critical technologies that rely upon serialization, including RMI, JavaBeans and EJB.
However, serialization has some disadvantages too:
 It should ideally not be used with large-sized objects, as it offers significant overhead. Large objects also significantly increase the memory requirements of your application since the object input/output streams cache live references to all objects written to or read from the stream until the stream is closed or reset. Consequently, the garbage collection of these objects can be inordinately delayed.
 The Serializable interface does not offer fine-grained control over object access - although you can somewhat circumvent this issue by implementing the complex Externalizable interface, instead.
 Since serialization does not offer any transaction control mechanisms per se, it is not suitable for use within applications needing concurrent access without making use of additional APIs.
5) What things are required for a class that implements Serializable?
A class that implements Serializable must also:
 Have access to a no-argument constructor in its first non-serializable superclass
 Identify non-serializable data members using the transient keyword or explicitly mark data members as serializable using the serialPersistentFields member.
6) My subclass implements Serializable but my superclass doesn't. Both subclass and superclass contain instance variables that need to be saved as part of the state of the subclass. Will serialization save the superclass fields for me?
When you serialize an object, the serialization mechanism works by chaining up the inheritence hierarchy, saving the sate of each Serializable superclass in turn. When serialization reaches the first non-serializable superclass, the serialization stops.
When deserializing, the state of this first non-serializable superclass is restored not from the stream, but by invoking that class' no-argument constructor. If the no-argument constructor is not adequate for your purposes, you must customize the serialization of your subclass with writeObject() and readObject() in order to write out and restore any information from the non-serializable superclass that you find necessary.
7) What role does serialization have in RMI?

RMI uses serialization as its basic and only mechanism for sending objects across a network.
If an object implements java.rmi.Remote, then the object's stub is serialized and sent to the client. If the object implements java.io.Serializable, then the object itself is serialized and sent.
8) Why would I want to implement Externalizable instead of Serializable?
By implementing Externalizable yourself you can win performance at the cost of flexibility and extra code to maintain. If you implement Externalizable yourself you stream the data directly without the need for reflection which is used in the case of Serializable.
9) How can I read and write serialized objects to and from a database?
If your RDBMS supports them, you can store serialized objects as BLOBs.
These are JDBC 2.0 features, but take a look at java.sql.Blob, ResultSet and PreparedStatement for more information.
10) Can a Vector or a Hashtable be serialized and deserialized?
Both these classes implement Serializable, and have been designed for serialization. So yes, they can be serialized.
One thing you have to watch out for, though, is that in order to serialize a collection like Vector or Hashtable, you must also be able to serialize all of the objects contained in these collections. Otherwise, the collection would not be able to be completely restored. Your program will throw a NotSerializableException unless all objects stored in the Vector or Hashtable are also serializable.
11) Is there any way to save the state of an object of a class which does not implement Serializable or Extenalizable?.
Yes. You will have to write the value of each and every instance variable into the persistent storage. If there are 100 variables, you will have to store each of them individually. If some of the variables are object references, you will have to follow each reference and save the state of that object as well. You can do that, but it would be a proprietary solution and each class that wanted to read your object would also have to know all about your proprietary format.

12) What is the role of serialization in EJB?
A big part of EJB is that it is a framework for underlying RMI: remote method invocation. You're invoking methods remotely from JVM space 'A' on objects which are in JVM space 'B' -- possibly running on another machine on the network.
To make this happen, all arguments of each method call must have their current state plucked out of JVM 'A' memory, flattened into a byte stream which can be sent over a TCP/IP network connection, and then deserialized for reincarnation on the other end in JVM 'B' where the actual method call takes place.
If the method has a return value, it is serialized up for streaming back to JVM A. Thus the requirement that all EJB methods arguments and return values must be serializable. The easiest way to do this is to make sure all your classes implement java.io.Serializable.