1. What is Serializable
?
Serializable
is a marker interface in Java (java.io.Serializable
).
- A marker interface means it has no methods; it simply marks a class as being serializable.
- Serialization = converting a Java object into a byte stream (so it can be saved to disk, transferred over a network, or stored in memory).
- Deserialization = reconstructing the object back from the byte stream.
Example:
import java.io.*;
class Person implements Serializable {
private String name;
private int age;
Person(String name, int age) {
this.name = name;
this.age = age;
}
}
public class SerializationExample {
public static void main(String[] args) throws Exception {
Person p = new Person("Alice", 25);
// Serialize
ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("person.ser"));
oos.writeObject(p);
oos.close();
// Deserialize
ObjectInputStream ois = new ObjectInputStream(new FileInputStream("person.ser"));
Person deserialized = (Person) ois.readObject();
ois.close();
System.out.println("Deserialized: " + deserialized);
}
}
2. Why do we need it?
We use serialization when we need to persist or transfer object states.
Common use cases:
- Saving objects: Writing them to a file, caching, or database blob.
- Sending objects: Across sockets (network communication, RMI, messaging).
- Framework support: Many frameworks (like Java EE, Spring, Hibernate, JPA, distributed caches like Redis) rely on serialization to store/transfer entities.
- Session management: Web servers serialize HTTP session objects when clustering/distributing across nodes.
3. When to use it and when NOT?
When to use:
- Need to store objects temporarily (file, cache, DB).
- Need to send objects across JVMs (RMI, messaging systems).
- Required by a framework or API (like JPA, HttpSession, caching libraries).
When NOT to use:
- When objects are not meant to persist (e.g., database connection, sockets, threads).
- If object structure is very complex → serialization can be slow and heavy.
- In microservices: Instead of Java native serialization (which is JVM-specific, fragile across versions), prefer JSON, Protocol Buffers, or Avro.
Performance Note:
Java’s native serialization is slow and insecure (possible Remote Code Execution if untrusted input). That’s why many modern systems avoid it in favor of JSON, Kryo, Protobuf, etc.
4. Key Concepts & Best Practices
serialVersionUID
- Every
Serializable
class should define a unique version ID. - It helps JVM verify compatibility between serialized and deserialized classes.
- If class definition changes and no
serialVersionUID
is defined, JVM will auto-generate one, which may causeInvalidClassException
on deserialization.
private static final long serialVersionUID = 1L;
Transient fields
- Fields marked
transient
are not serialized. - Useful for sensitive or non-serializable fields.
class User implements Serializable {
private String username;
private transient String password; // won’t be serialized
}
Customizing serialization
You can control the process by defining:
private void writeObject(ObjectOutputStream out) throws IOException {
out.defaultWriteObject(); // default serialization
// custom logic
}
private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
in.defaultReadObject(); // default deserialization
// custom logic
}
5. Why is it used on JPA Entities?
You’ll often see JPA entities implementing Serializable
, like:
@Entity
public class Employee implements Serializable {
@Id
private Long id;
private String name;
}
Reasons:
- Hibernate/JPA requirement:
- JPA spec recommends entities be serializable (not mandatory, but good practice).
- Entities might be stored in second-level cache, which may require serialization.
- Distributed environments:
- If you store entities in HTTP sessions, application servers (Tomcat, WildFly, etc.) may serialize them when clustering/distributing sessions.
- Safety for frameworks:
- Some frameworks serialize objects when performing lazy loading or proxying.
Even if your app is single-node, marking entities as Serializable
ensures compatibility when scaling.
6. When to Avoid Serializable
on Entities
- If you never store entities in sessions/cache and always use DTOs for data transfer →
Serializable
isn’t strictly necessary. - In modern REST APIs, entities are usually converted to JSON and sent, so you don’t always rely on Java serialization.
7. Alternatives to Java Serialization
Since Java native serialization is slow and insecure, many production systems prefer:
-
JSON (
Jackson
,Gson
) - Kryo (fast binary serialization)
- Google Protocol Buffers (Protobuf)
- Apache Avro
Summary
-
Serializable
is a marker interface to convert objects into byte streams. - Needed for object persistence, caching, and transfer.
- Use
serialVersionUID
,transient
, and possibly customwriteObject
/readObject
. - JPA entities often implement it for caching, clustering, and session management.
- Don’t use it blindly → for microservices & APIs, prefer JSON or Protobuf.
Top comments (0)