What is Serialization
Serialization involves preserving an instance/object of a class for its later use.The datas preserved represents that partial internal state of particular instance /object of a class.It stores data such as variable names,values,data type etc.The contents are stored in a RAM(transient container) or disks,file(persistent container).The RAM(transient container) is used to store objects for socket, RMI application data passing from one computer to another, to avoide data losses to and evolve the respective class.Via storing in persistent container after the current session, the content of that instance of class can be used later.Applets cannot store state of the object in a persistent container it can only store data in transient container since its direct access to disk is restricted.
Implementation of Serialization:
If a particular instance/object of a class is to be serialized,the respective class should implement interfaces like Serializable or Externalizable. Both saves the data binded with objects variable using class definition available in Java Virtual Machine(JVM) to construct image of object/instance of respective Class.
The Serializable interface depends on java run time default mechanism to stream objects state. The object internal state is stored by writeObject() function in class, ObjectOutputStream and saving primitive variable value by write<data-type>() function.The reading of object internal state via readObject() function in ObjectInputStream class and reading of primitive variable value by read<data-type>() function.
Unlike Serializable interface Externalizable interface does not use default java run time mechanism to write and read serialized class. but to handle the serliazation on its own the class must define which all variables to be read or written using writeExternal() and readExternal() functions.Inside this function it uses writeObject(),write<data-type>()/
readObject(),read<data-type>() to handle write/read the objects internal state.
Serialization not only stores simple variables state but also stores AWT/SWING components like pannels,text boxes etc the whole state can be preserved and retrieved when required.
Data Hiding/Filtering:
Serializable interface allows the developers to decide which all variables in a particular Class needed to be serialized. Serialization of instance/objects internal state may not be required to store all the variables, make those variables free from serialization by using keyword ‘transient’ while declaration.Those variables in a particular serialized class with transient is independent from serializing/deserializing process.In this way only necessary datas can be stored and retrieved. Another method to control serialization is to override the writeObjects()/readObjects() functions in Serialiable interface.
Using writeExternal()/readExternal() of Externalizable interface developer can encounter security threats since both methods are public,also for additional security you can also encrypt the datas before serializing and decrypt those after deserializing.
Problems Encounter:
The alterations to a serialized class lead to the incompatibility with object image stored,that is if you are storing an object internal state for a long time and the changes made to the class may effect objects identity and may throw InvalidClassExcetion.The forward compatibility eg:like adding new variables,adding removing readObject()/writeObject(),adding new methods,changing the access modifiers(public, private etc) does not affect the serialization.But serialization encounter problems during Backward Compatibility arises when changing position of class in class hierarchy,deleting the variables involved in serialization,altering the data types etc.
Serialization provides the java application with object persistence,this allows the object to be stored onto a file,disk or RAM for later use.Also it provides apt data hiding and security for serialized objects hence serialized object is as secure as those in application startup.