Serialization

Serialization is the process of converting the state of a Java object into a byte stream. This byte stream can then be saved to a file on disk, stored in a database, or transmitted across a network. The reverse process, called deserialization, rebuilds the object from the byte stream. This mechanism allows you to persist objects beyond the lifetime of a single program execution. For a class to be serializable, it must implement the `java.io.Serializable` interface. This is a marker interface, meaning it has no methods to implement; its presence simply signals to the JVM that objects of this class are allowed to be serialized. The actual serialization and deserialization are typically done using `ObjectOutputStream` and `ObjectInputStream`. You wrap a file stream (like `FileOutputStream`) with an `ObjectOutputStream` and then call its `writeObject()` method to serialize an object. To deserialize, you wrap a `FileInputStream` with an `ObjectInputStream` and call its `readObject()` method, which returns an `Object` that you must cast back to its original type. It's important to note that not all fields of an object are serialized. Fields marked with the `transient` keyword are ignored during the serialization process and will be `null` or have their default value after deserialization. Static fields are also not serialized as they belong to the class, not the object. While built-in serialization is convenient, it can be brittle and has security vulnerabilities, so modern applications often prefer alternative formats like JSON or XML for data persistence and transfer.