RKTechGame | Serialization & Deserialization in Java

Serialization & Deserialization - Kya Hai?

Serialization ka matlab hota hai Java object ko byte stream mein convert karna, taaki usko file me save kiya ja sake ya network pe bheja ja sake.
Deserialization process mein byte stream se wapas object banaya jata hai.

Yeh process object ko persistent banata hai aur distributed applications mein bohot useful hota hai.

Kaise Kaam Karta Hai?

• Kisi class ko serializable banane ke liye implements Serializable lagana hota hai.
• Serialization ke liye ObjectOutputStream aur deserialization ke liye ObjectInputStream use karte hain.

Serialization Example

import java.io.Serializable;
import java.io.FileOutputStream;
import java.io.ObjectOutputStream;

class Person implements Serializable {
  private static final long serialVersionUID = 1L;
  String name;
  int age;
  Person(String name, int age){
    this.name = name;
    this.age = age;
  }
}

public class SerializeDemo {
  public static void main(String[] args) {
    Person p = new Person("Amit", 25);
    try(ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream("person.ser"))) {
      oos.writeObject(p);
      System.out.println("Serialization successful");
    } catch(Exception e) {
      e.printStackTrace();
    }
  }
}

Deserialization Example

import java.io.FileInputStream;
import java.io.ObjectInputStream;

try(ObjectInputStream ois = new ObjectInputStream(new FileInputStream("person.ser"))) {
  Person p2 = (Person) ois.readObject();
  System.out.println("Deserialized Person: " + p2.name + ", " + p2.age);
} catch(Exception e) {
  e.printStackTrace();
}

Advanced Concepts

1. serialVersionUID

Ye ek unique long value hoti hai jo JVM ko batati hai object ka version. Agar class definition change hogi aur serialVersionUID mismatch hua toh deserialization fail ho jayegi.

2. transient Keyword

Jo fields transient hoti hain wo serialize nahi hoti. Usually sensitive info ya temporary data ke liye use kiya jata hai.

3. static Fields

Static fields serialize nahi hoti kyunki ye class level hoti hain na ki instance level.

4. Custom Serialization

Aap apni class mein `writeObject` aur `readObject` methods define karke serialization process customize kar sakte hain.

Example: transient & static

import java.io.*;

class Emp implements Serializable {
  private static final long serialVersionUID = 1L;
  String name;
  transient String password;
  static int companyCode = 1001;
  int age;

  public Emp(String name, String password, int age) {
    this.name = name;
    this.password = password;
    this.age = age;
  }
}

public class AdvSerializationDemo {
  public static void main(String[] args) {
    Emp emp = new Emp("Amit", "secret", 30);
    try(ObjectOutputStream out = new ObjectOutputStream(new FileOutputStream("emp.ser"))) {
      out.writeObject(emp);
      System.out.println("Object Serialized");
    } catch(Exception e) { e.printStackTrace(); }

    emp = null;

    try(ObjectInputStream in = new ObjectInputStream(new FileInputStream("emp.ser"))) {
      emp = (Emp) in.readObject();
      System.out.println("Deserialized Emp: " + emp.name + ", " + emp.password + ", " + emp.age);
      System.out.println("Static field companyCode: " + Emp.companyCode);
    } catch(Exception e) { e.printStackTrace(); }
  }
}

Output me dekhenge ki `password` null rahega kyunki wo transient tha, aur `companyCode` static hone ki wajah se serialize nahi hua.

Important Tips & Security

• Serialization me object states save karna convenient hai, lekin serialized data ko handle karte waqt security risks (jaise deserialization attack) samajhna zaruri hai.
• Validation aur input checking zaruri hai jab remote se serialized objects le rahe hain.
• Backward compatibility maintain karne ke liye humesha serialVersionUID declare karein.
• Custom serialization se aap sensitive info ko encrypt kar sakte hain.