Java Object Serialization Specification

Table of Contents

1 System Architecture
1.1 Overview
1.2 Writing to an Object Stream
1.3 Reading from an Object Stream
1.4 Object Streams as Containers
1.5 Defining Serializable Fields for a Class
1.6 Documenting Serializable Fields and Data for a Class
1.7 Accessing Serializable Fields of a Class
1.8 The ObjectOutput Interface
1.9 The ObjectInput Interface
1.10 The Serializable Interface
1.11 The Externalizable Interface
1.12 Serialization of Enum Constants
1.13 Protecting Sensitive Information

2 Object Output Classes
2.1 The ObjectOutputStream Class
2.2 The ObjectOutputStream.PutField Class
2.3 The writeObject Method
2.4 The writeExternal Method
2.5 The writeReplace Method
2.6 The useProtocolVersion Method

3 Object Input Classes
3.1 The ObjectInputStream Class
3.2 The ObjectInputStream.GetField Class
3.3 The ObjectInputValidation Interface
3.4 The readObject Method
3.5 The readObjectNoData Method
3.6 The readExternal Method
3.7 The readResolve Method

4 Class Descriptors
4.1 The ObjectStreamClass Class
4.2 Dynamic Proxy Class Descriptors
4.3 Serialized Form
4.4 The ObjectStreamField Class
4.5 Inspecting Serializable Classes
4.6 Stream Unique Identifiers

5 Versioning of Serializable Objects
5.1 Overview
5.2 Goals
5.3 Assumptions
5.4 Who's Responsible for Versioning of Streams
5.5 Compatible JavaTM Type Evolution
5.6 Type Changes Affecting Serialization
5.6.1 Incompatible Changes
5.6.2 Compatible Changes

6 Object Serialization Stream Protocol
6.1 Overview
6.2 Stream Elements
6.3 Stream Protocol Versions
6.4 Grammar for the Stream Format
6.4.1 Rules of the Grammar
6.4.2 Terminal Symbols and Constants

A Security in Object Serialization
A.1 Overview
A.2 Design Goals
A.3 Security Issues
A.4 Preventing Serialization of Sensitive Data
A.5 Writing Class-Specific Serializing Methods
A.6 Guarding Unshared Deserialized Objects
A.7 Preventing Overwriting of Externalizable Objects
A.8 Encrypting a Bytestream

B Exceptions In Object Serialization

C Example of Serializable Fields
C.1 Example Alternate Implementation of

Copyright © 2005, 2010, Oracle and/or its affiliates. All rights reserved.