An ObjectInputStream deserializes primitive data and objects previously
written using an ObjectOutputStream.
ObjectOutputStream and ObjectInputStream can provide an application
with persistent storage for graphs of objects when used with a
FileOutputStream and FileInputStream respectively.
ObjectInputStream is used to recover those objects previously
serialized. Other uses include passing objects between hosts using
a socket stream or for marshaling and unmarshaling arguments and
parameters in a remote communication system.
ObjectInputStream ensures that the types of all objects in the
graph created from the stream match the classes present in the
Java Virtual Machine. Classes are loaded as required using the
Only objects that support the java.io.Serializable or
java.io.Externalizable interface can be read from streams.
The method readObject is used to read an object
from the stream. Java's safe casting should be used to get the
desired type. In Java, strings and arrays are objects and are
treated as objects during serialization. When read they need to be
cast to the expected type.
Primitive data types can be read from the stream using the appropriate
method on DataInput.
The default deserialization mechanism for objects restores the
contents of each field to the value and type it had when it was written.
Fields declared as transient or static are ignored by the
deserialization process. References to other objects cause those
objects to be read from the stream as necessary. Graphs of objects
are restored correctly using a reference sharing mechanism. New
objects are always allocated when deserializing, which prevents
existing objects from being overwritten.
Reading an object is analogous to running the constructors of a new
object. Memory is allocated for the object and initialized to zero
(NULL). No-arg constructors are invoked for the non-serializable
classes and then the fields of the serializable classes are
restored from the stream starting with the serializable class closest to
java.lang.object and finishing with the object's most specifiec
For example to read from a stream as written by the example in
FileInputStream istream = new FileInputStream("t.tmp");
ObjectInputStream p = new ObjectInputStream(istream);
int i = p.readInt();
String today = (String)p.readObject();
Date date = (Date)p.readObject();
Classes control how they are serialized by implementing either the
java.io.Serializable or java.io.Externalizable interfaces.
Implementing the Serializable interface allows object serialization
to save and restore the entire state of the object and it allows
classes to evolve between the time the stream is written and the time it is
read. It automatically traverses references between objects,
saving and restoring entire graphs.
Serializable classes that require special handling during the
serialization and deserialization process should implement both
of these methods:
The readObject method is responsible for reading and restoring the
state of the object for its particular class using data written to
the stream by the corresponding writeObject method. The method
does not need to concern itself with the state belonging to its
superclasses or subclasses. State is restored by reading data from
the ObjectInputStream for the individual fields and making
assignments to the appropriate fields of the object. Reading
primitive data types is supported by DataInput.
Serialization does not read or assign values to the fields of any
object that does not implement the java.io.Serializable interface.
Subclasses of Objects that are not serializable can be
serializable. In this case the non-serializable class must have a
no-arg constructor to allow its fields to be initialized. In this
case it is the responsibility of the subclass to save and restore
the state of the non-serializable class. It is frequently the case that
the fields of that class are accessible (public, package, or
protected) or that there are get and set methods that can be used
to restore the state.
Any exception that occurs while deserializing an object will be
caught by the ObjectInputStream and abort the reading process.
Implementing the Externalizable interface allows the object to
assume complete control over the contents and format of the object's
serialized form. The methods of the Externalizable interface,
writeExternal and readExternal, are called to save and restore the
objects state. When implemented by a class they can write and read
their own state using all of the methods of ObjectOutput and
ObjectInput. It is the responsibility of the objects to handle any
versioning that occurs.
Create an ObjectInputStream that reads from the specified InputStream.
The stream header containing the magic number and version number
are read from the stream and verified. This method will block
until the corresponding ObjectOutputStream has written and flushed the header.
Read an object from the ObjectInputStream.
The class of the object, the signature of the class, and the values
of the non-transient and non-static fields of the class and all
of its supertypes are read. Default deserializing for a class can be
overriden using the writeObject and readObject methods.
Objects referenced by this object are read transitively so
that a complete equivalent graph of objects is reconstructed by readObject.
The root object is completly restored when all of its fields
and the objects it references are completely restored. At this
point the object validation callbacks are executed in order
based on their registered priorities. The callbacks are
registered by objects (in the readObject special methods)
as they are individually restored.
Exceptions are thrown for problems with the InputStream and for classes
that should not be deserialized. All exceptions are fatal to the
InputStream and leave it in an indeterminate state; it is up to the caller
to ignore or recover the stream state.
Read the non-static and non-transient fields of the current class
from this stream. This may only be called from the readObject method
of the class being deserialized. It will throw the NotActiveException
if it is called otherwise.
Register an object to be validated before the graph is
returned. While similar to resolveObject these validations are
called after the entire graph has been reconstituted.
Typically, a readObject method will register the object with
the stream so that when all of the objects are restored a final
set of validations can be performed.
obj - the object to receive the validation callback.
prio - controls the order of callbacks;zero is a good default.
Use higher numbers to be called back earlier, lower numbers for later
callbacks. Within a priority, callbacks are processed in no
Subclasses may implement this method to allow classes to be
fetched from an alternate source.
The corresponding method in ObjectOutputStream is
annotateClass. This method will be invoked only once for each
unique class in the stream. This method can be implemented by
subclasses to use an alternate loading mechanism but must
return a Class object. Once returned, the serialVersionUID of the
class is compared to the serialVersionUID of the serialized class.
If there is a mismatch, the deserialization fails and an exception
By default the class name is resolved relative to the class
that called readObject.
This method will allow trusted subclasses of ObjectInputStream
to substitute one object for another during
deserialization. Replacing objects is disabled until
enableResolveObject is called. The enableResolveObject method
checks that the stream requesting to resolve object can be
trusted. Every reference to serializable objects is passed to
resolveObject. To insure that the private state of objects is
not unintentionally exposed only trusted streams may use
This method is called after an object has been read but before it is
returned from readObject. The default resolveObject method
just returns the new object.
When a subclass is replacing objects it must insure that the
substituted object is compatible with every field where the
reference will be stored. Objects whose type is not a subclass
of the type of the field or array element abort the
serialization by raising an exception and the object is not be
This method is called only once when each object is first encountered.
All subsequent references to the object will be redirected to the
Enable the stream to allow objects read from the stream to be replaced.
If the stream is a trusted class it is allowed to enable replacment.
Trusted classes are those classes with a classLoader equals null.
When enabled the resolveObject method is called for every object