This example shows how to use ObjectOutputStream to write objects to a file in Java, aka Serialization.
public static void writeObjectToFile(Person obj, File file) throws IOException {
try (FileOutputStream fos = new FileOutputStream(file);
ObjectOutputStream oos = new ObjectOutputStream(fos)) {
oos.writeObject(obj);
oos.flush();
}
}Note
1. Java object
We can serialize or marshal an object which implements a Serializable interface.
Person.java
package com.favtuts.io.object;
import java.io.Serializable;
import java.math.BigDecimal;
public class Person implements Serializable {
private static final long serialVersionUID = -1;
private String name;
private int age;
// if transient, JVM ignore this field for serialization
private transient BigDecimal salary;
public Person(String name, int age, BigDecimal salary) {
this.name = name;
this.age = age;
this.salary = salary;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public int getAge() {
return age;
}
public void setAge(int age) {
this.age = age;
}
public BigDecimal getSalary() {
return salary;
}
public void setSalary(BigDecimal salary) {
this.salary = salary;
}
@Override
public String toString() {
return "Person{" +
"name='" + name + '\'' +
", age=" + age +
", salary=" + salary +
'}';
}
}
2. Write Object to File
The below example will write the Person object into a file named person.bin.
HelloSerializationFile.java
package com.favtuts.io.object;
import java.io.*;
import java.math.BigDecimal;
public class HelloSerializationFile {
public static void main(String[] args) throws IOException, ClassNotFoundException {
Person person = new Person("favtuts", 50, new BigDecimal(1000));
File file = new File("person.bin");
writeObjectToFile(person, file);
Person p = readObjectFromFile(file);
System.out.println(p);
}
// Serialization
// Save object into a file
public static void writeObjectToFile(Person obj, File file) throws IOException {
try (FileOutputStream fos = new FileOutputStream(file);
ObjectOutputStream oos = new ObjectOutputStream(fos)
) {
oos.writeObject(obj);
oos.flush();
}
}
// Deserialization
// Get object from a file
public static Person readObjectFromFile(File file) throws IOException, ClassNotFoundException {
Person result = null;
try (FileInputStream fis = new FileInputStream(file);
ObjectInputStream ois = new ObjectInputStream(fis)
) {
result = (Person) ois.readObject();
}
return result;
}
}
Output
Person{name='favtuts', age=50, salary=null}3. More Serialization examples
// Serialization
// Save object into a file.
public static void writeObjectToFile(Person obj, File file) throws IOException {
try (FileOutputStream fos = new FileOutputStream(file);
ObjectOutputStream oos = new ObjectOutputStream(fos)) {
oos.writeObject(obj);
oos.flush();
}
}
// Serialization
// Convert object to OutputStream
public static void writeObjectToStream(Object obj, OutputStream output) throws IOException {
try (ObjectOutputStream oos = new ObjectOutputStream(output)) {
oos.writeObject(obj);
oos.flush();
}
}
// Serialization
// Convert object to byte[]
public static byte[] writeObjectToStream(Object obj) {
ByteArrayOutputStream boas = new ByteArrayOutputStream();
try (ObjectOutputStream ois = new ObjectOutputStream(boas)) {
ois.writeObject(obj);
return boas.toByteArray();
} catch (IOException ioe) {
ioe.printStackTrace();
}
throw new RuntimeException();
}
Download Source Code
$ git clone https://github.com/favtuts/java-core-tutorials-examples
$ cd java-io/object
References
- JavaDoc ObjectOutputStream
- Java Serialization and Deserialization examples
- Serialization Filtering
- OWASP – Deserialization of untrusted data
- Brian Goetz – Towards Better Serialization
- Evil Pickles: DoS attacks based on Object-Graph Engineering
- Java Object Serialization Specification
- How to read an object from file in Java (ObjectInputStream)