Lessons

Extending basic serialization in Java: when the automation of Serializable is not enough, the manual contract Externalizable with methods writeExternal/ readExternal comes to the rescue. In this lecture, we examine how to fully control the data format, reduce file size, and maintain backward compatibility; we compare it with the streams ObjectOutputStream/ ObjectInputStream, and show examples, pros/cons, and common pitfalls (the required public no-arg constructor, write/read order, etc.).

In this lecture, we examine how to influence the serialization and deserialization process in Java using the methods writeReplace and readResolve: why replace an object with a proxy, how to preserve a singleton, what to do with immutable objects, and how this relates to writeObject/ readObject. Step-by-step practice, a Mermaid flowchart of the operation flow, and a breakdown of common mistakes.

A practical guide to safe serialization in Java: why deserialization from untrusted sources is dangerous, how to defend using ObjectInputFilter, the transient keyword, an explicit serialVersionUID, type checks via instanceof, and alternative exchange formats (JSON/Proto). Inside — clear code examples, allowlist-based class filtering, and a breakdown of common mistakes.

In this lecture, we examine how Java performs deep serialization of an object graph: what happens to reference fields, why all nested objects must implement Serializable, how to avoid NotSerializableException, and in which cases the transient modifier helps. With examples, we will show serialization/deserialization of objects with nesting, collections, and cyclic references, and we will also break down common mistakes related to serialVersionUID and large object graphs.

How Java serializes complex data structures: from nested collections and inheritance hierarchies to cyclic object graphs. We’ll examine why serialization of Map<String, List<Book>> works, how concrete subtype information is preserved in List<Animal>, what the reference mechanism does in cycles, and which pitfalls you may encounter. We’ll discuss the roles of ObjectOutputStream/ ObjectInputStream, the writeObject/ readObject methods, the serialVersionUID field, and the transient modifier.

We examine what cyclic references are in object graphs, why they are dangerous for serialization, and how to deal with them. It is shown how Java’s standard streams — ObjectOutputStream/ ObjectInputStream — automatically track already encountered objects and write references (handles), preventing StackOverflowError. We will cover the pitfalls of custom serialization ( writeObject/ readObject, defaultWriteObject/ defaultReadObject), as well as strategies for handling cycles in JSON: annotations @JsonIdentityInfo, @JsonBackReference/ @JsonManagedReference, excluding fields via transient, and using identifiers.

How Java preserves and restores object identity during binary serialization: why equivalence via a. equals( b) is not the same as identity ( a == b), how ObjectOutputStream/ ObjectInputStream track the object graph and write “back references” instead of duplicates, why this works correctly with cycles, and how the methods writeReplace() and readResolve() can affect the resulting identity. Walkthrough with examples: cycles, shared references, practice, and common mistakes.

In this lecture, we break down the most frequent issues when serializing collections: from java.io.NotSerializableException (when elements do not implement Serializable) and generics pitfalls with ClassCastException to class version incompatibilities via serialVersionUID. We will discuss nuances of immutable collections ( List.of(), Set.of(), Map.of()), the behavior of transient/ static fields, as well as performance and file size, where streaming writes and compression ( GZIPOutputStream) help. You will get practical tips, code examples, and recommendations for safe deserialization ( readObject/ writeObject).

In this lecture we examine the risks of binary serialization in Java: why deserialization from untrusted sources is dangerous (“gadget chains”, RCE), what threats special methods like readObject and readResolve pose, and how to defend yourself (whitelisting, opting for JSON/ XML, safe libraries such as Jackson). We will look in detail at class version compatibility and the role of the serialVersionUID field, behavior on InvalidClassException, the constraints of transient/ static, performance, as well as best practices and common mistakes.

We analyse how type erasure ( type erasure) affects serialization of generic collections: why at runtime List<String> and List<Integer> are the same ArrayList, what exactly is written and read via ObjectOutputStream/ ObjectInputStream, where ClassCastException and warnings about unchecked casts come from. We will show examples with nested collections, Map/ Set, mention Gson/ Jackson, and formulate practices for safe deserialization.

We break down how to evolve serializable classes without breaking data: why you should fix serialVersionUID, how the JVM checks compatibility, which changes are safe (adding/removing fields) and which are critical (type changes, moving a class to another package). We’ll show the role of transient/ static, custom serialization techniques via writeObject/ readObject, how binary serialization differs from XML/JSON, strategies to ensure compatibility, and common pitfalls (for example, InvalidClassException).

How to safely evolve serializable classes in production: what happens when fields and types change, how class versioning works via serialVersionUID, when to change it and when to keep it, how to apply “lazy” migration via readObject/ readFields and in-place conversion, and what advanced techniques exist such as ObjectInputStream.readClassDescriptor(). We will go through a complete practical scenario with two class versions and typical mistakes, including traps like InvalidClassException.