org.springframework.util

Class SerializationUtils

java.lang.Object

org.springframework.util.SerializationUtils

public abstract class SerializationUtils
extends Object

Static utilities for serialization and deserialization using Java Object Serialization.

WARNING: These utilities should be used with caution. See Secure Coding Guidelines for the Java Programming Language for details.

Since:

3.0.5

Author:

Dave Syer, Loïc Ledoyen, Sam Brannen

Constructor Summary

Constructors

Constructor and Description
SerializationUtils()

Method Summary

Modifier and Type	Method and Description
static Object	deserialize(byte[] bytes) Deserialize the byte array into an object.
static byte[]	serialize(Object object) Serialize the given object to a byte array.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SerializationUtils

public SerializationUtils()

Method Detail

serialize

@Nullable
public static byte[] serialize(@Nullable
                                         Object object)

Serialize the given object to a byte array.

Parameters:

object - the object to serialize

Returns:

an array of bytes representing the object in a portable fashion

deserialize

@Nullable
public static Object deserialize(@Nullable
                                           byte[] bytes)

Deserialize the byte array into an object.

WARNING: This utility will be deprecated in Spring Framework 6.0 since it uses Java Object Serialization, which allows arbitrary code to be run and is known for being the source of many Remote Code Execution (RCE) vulnerabilities. Prefer the use of an external tool (that serializes to JSON, XML, or any other format) which is regularly checked and updated for not allowing RCE.

Parameters:

bytes - a serialized object

Returns:

the result of deserializing the bytes