Class SerializationUtils

java.lang.Object
org.springframework.util.SerializationUtils
public abstract class SerializationUtils extends Object
Static utilities for serialization and deserialization using Java Object Serialization.

WARNING: These utilities should be used with caution. See Secure Coding Guidelines for the Java Programming Language for details.

Since:
3.0.5
Author:
Dave Syer, Loïc Ledoyen, Sam Brannen

  • Constructor Details

    • SerializationUtils

      public SerializationUtils()

  • Method Details

    • serialize

      @Contract("null -> null") public static byte @Nullable [] serialize(@Nullable Object object)
      Serialize the given object to a byte array.
      Parameters:
      object - the object to serialize
      Returns:
      an array of bytes representing the object in a portable fashion

    • deserialize

      @Deprecated(since="6.0") @Contract("null -> null") public static @Nullable Object deserialize(byte @Nullable [] bytes)
      Deprecated.
      This utility uses Java Object Serialization, which allows arbitrary code to be run and is known for being the source of many Remote Code Execution (RCE) vulnerabilities.

      Prefer the use of an external tool (that serializes to JSON, XML, or any other format) which is regularly checked and updated for not allowing RCE.

      Deserialize the byte array into an object.
      Parameters:
      bytes - a serialized object
      Returns:
      the result of deserializing the bytes

    • clone

      public static <T extends Serializable> T clone(T object)
      Clone the given object using Java Object Serialization.
      Type Parameters:
      T - the type of the object to clone
      Parameters:
      object - the object to clone
      Returns:
      a clone (deep-copy) of the given object
      Since:
      6.0