You need to write and (later) read objects.

Use the object stream classes, ObjectInputStream and ObjectOutputStream.

Object serialization is the ability to convert in-memory objects to an external form that can be sent serially (a byte at a time) and back again. The “and back again” may happen at a later time, or in another JVM on another computer (even one that has a different byte order); Java handles differences between machines. ObjectInputStream and ObjectOutputStream are specialized stream classes designed to read and write objects. They can be used to save objects to disk, as I’ll show here, and are also useful in passing objects across a network connection, as I’ll show in Section 15.7. This fact was not lost on the designers of the remote methods invocation, or RMI (see Chapter 22), which uses them for transporting the data involved in remote method calls.

As you might imagine, if we pass an object such as MyData to the writeObject method, and writeObject notices that one of the fields is itself an object such as a String, that data will get serialized properly. In other words, writeObject works recursively. So, we will give it an ArrayList of data objects. The first is a java.util.Date, for versioning purposes. All remaining objects are of type MyData.

To be serializable, the data must implement the empty Serializable interface. Also, the keyword transient can be used for any data that should not be serialized. You might need to do this for security, or to prevent attempts to serialize a reference to an object from a non-serializable class. Here we use it to prevent the unencrypted passwords from being saved where they might be readable:

import java.io.*;
import java.util.*;

class MyData implements Serializable {
    String userName;
    String passwordCypher;
    transient String passwordClear;
    public MyData(String name, String clear) {
        userName = name;
        // Save the clear text p/w in the object, it won't get serialized
        passwordClear = clear;
        // So we must save the encryption! Encryption not shown here.
        passwordCypher = DES.encrypt(passwordClear);
    }
}

public class Serialize {
    protected static final String FILENAME = "serial.dat";

    public static void main(String s[]) throws IOException {
        ArrayList v = new ArrayList(  );
        // Gather the data
        MyData u1 = new MyData("Ian Darwin", "secret_java_cook");
        v.add(new Date(  ));
        v.add(u1);
        v.add(new MyData("Abby Brant", "dujordian"));
        // Save the data to disk.
        ObjectOutputStream os = new ObjectOutputStream(
            new FileOutputStream(FILENAME));
        os.writeObject(v);
        os.close(  );
    }
}

There are many other ways to serialize objects, depending upon your interchange goals. One way would be to write the individual data members into an XML file (see Chapter 21).