Objects pass from the server to a client application in serialized form. For an object to be sent to a client application, it must implement the Serializable interface. Fortunately, this is a very simple task.
The Serializable interface contains no methods and no variables. Serializing an object converts it into a byte stream which allows it to be saved to disk or sent to another Java application where it can be reconstituted, or deserialized.
A serialized Java object in a database server, sent to a client application and deserialized, is identical in every way to its original state. Some variables in an object, however, either don't need to be or, for security reasons, should not be serialized. Those variables are declared using the keyword transient, as in the following variable declaration.
transient String password;
When an object with this variable is deserialized, the variable always contains its default value, null.
Custom serialization can be accomplished by adding writeObject() and readObject() methods to your class.
For more information about serialization, see Sun Microsystems' Java Development Kit (JDK).