how does java deserialize an object whose class isn't on the classpath but whose superclass is?

Say I have class Foo that extends Bar. I create an instance of Foo and serialize it to a file.

Some other code reads that file and attempts to recreat开发者_高级运维e the instances it contains. Class Bar is visible to this code but not class Foo.

How is it able to deserialize back into an instance of Bar? Is class hierarchy metadata included in the serialized output?

It simply can't deserialize it. The class must be present in the class path.

the only way it could work is if the code that serialized the instance, first serialized the class bytes, and on the reader side, the class bytes were read, and a class loader was used to create the deserialized class before reading the instance.