Here you can find the source of deserialize(byte[] buf)
public static <T extends Serializable> T deserialize(byte[] buf)
//package com.java2s; //License from project: Open Source License import java.io.*; public class Main { public static <T extends Serializable> T deserialize(byte[] buf) { try {//from ww w.j av a 2 s .com ByteArrayInputStream bis = null; try { bis = new ByteArrayInputStream(buf); ObjectInputStream oin = null; try { oin = new ObjectInputStream(bis); return (T) oin.readObject(); } finally { if (oin != null) { try { oin.close(); } catch (IOException e) { /* NOP */ } } } } finally { if (bis != null) { try { bis.close(); } catch (IOException e) { /* NOP */ } } } } catch (Exception e) { throw new RuntimeException(e); } } public static <T extends Externalizable> void deserialize(byte[] buf, T obj) { try { deserializeSafe(buf, obj); } catch (Exception e) { throw new RuntimeException(e); } } public static <T extends Externalizable> void deserializeSafe(byte[] buf, T obj) throws IOException, ClassNotFoundException { ByteArrayInputStream bis = null; try { bis = new ByteArrayInputStream(buf); ObjectInputStream oin = null; try { oin = new ObjectInputStream(bis); obj.readExternal(oin); } finally { if (oin != null) { try { oin.close(); } catch (IOException e) { /* NOP */ } } } } finally { if (bis != null) { try { bis.close(); } catch (IOException e) { /* NOP */ } } } } }