As we know the memento pattern is without violating encapsulation, capturing and externalize a object's internal state and can be reclaimed later without knowledge of the orginal state.

My question comes here how java.io.Serializable is coming under this pattern because when ever we are serializing any private variable and writing the object state to a file at the same time the private varible's value is open to the world and the encapsulation seems to be failing here.

The Wikipedia article on the Memento pattern does not mention anything about encapsulation, in fact, the example given there captures exactly the state held in a private variable in a Memento.

Encapsulation ('A language mechanism for restricting access to some of the object's components') refers to how you have to write code in order change an object's internal state.

The internal state of an object could however have been determined by external input such as the content of a string depends on the file which it was read from or what data was received from the network. A checkbox' state depends on whether the user has checked it or not while the corresponding field in the class might have private access and the state might be read-only for other classes.

Protecting fields by putting them under private access is meant to help the developer keep the states of objects in a consistent state, i.e. avoid that fields are set to an inconsistent state from code outside that class (for example if the value of field A depends on the value of field B).

It has nothing to do with 'privacy' in the sense that this data is considered to be secret. Of course, one could write another class which then reads the serialized private fields and makes them publicly available in a different class or you could even edit the serialized file but I'm not sure what one would gain from this.

My understanding is the Memento pattern doesn't specify anything about the format/opacity/security of the memento/token itself. The memento's format (human-readable, fully-encrypted, or anywhere in between) is irrelevant to the pattern itself.

I would argue that Serialization (XML or binary) is a fine example of a Memento implementation. The fact that it exposes object internals may mean that it isn't the best implementation for your project. However, it's still a valid implementation of the pattern. :)

From Wikipedia's encapsulation article: In a programming language encapsulation is used to refer to one of two related but distinct notions, and sometimes to the combination thereof:

• A language mechanism for restricting access to some of the object's components.
• A language construct that facilitates the bundling of data with the methods (or other functions) operating on that data.

From the opaque object article: The contents are opaque and not usually interpreted until the recipient passes the cookie (or in our cause, the object) data back to the sender or perhaps another program at a later time.

Encapsulation is not broken. The memento pattern prevents the caretaker object from changing the memento object, so that the originator can take it for rollback or other utilities.