Java serializable security over TCP

Question 1

There are two ways that I can think up of: CipherOutputStream and SSLSocket

CipherOutputStream:

byte[] keyBytes = "1234123412341234".getBytes();
final byte[] ivBytes = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 
     0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; //example

final SecretKey key = new SecretKeySpec(keyBytes, "AES");
final IvParameterSpec IV = new IvParameterSpec(ivBytes);
final Cipher cipher = Cipher.getInstance("AES/CFB8/NoPadding"); 
cipher.init(Cipher.ENCRYPT_MODE, key, IV);

//assuming your Socket is called "socket"
CipherOutputStream cstream = new CipherOutputStream(socket.getOutputStream(), cipher);
... 
//code to write ChatMessage object

OR, you can use SSL: how to do ssl socket programming

Question 2

Here's how you do it in pseudocode, assuming you need a secure system providing data Confidentiality, Integrity and User Authenticity. (http://en.wikipedia.org/wiki/Information_security). These are the general requirements for a secure chat system anyways.

Use Public Key Crypto to give each a public/private key pair
When a chat is started between 2 users for the first time, user A generates a Symmetric Key SK to be used to encrypt the messages between himself and user B.
User A Encrypt the SK with the public key of B and send it to B
B decrypt the SK and now they use SK to encrypt further messages between them.

Now you can go learn these concepts and they fairly straightforward to implement. For Algorithms, the most popular used are:

RSA for Public Key Encryption
AES for Symmetric Key Encryption

Both of these algorithms have Java implementations available, checkout the Bouncy Castle crypto API package.

Note: If you are using a web application, and just need to securely transfer the messages, you can use SSL as someone suggested in the comments.