A question came up recently about supporting other serialization protocols.
JERI currently has three layers to it's protocol stack:
Invocation Layer,
Object identification layer
Transport layer.
Java Serialization doesn't have a public API, I think this would be one
reason there is no serialization layer in JERI.
One might wonder, why does JERI need a serialization layer, people can
implement an Exporter, similar IIOP and RMI. Well the answer is quite
simple, it allows separation of the serialization layer from the
transport layer, eg TLS, TCP, Kerberos or other transport layer people
may wish to implement. Currently someone implementing an Exporter
would also require a transport layer and that may or may not already exist.
In recent years I re-implemented de-serialization for security reasons,
while doing so, I created a public and explicit de-serialization API, I
have not implemented an explicit serialization API, it, or something
similar could easily be used as a serialization provider interface,
which would allow wrappers for various serialization protocols to be
implemented.
--
Regards,
Peter Firmstone
0498 286 363
Zeus Project Services Pty Ltd.
