"alessio.soldano(a)jboss.com" wrote : Those metadata include virtual files that are not available on client side when deserialization occurs. OK, then the first problem is leaking this information to the client. Who's responsible for putting that VF there? Perhaps implementing writeObject on that metadata to exclude the VF? While we also have some problems with the serialization itself: - http://www.jboss.org/index.html?module=bb&op=viewtopic&t=131031 We need to work out how to properly deserialize more-than-first-level nested jars. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4133808#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...