[jboss-jira] [JBoss JIRA] (WFLY-13077) Support protostream-based marshalling of user objects
Paul Ferraro (Jira)
issues at jboss.org
Mon Feb 10 07:21:27 EST 2020
[ https://issues.redhat.com/browse/WFLY-13077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Ferraro updated WFLY-13077:
--------------------------------
Description:
Currently, WildFly uses JBoss Marshalling to marshal user objects (session attributes, SFSB instances) for the purposes of replication and persistence.
Protostream (developed by the Infinispan team) offers several advantages over JBoss Marshalling.
* Lower memory footprint (marshalling schemas are built during compilation time)
* Faster marshalling - as it does not rely on reflection
* Produces generally smaller replication payloads (see https://docs.google.com/spreadsheets/d/1f6FlXqxX7dYm44naHZfqLc5TjqlmscIdGyyfmt5I3f4/edit?usp=sharing )
* Resolves security concerns due to JBM's reliance on reflection and Java serialization inherently permitting arbitrary execution of rogue code
* JBoss Marshalling is effectively in maintenance mode
We can either auto-detect the intended marshaller by looking for requisite SerializationContextInitializers in the deployment classpath, and/or use an explicit configuration attribute.
was:
Currently, WildFly uses JBoss Marshalling to marshal user objects (session attributes, SFSB instances) for the purposes of replication and persistence.
Protostream (developed by the Infinispan team) offers several advantages over JBoss Marshalling.
* Lower memory footprint (marshalling schemas are built during compilation time)
* Faster marshalling - as it does not rely on reflection
* Produces generally smaller replication payloads (see https://docs.google.com/spreadsheets/d/1f6FlXqxX7dYm44naHZfqLc5TjqlmscIdGyyfmt5I3f4/edit?usp=sharing )
* Resolves security concerns due to JBM's reliance on reflection and Java serialization inherently permitting arbitrary execution of rogue code
* JBoss Marshalling is effectively in maintenance mode
> Support protostream-based marshalling of user objects
> -----------------------------------------------------
>
> Key: WFLY-13077
> URL: https://issues.redhat.com/browse/WFLY-13077
> Project: WildFly
> Issue Type: Feature Request
> Reporter: Paul Ferraro
> Priority: Major
>
> Currently, WildFly uses JBoss Marshalling to marshal user objects (session attributes, SFSB instances) for the purposes of replication and persistence.
> Protostream (developed by the Infinispan team) offers several advantages over JBoss Marshalling.
> * Lower memory footprint (marshalling schemas are built during compilation time)
> * Faster marshalling - as it does not rely on reflection
> * Produces generally smaller replication payloads (see https://docs.google.com/spreadsheets/d/1f6FlXqxX7dYm44naHZfqLc5TjqlmscIdGyyfmt5I3f4/edit?usp=sharing )
> * Resolves security concerns due to JBM's reliance on reflection and Java serialization inherently permitting arbitrary execution of rogue code
> * JBoss Marshalling is effectively in maintenance mode
> We can either auto-detect the intended marshaller by looking for requisite SerializationContextInitializers in the deployment classpath, and/or use an explicit configuration attribute.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list