Skip to content

New format for internal request headers

In cluster-internal requests, the information about the currently logged-in user and some more information is passed-on as serialized Java objects.

This has several downsides:

  • It is slow
  • The serialized binary data requires additional base 64 encoding/decoding, as request headers are passed as strings
  • It makes changing of package names and class names impossible

We want to replace these instances by simple string-based data which is passed by request headers. For the user object, this could look similar to this:

user_name;role1,role2,role3;backend-role1,backend-role2,backend-role3;{"attribute_1": 100, "attribute_2": {"a": true}}

(Exact format is to be discussed. The attributes need to be stored as JSON as they can be arbitrarily structured)

Necessary tasks include these:

  • Identify all places and purposes where serialization is used
  • Design a replacement format for all purposes
  • Implement the changes

Note: Keep in mind that the new mechanism needs to co-exist with the old mechanism in the compatibility edition