Aswin wrote:Based on my limited experiences with RMI I know that for RMI to work both server and client side of the software must be in the same JAR for security reasons. Also for this reason it is not a solution for your problem.
I'm not sure what you mean, Aswin. There are no security issues with having two JARs for server and clients. However, you get into trouble if the server and client are compiled from different sources since
1) unless explicitly defined, the compiler generated a serial number for each class, and RMI checks whether the serial number of the classes on client and server side match. If they don't match, RMI will refuse to de-serialize objects sent from server to client or vice versa. I could be wrong, but the serial number is some kind of "checksum" on the fields and their names in the class.
2) if the serial number is defined manually, the programmer has to take care that the set of fields in the class never change (apart from transient fields, I assume). If the programmer intends to perform changes in the future, read/writeObject methods need to be provided that read/write the same binary format.
Usually, people just use the same source for both sides (client and server) and simply let the compiler determine the serial number. It doesn't matter whether the *.class files are from the same build or not. The serial number generated by the compiler is deterministic, as far as I'm aware.