New Ideas for features

[ettisan]

Hi,

I've recently written a similar library. Since it does not make a lot of sense to have two similar open source libraries I've ported the additional features to SerialKiller.

These features are:

• More flexibility for blacklist and whitelist rules (AND-, NOT-, OR-expressions, etc.). The API is extensible to allow additional rule types (I have a few ideas for future development: e.g. the class to be deserialized must implement Interface x, ...). This makes it a lot easier to implement a restrictive whitelist.
• Allow creation of a deserialization policy at runtime. IMHO this makes code more readable since the policy is not in a separate file. Also, currently SerialKiller seems to not accept file paths relative to the classpath - that may be a problem for many developers/organizations.
• More flexibility when handling deserialization policy violations: log the violation, throw an exception or implement a custom handler.

I've pushed the draft version here: https://github.com/ettisan/SerialKiller/tree/runtime_configuration

I'd appreciate feedback regarding the API, etc. If you think that the features should be part of the mainline SerialKiller let me know - I would then continue to develop this branch towards release quality.