Servlet-API-based HTTP request handler that exports the specified service bean
as HTTP invoker service endpoint, accessible via an HTTP invoker proxy.
Deserializes remote invocation objects and serializes remote invocation
result objects. Uses Java serialization just like RMI, but provides the
same ease of setup as Caucho's HTTP-based Hessian protocol.
HTTP invoker is the recommended protocol for Java-to-Java remoting.
It is more powerful and more extensible than Hessian, at the expense of
being tied to Java. Nevertheless, it is as easy to set up as Hessian,
which is its main advantage compared to RMI.
WARNING: Be aware of vulnerabilities due to unsafe Java deserialization:
Manipulated input streams could lead to unwanted code execution on the server
during the deserialization step. As a consequence, do not expose HTTP invoker
endpoints to untrusted clients but rather just between your own services.
In general, we strongly recommend any other message format (e.g. JSON) instead.