Is It Possible to Dynamically Replace Marshallers on the Server Side Based on Request Metadata?

[amnagmv]

I'm working on securing gRPC communications between Java applications by encrypting payloads at the application level. On the client side, I was able to implement this cleanly using a ClientInterceptor that replaces the marshallers with custom ones that handle encryption and decryption.

However, on the server side, I’ve found that ServerInterceptor and ServerCallHandler don't allow replacing the MethodDescriptor or its marshallers dynamically. Since the marshaller is used before the interceptor runs, it’s not possible to decrypt the payload based on request-specific metadata — such as a sessionId passed in the headers.

The only workaround I’ve found is to use a wrapper protobuf message (e.g., EncryptedRequest) and manually decrypt the payload inside the service logic. While this works, it mixes transport-level concerns with business logic and reduces maintainability.

Is there currently a way to dynamically replace or configure marshallers per request on the server side?

[kannanjgithub]

No, it is not possible, for the reasons you have already mentioned. The farthest you can get on the server side with custom marshallers (but not dynamically on a per request basis) is by building your own ServerServiceDefinition with manually constructed MethodDescriptor instances using your custom marshallers.
Alternatively, transport-level security (like TLS) is recommended for securing gRPC communications, as it handles encryption/decryption at a lower layer, independent of application-level marshallers.

[amnagmv]

I am using TLS for securing the communications but I was searching for additional security in the application layer. I will stick with the wrapper protobuf message approach because the dynamic Marshaller creation is necessary for obtaining access to each client key.

Thank you so much for your response!