Aleksey Plekhanov created IGNITE-12962:
------------------------------------------
Summary: Blacklist and whitelist of classes allowed to deserialize via HTTP-REST should be supported
Key: IGNITE-12962
URL:
https://issues.apache.org/jira/browse/IGNITE-12962 Project: Ignite
Issue Type: Improvement
Components: rest
Reporter: Aleksey Plekhanov
Since we have the ability to deserialize custom objects (implemented by IGNITE-12857) we should have the ability to limit the scope of classes allowed to safe deserialization.
There are already two system properties used for such purpose in Ignite:
{code:java}
/** Defines path to the file that contains list of classes allowed to safe deserialization.*/
public static final String IGNITE_MARSHALLER_WHITELIST = "IGNITE_MARSHALLER_WHITELIST";
/** Defines path to the file that contains list of classes disallowed to safe deserialization.*/
public static final String IGNITE_MARSHALLER_BLACKLIST = "IGNITE_MARSHALLER_BLACKLIST";{code}
HTTP-REST should support these properties too.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
