[ https://issues.apache.org/jira/browse/IGNITE-12962?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17101526#comment-17101526 ]
Ignite TC Bot commented on IGNITE-12962: ---------------------------------------- {panel:title=Branch: [pull/7773/head] Base: [master] : No blockers found!|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1}{panel} [TeamCity *--> Run :: All* Results|https://ci.ignite.apache.org/viewLog.html?buildId=5285460&buildTypeId=IgniteTests24Java8_RunAll] > Blacklist and whitelist of classes allowed to deserialize via HTTP-REST > should be supported > ------------------------------------------------------------------------------------------- > > Key: IGNITE-12962 > URL: https://issues.apache.org/jira/browse/IGNITE-12962 > Project: Ignite > Issue Type: Improvement > Components: rest > Reporter: Aleksey Plekhanov > Assignee: Pavel Pereslegin > Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > Since we have the ability to deserialize custom objects (implemented by > IGNITE-12857) we should have the ability to limit the scope of classes > allowed to safe deserialization. > There are already two system properties used for such purpose in Ignite: > {code:java} > /** Defines path to the file that contains list of classes allowed to safe > deserialization.*/ > public static final String IGNITE_MARSHALLER_WHITELIST = > "IGNITE_MARSHALLER_WHITELIST"; > /** Defines path to the file that contains list of classes disallowed to safe > deserialization.*/ > public static final String IGNITE_MARSHALLER_BLACKLIST = > "IGNITE_MARSHALLER_BLACKLIST";{code} > HTTP-REST should support these properties too. > -- This message was sent by Atlassian Jira (v8.3.4#803005)