[ https://issues.apache.org/jira/browse/IGNITE-12962?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pavel Pereslegin reassigned IGNITE-12962: ----------------------------------------- Assignee: Pavel Pereslegin > Blacklist and whitelist of classes allowed to deserialize via HTTP-REST > should be supported > ------------------------------------------------------------------------------------------- > > Key: IGNITE-12962 > URL: https://issues.apache.org/jira/browse/IGNITE-12962 > Project: Ignite > Issue Type: Improvement > Components: rest > Reporter: Aleksey Plekhanov > Assignee: Pavel Pereslegin > Priority: Major > > Since we have the ability to deserialize custom objects (implemented by > IGNITE-12857) we should have the ability to limit the scope of classes > allowed to safe deserialization. > There are already two system properties used for such purpose in Ignite: > {code:java} > /** Defines path to the file that contains list of classes allowed to safe > deserialization.*/ > public static final String IGNITE_MARSHALLER_WHITELIST = > "IGNITE_MARSHALLER_WHITELIST"; > /** Defines path to the file that contains list of classes disallowed to safe > deserialization.*/ > public static final String IGNITE_MARSHALLER_BLACKLIST = > "IGNITE_MARSHALLER_BLACKLIST";{code} > HTTP-REST should support these properties too. > -- This message was sent by Atlassian Jira (v8.3.4#803005)