[
https://issues.apache.org/jira/browse/IGNITE-12962?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pavel Pereslegin reassigned IGNITE-12962:
-----------------------------------------
Assignee: Pavel Pereslegin
> Blacklist and whitelist of classes allowed to deserialize via HTTP-REST
> should be supported
> -------------------------------------------------------------------------------------------
>
> Key: IGNITE-12962
> URL: https://issues.apache.org/jira/browse/IGNITE-12962
> Project: Ignite
> Issue Type: Improvement
> Components: rest
> Reporter: Aleksey Plekhanov
> Assignee: Pavel Pereslegin
> Priority: Major
>
> Since we have the ability to deserialize custom objects (implemented by
> IGNITE-12857) we should have the ability to limit the scope of classes
> allowed to safe deserialization.
> There are already two system properties used for such purpose in Ignite:
> {code:java}
> /** Defines path to the file that contains list of classes allowed to safe
> deserialization.*/
> public static final String IGNITE_MARSHALLER_WHITELIST =
> "IGNITE_MARSHALLER_WHITELIST";
> /** Defines path to the file that contains list of classes disallowed to safe
> deserialization.*/
> public static final String IGNITE_MARSHALLER_BLACKLIST =
> "IGNITE_MARSHALLER_BLACKLIST";{code}
> HTTP-REST should support these properties too.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
