[
https://issues.apache.org/jira/browse/IGNITE-12962?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17101526#comment-17101526
]
Ignite TC Bot commented on IGNITE-12962:
----------------------------------------
{panel:title=Branch: [pull/7773/head] Base: [master] : No blockers
found!|borderStyle=dashed|borderColor=#ccc|titleBGColor=#D6F7C1}{panel}
[TeamCity *--> Run :: All*
Results|https://ci.ignite.apache.org/viewLog.html?buildId=5285460&buildTypeId=IgniteTests24Java8_RunAll]
> Blacklist and whitelist of classes allowed to deserialize via HTTP-REST
> should be supported
> -------------------------------------------------------------------------------------------
>
> Key: IGNITE-12962
> URL: https://issues.apache.org/jira/browse/IGNITE-12962
> Project: Ignite
> Issue Type: Improvement
> Components: rest
> Reporter: Aleksey Plekhanov
> Assignee: Pavel Pereslegin
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Since we have the ability to deserialize custom objects (implemented by
> IGNITE-12857) we should have the ability to limit the scope of classes
> allowed to safe deserialization.
> There are already two system properties used for such purpose in Ignite:
> {code:java}
> /** Defines path to the file that contains list of classes allowed to safe
> deserialization.*/
> public static final String IGNITE_MARSHALLER_WHITELIST =
> "IGNITE_MARSHALLER_WHITELIST";
> /** Defines path to the file that contains list of classes disallowed to safe
> deserialization.*/
> public static final String IGNITE_MARSHALLER_BLACKLIST =
> "IGNITE_MARSHALLER_BLACKLIST";{code}
> HTTP-REST should support these properties too.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
