Aleksey Plekhanov created IGNITE-12962:
------------------------------------------
Summary: Blacklist and whitelist of classes allowed to deserialize
via HTTP-REST should be supported
Key: IGNITE-12962
URL: https://issues.apache.org/jira/browse/IGNITE-12962
Project: Ignite
Issue Type: Improvement
Components: rest
Reporter: Aleksey Plekhanov
Since we have the ability to deserialize custom objects (implemented by
IGNITE-12857) we should have the ability to limit the scope of classes allowed
to safe deserialization.
There are already two system properties used for such purpose in Ignite:
{code:java}
/** Defines path to the file that contains list of classes allowed to safe
deserialization.*/
public static final String IGNITE_MARSHALLER_WHITELIST =
"IGNITE_MARSHALLER_WHITELIST";
/** Defines path to the file that contains list of classes disallowed to safe
deserialization.*/
public static final String IGNITE_MARSHALLER_BLACKLIST =
"IGNITE_MARSHALLER_BLACKLIST";{code}
HTTP-REST should support these properties too.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
