[IGNITE-12962] Blacklist and whitelist of classes allowed to deserialize via HTTP-REST should be supported - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.9
Component/s: rest
Labels:
None

Ignite Flags:

Docs Required, Release Notes Required

Description

Since we have the ability to deserialize custom objects (implemented by ~~IGNITE-12857~~) we should have the ability to limit the scope of classes allowed to safe deserialization.

There are already two system properties used for such purpose in Ignite:

/** Defines path to the file that contains list of classes allowed to safe deserialization.*/
public static final String IGNITE_MARSHALLER_WHITELIST = "IGNITE_MARSHALLER_WHITELIST";

/** Defines path to the file that contains list of classes disallowed to safe deserialization.*/
public static final String IGNITE_MARSHALLER_BLACKLIST = "IGNITE_MARSHALLER_BLACKLIST";

HTTP-REST should support these properties too.

Attachments

Issue Links

relates to

IGNITE-12857 Add ability to put non-primitive data types via HTTP-REST

Resolved

links to

GitHub Pull Request #7773

TC RunAll

Activity

People

Assignee:: Pavel Pereslegin

Reporter:: Aleksey Plekhanov

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 28/Apr/20 12:35

Updated:: 12/May/20 14:44

Resolved:: 12/May/20 14:44

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

10m