Details
Description
Since we have the ability to deserialize custom objects (implemented by IGNITE-12857) we should have the ability to limit the scope of classes allowed to safe deserialization.
There are already two system properties used for such purpose in Ignite:
/** Defines path to the file that contains list of classes allowed to safe deserialization.*/ public static final String IGNITE_MARSHALLER_WHITELIST = "IGNITE_MARSHALLER_WHITELIST"; /** Defines path to the file that contains list of classes disallowed to safe deserialization.*/ public static final String IGNITE_MARSHALLER_BLACKLIST = "IGNITE_MARSHALLER_BLACKLIST";
HTTP-REST should support these properties too.
Attachments
Issue Links
- relates to
-
IGNITE-12857 Add ability to put non-primitive data types via HTTP-REST
- Resolved
- links to