How to use enableDefaultTyping in 2.10.0?
93 views
Skip to first unread message
Guido Medina
Sep 27, 2019, 5:29:05 AM9/27/19
to jackson-user
For the following code snippet:
The enableDefaultTyping is now deprecated, I have looked for alternatives within the builder but it is not very straight forward, how can I accomplish this again without using its deprecated form?
public static final ObjectMapper USER_PREFS_MAPPER = configureDefaultObjectMapper(JsonMapper.builder(SmileFactory.builder() .disable(ENCODE_BINARY_AS_7BIT) .enable(CHECK_SHARED_STRING_VALUES) .build()).build() ).enableDefaultTyping(ObjectMapper.DefaultTyping.JAVA_LANG_OBJECT, JsonTypeInfo.As.WRAPPER_ARRAY);The enableDefaultTyping is now deprecated, I have looked for alternatives within the builder but it is not very straight forward, how can I accomplish this again without using its deprecated form?
Marc Dzaebel
Sep 27, 2019, 5:41:53 AM9/27/19
to jackson-user
Guido,
I already asked such questions in the "polymorphic serialization" issue but I agree, that we'd need an adapted documentation on this topic. You might look in test samples with JsonMapper.builder().activateDefaultTyping(...).
Marc
Guido Medina
Sep 27, 2019, 6:25:36 AM9/27/19
to jackson-user
So, will then the following provide me the same functionality?
public static final ObjectMapper USER_PREFS_MAPPER = configureDefaultObjectMapper(JsonMapper.builder(
SmileFactory.builder() .disable(ENCODE_BINARY_AS_7BIT) .enable(CHECK_SHARED_STRING_VALUES) .build()) .activateDefaultTyping(LaissezFaireSubTypeValidator.instance, ObjectMapper.DefaultTyping.JAVA_LANG_OBJECT, JsonTypeInfo.As.WRAPPER_ARRAY).build());Guido Medina
Sep 27, 2019, 6:32:31 AM9/27/19
to jackson-user
Though this form look more standard?
public static final ObjectMapper USER_PREFS_MAPPER = configureDefaultObjectMapper(JsonMapper.builder(SmileFactory.builder() .disable(ENCODE_BINARY_AS_7BIT) .enable(CHECK_SHARED_STRING_VALUES) .build()) .activateDefaultTyping(BasicPolymorphicTypeValidator.builder().build(), ObjectMapper.DefaultTyping.JAVA_LANG_OBJECT, JsonTypeInfo.As.WRAPPER_ARRAY).build() );Guido Medina
Sep 27, 2019, 6:43:57 AM9/27/19
to jackson-user
Had to go back to LaissezFaireSubTypeValidator.instance as I'm getting an exception when using the default generated by BasicPolymorphicTypeValidator.builder().build()
Tatu Saloranta
Sep 27, 2019, 4:03:21 PM9/27/19
to jackson-user
directly in `ObjectMapper` (builder is compatible with next major
version 3.0, direct method not):
https://github.com/FasterXML/jackson-databind/issues/2428
Both require use of `PolymorphicTypeValidator`: currently the best
(only?) examples are in unit tests, like:
src/test/java/com/fasterxml/jackson/databind/jsontype/vld/BasicPTVTest.java
but I need to write documentation.
Actually, it would be GREAT if others could help cover this area. But
until then, usage would look like this:
final PolymorphicTypeValidator ptv =
BasicPolymorphicTypeValidator.builder()
.allowIfBaseType(BaseValue.class)
.build();
// Note: 2.10 adds `SmileMapper` for type-safe construction
ObjectMapper mapper = SmileMapper.builder()
.activateDefaultTyping(ptv, DefaultTyping.NON_FINAL)
.build();
where all subtypes are ok, as long as declared field type is `BaseValue`.
`BasicPolymorphicTypeValidator` has a few other mechanisms, and you
can also just implement your own.
I hope this helps,
-+ Tatu +-
>
> --
> You received this message because you are subscribed to the Google Groups "jackson-user" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jackson-user...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jackson-user/3c78a8fd-9bb0-41f0-807f-6f42fc2a014b%40googlegroups.com.
Tatu Saloranta
Sep 27, 2019, 4:07:15 PM9/27/19
to jackson-user
On Fri, Sep 27, 2019 at 3:43 AM Guido Medina <oxy...@gmail.com> wrote:
>
> Had to go back to LaissezFaireSubTypeValidator.instance as I'm getting an exception when using the default generated by BasicPolymorphicTypeValidator.builder().build()
Yes. This is a very important point, regarding security (as per
>
> Had to go back to LaissezFaireSubTypeValidator.instance as I'm getting an exception when using the default generated by BasicPolymorphicTypeValidator.builder().build()
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062):
- Default state for `BasicPolymorphictypeValidator` is NOT to allow
any type when asked: you will need to add "allow" rules.
- `LaissezFairSubTypeValidator` is only provided for
backwards-compatibility needs: I do not recommend its use (and it will
not be included in 3.0) BUT can be used on 2.x for, ideally only for
tests.
Also note that validator is not called for types for which
deserializer is explicitly registered: so, most JDK types, 3rd party
datatypes handled by datatype libraries, are fine as-is.
In practice it's your POJOs (Beans) and, well, malicious gadgets ( :)
) that will be validated.
-+ Tatu +-
>
> On Friday, September 27, 2019 at 11:32:31 AM UTC+1, Guido Medina wrote:
>>
>> Though this form look more standard?
>>
>>
>> public static final ObjectMapper USER_PREFS_MAPPER = configureDefaultObjectMapper(JsonMapper.builder(SmileFactory.builder()
>> .disable(ENCODE_BINARY_AS_7BIT)
>> .enable(CHECK_SHARED_STRING_VALUES)
>> .build())
>> .activateDefaultTyping(BasicPolymorphicTypeValidator.builder().build(), ObjectMapper.DefaultTyping.JAVA_LANG_OBJECT, JsonTypeInfo.As.WRAPPER_ARRAY).build()
>> );
>>
>>
>>
>> On Friday, September 27, 2019 at 11:25:36 AM UTC+1, Guido Medina wrote:
>>>
>>> So, will then the following provide me the same functionality?
>>>
>>> public static final ObjectMapper USER_PREFS_MAPPER = configureDefaultObjectMapper(JsonMapper.builder(
>>> SmileFactory.builder()
>>> .disable(ENCODE_BINARY_AS_7BIT)
>>> .enable(CHECK_SHARED_STRING_VALUES)
>>> .build())
>>> .activateDefaultTyping(LaissezFaireSubTypeValidator.instance, ObjectMapper.DefaultTyping.JAVA_LANG_OBJECT, JsonTypeInfo.As.WRAPPER_ARRAY).build()
>>> );
>>>
>>>
>>>
>>> On Friday, September 27, 2019 at 10:41:53 AM UTC+1, Marc Dzaebel wrote:
>>>>
>>>> Guido,
>>>>
>>>> I already asked such questions in the "polymorphic serialization" issue but I agree, that we'd need an adapted documentation on this topic. You might look in test samples with JsonMapper.builder().activateDefaultTyping(...).
>>>>
>>>> Marc
>
> --
> You received this message because you are subscribed to the Google Groups "jackson-user" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jackson-user...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jackson-user/ab3aa977-0e57-4969-93fe-c074ef3124d5%40googlegroups.com.
> You received this message because you are subscribed to the Google Groups "jackson-user" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jackson-user...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages