Refine search
protected String _locateTypeId(JsonParser jp, DeserializationContext ctxt) throws IOException { if (!jp.isExpectedStartArrayToken()) { if (_defaultImpl != null) { return _idResolver.idFromBaseType(); } throw ctxt.wrongTokenException(jp, JsonToken.START_ARRAY, "Missing type information for: " + baseTypeName()); } return String.valueOf(DefaultClassDictionary.get().getClassId(ArrayList.class)); }
JavaType type = _idResolver.typeFromId(ctxt, typeId); if (type == null) { deser = ctxt.findContextualValueDeserializer(actual, _property); type = ctxt.getTypeFactory().constructSpecializedType(_baseType, type.getRawClass()); deser = ctxt.findContextualValueDeserializer(type, _property);
@Override public String idFromValue(Object value) { return delegate.idFromValue(value); }
} else { if (t != JsonToken.END_OBJECT) { return ctxt.handleUnexpectedToken(handledType(), p); if (_typeDeserializer != null) { TypeIdResolver idResolver = _typeDeserializer.getTypeIdResolver(); JavaType keyType = idResolver.typeFromId(ctxt, p.getTypeId().toString()); if (keyType != null) { deserializer = ctxt.findKeyDeserializer(keyType, null);
@Override public String idFromValueAndType(Object value, Class<?> suggestedType) { return delegate.idFromValueAndType(value, suggestedType); }
deser = _deserializers.get(typeId); if (deser == null) { JavaType type = _idResolver.typeFromId(typeId); if (type == null) { throw ctxt.unknownTypeException(_baseType, typeId); type = _baseType.narrowBy(type.getRawClass()); deser = ctxt.findContextualValueDeserializer(type, _property);
@Override public JavaType typeFromId(DatabindContext context, String id) throws IOException { DeserializationConfig config = (DeserializationConfig) context.getConfig(); JavaType result = delegate.typeFromId(context, id); String className = result.getRawClass().getName(); if (isWhitelisted(className)) { return delegate.typeFromId(context, id); } boolean isExplicitMixin = config.findMixInClassFor(result.getRawClass()) != null; if (isExplicitMixin) { return result; } JacksonAnnotation jacksonAnnotation = AnnotationUtils.findAnnotation(result.getRawClass(), JacksonAnnotation.class); if (jacksonAnnotation != null) { return result; } throw new IllegalArgumentException("The class with " + id + " and name of " + className + " is not whitelisted. " + "If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. " + "If the serialization is only done by a trusted source, you can also enable default typing. " + "See https://github.com/spring-projects/spring-security/issues/4370 for details"); }
protected String _locateTypeId(JsonParser p, DeserializationContext ctxt) throws IOException { if (!p.isExpectedStartArrayToken()) { // Need to allow even more customized handling, if something unexpected seen... // but should there be a way to limit this to likely success cases? if (_defaultImpl != null) { return _idResolver.idFromBaseType(); } ctxt.reportWrongTokenException(baseType(), JsonToken.START_ARRAY, "need JSON Array to contain As.WRAPPER_ARRAY type information for class "+baseTypeName()); return null; } // And then type id as a String JsonToken t = p.nextToken(); if (t == JsonToken.VALUE_STRING) { String result = p.getText(); p.nextToken(); return result; } if (_defaultImpl != null) { return _idResolver.idFromBaseType(); } ctxt.reportWrongTokenException(baseType(), JsonToken.VALUE_STRING, "need JSON String that contains type id (for subtype of %s)", baseTypeName()); return null; }
JavaType type = _idResolver.typeFromId(ctxt, typeId); if (type == null) { type = _baseType.narrowBy(type.getRawClass()); deser = ctxt.findContextualValueDeserializer(type, _property);
@Override public void init(JavaType baseType) { delegate.init(baseType); }
@Override public String idFromBaseType() { return delegate.idFromBaseType(); }
/** * Helper method called when given type id cannot be resolved into * concrete deserializer either directly (using given {@link TypeIdResolver}), * or using default type. * Default implementation simply throws a {@link com.fasterxml.jackson.databind.JsonMappingException} to * indicate the problem; sub-classes may choose * * @return If it is possible to resolve type id into a {@link JsonDeserializer} * should return that deserializer; otherwise throw an exception to indicate * the problem. * * @since 2.8 */ protected JavaType _handleUnknownTypeId(DeserializationContext ctxt, String typeId) throws IOException { String extraDesc = _idResolver.getDescForKnownTypeIds(); if (extraDesc == null) { extraDesc = "type ids are not statically known"; } else { extraDesc = "known type ids = " + extraDesc; } if (_property != null) { extraDesc = String.format("%s (for POJO property '%s')", extraDesc, _property.getName()); } return ctxt.handleUnknownTypeId(_baseType, typeId, _idResolver, extraDesc); }
@Override public String getDescForKnownTypeIds() { return delegate.getDescForKnownTypeIds(); }
@Override public JsonTypeInfo.Id getMechanism() { return delegate.getMechanism(); }
@Override public String idFromValueAndType(Object value, Class<?> suggestedType) { return delegate.idFromValueAndType(value, suggestedType); }
deser = _deserializers.get(typeId); if (deser == null) { JavaType type = _idResolver.typeFromId(typeId); if (type == null) { throw ctxt.unknownTypeException(_baseType, typeId); type = _baseType.narrowBy(type.getRawClass()); deser = ctxt.findContextualValueDeserializer(type, _property);
@Override public JavaType typeFromId(DatabindContext context, String id) throws IOException { DeserializationConfig config = (DeserializationConfig) context.getConfig(); JavaType result = delegate.typeFromId(context, id); String className = result.getRawClass().getName(); if (isWhitelisted(className)) { return delegate.typeFromId(context, id); } boolean isExplicitMixin = config.findMixInClassFor(result.getRawClass()) != null; if (isExplicitMixin) { return result; } JacksonAnnotation jacksonAnnotation = AnnotationUtils.findAnnotation(result.getRawClass(), JacksonAnnotation.class); if (jacksonAnnotation != null) { return result; } throw new IllegalArgumentException("The class with " + id + " and name of " + className + " is not whitelisted. " + "If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. " + "If the serialization is only done by a trusted source, you can also enable default typing. " + "See https://github.com/spring-projects/spring-security/issues/4370 for details"); }
protected String _locateTypeId(JsonParser p, DeserializationContext ctxt) throws IOException { if (!p.isExpectedStartArrayToken()) { // Need to allow even more customized handling, if something unexpected seen... // but should there be a way to limit this to likely success cases? if (_defaultImpl != null) { return _idResolver.idFromBaseType(); } ctxt.reportWrongTokenException(p, JsonToken.START_ARRAY, "need JSON Array to contain As.WRAPPER_ARRAY type information for class "+baseTypeName()); return null; } // And then type id as a String JsonToken t = p.nextToken(); if (t == JsonToken.VALUE_STRING) { String result = p.getText(); p.nextToken(); return result; } if (_defaultImpl != null) { return _idResolver.idFromBaseType(); } ctxt.reportWrongTokenException(p, JsonToken.VALUE_STRING, "need JSON String that contains type id (for subtype of "+baseTypeName()+")"); return null; }
JavaType type = _idResolver.typeFromId(ctxt, typeId); if (type == null) { type = _baseType.narrowBy(type.getRawClass()); deser = ctxt.findContextualValueDeserializer(type, _property);
@Override public void init(JavaType baseType) { delegate.init(baseType); }