HI Stefan, I agree, but:
I don't have control over the code, which causes the ResourceResolver to be serialized. Also I cannot enforce, that such code is NOT written and deployed (there are too many ways to make it wrong). Also because it currently works, I would have to counter the "but it worked yesterday, and I did not change anything since then" argument, in case it fails with an exception like above. So I have to find another way to prevent the ResourceResolver from being serialized ... Jörg Am Di., 27. Juni 2023 um 13:38 Uhr schrieb Stefan Seifert <stefan.seif...@diva-e.com.invalid>: > well, using lombok with such a result is a bad idea. there should not be a > getResolver() method, this is an implementation detail and no getter should > be provided for it. > > so to put it another way: good that the serialization fails, so you can > fix the calls to not add a getResolver() method! > > stefan > > p.s. i'm not a fan of lombok in general and have no experience with it, > but I assume it can be configured to not expose the resolver. > > > -----Original Message----- > > From: Jörg Hoh <jhoh...@googlemail.com.INVALID> > > Sent: Tuesday, June 27, 2023 1:28 PM > > To: Sling Developers List <dev@sling.apache.org> > > Subject: Sling Model Exporter: Prevent serializing of a ResourceResolver > > > > Hi, > > > > Assuming this Sling Model (using Lombok's @Getter annotation) > > > > @Getter > > @Model( > > adaptables = { SlingHttpServletRequest.class }, > > adapters = { MyModel.class, ComponentExporter.class }, > > resourceType = MyModel.RESOURCE_TYPE) @Exporter( > > name = ExporterConstants.SLING_MODEL_EXPORTER_NAME, > > extensions = ExporterConstants.SLING_MODEL_EXTENSION) > > public class MyModel implements ComponentExporter { > > > > static final String RESOURCE_TYPE = "myapp/components/mymodel"; > > > > @Inject > > private ResourceResolver resolver; > > > > @ChildResource > > private List<Resource> items; > > > > } > > > > When it this model is serialized via SlingModelExporter / Jackson, the > > resolver field is also exported via the created getResolver()) method. > > > > But serializing that does not always work: > > > > org.apache.sling.models.factory.ExportException: > > com.fasterxml.jackson.databind.exc.InvalidDefinitionException: No > > serializer found for class > > com.day.cq.wcm.core.impl.policies.ContentPolicyManagerImpl and no > > properties discovered to create BeanSerializer (to avoid exception, > > disable > > SerializationFeature.FAIL_ON_EMPTY_BEANS) (through reference chain: > > com.myapp.PageImpl[":items"]> [...] > com.myapp.MyModel["resolver"] > > >org.apache.sling.resourceresolver.impl.ResourceResolverImpl["propertyMa > > >p"] > > >java.util.HashMap["com.day.cq.wcm.core.impl.policies.ContentPolicyAdapt > > >erFactory.ContentPolicy"]) > > at > > > org.apache.sling.models.jacksonexporter.impl.JacksonExporter.export(Jackso > > nExporter.java:138) > > [org.apache.sling.models.jacksonexporter:1.1.2] > > at > > > org.apache.sling.models.impl.ModelAdapterFactory.exportModel(ModelAdapterF > > actory.java:1333) > > [org.apache.sling.models.impl:1.5.4] > > > > > > I don't want to check each class I want to add to the propertyMap if it > > can be serialized or not; and a more serious problem is that serializing > > the resourceResolver and it's properyMap can leak a lot of information, > > which should be not get public. > > > > Do you see a way to prevent serialization of the ResourceResolver (and > > potentially other types as well) without touching the model classes? > > > > Jörg > > > > -- > > Cheers, > > Jörg Hoh, > > > > https://cqdump.joerghoh.de > > Twitter: @joerghoh > -- Cheers, Jörg Hoh, https://cqdump.joerghoh.de Twitter: @joerghoh