On Fri, Oct 5, 2018 at 9:28 AM Michael Rogers
wrote:
> Hi,
>
> I'd like to use Jackson to deserialize JSON from an untrusted source
> into simple POJOs that can be used for further validation (checking that
> values are within allowed ranges, etc). I've read a couple of blog posts
> about deseria
Hi,
I'd like to use Jackson to deserialize JSON from an untrusted source
into simple POJOs that can be used for further validation (checking that
values are within allowed ranges, etc). I've read a couple of blog posts
about deserialization attacks [1,2] and I'd like to ask if there are
some simpl
Hi,
I'd like to use Jackson to deserialize JSON from an untrusted source
into simple POJOs that can be used for further validation (checking that
values are within allowed ranges, etc). I've read a couple of blog posts
about deserialization attacks [1,2] and I'd like to ask if there are
some simpl
Hi,
I'd like to use Jackson to deserialize JSON from an untrusted source into
simple POJOs that can be used for further validation (checking that values are
within allowed ranges, etc). I've read a couple of blog posts about
deserialization attacks [1,2] and I'd like to ask if there are some
Hey,
I'm trying to deserialize an XML object and use the JsonSubTypes and
JsonTypeInfo annotations to designate the root tag name as the field we use
to determine which sub type to deserialize to. For example:
Sample XMLs we'd like to deserialize:
alpine
wheezy
Our class definitions:
We're trying to deserialize XMLs where the root tag name should determine
which subtype to deserialize to.
Sample XMLs:
alpine
wheezy
And we've got the following super class:
@JsonTypeInfo(
use = JsonTypeInfo.Id.NAME,
include = JsonTypeInfo.As.WRAPPER_OBJECT
)
@JsonSubTypes({
@J
I'm using jackson 2.9.6 embedded in spring-boot 2.0.5 and I try to access a
restfull endpoint and when I send a json with @class value, jackson can
deserialize my json
{
"@class": "br.com.adtsys.ciee.auth.user.data.request.LoginRequest",
"username": "01",
"password": "adminciee2017"
}
if a r