Re: [PR] [incubator-kie-issues-1557] Marshalling POJO Input/output in user task [incubator-kie-kogito-runtimes]

Mon, 28 Oct 2024 13:16:48 -0700 


martinweiler commented on code in PR #3749:
URL: 
https://github.com/apache/incubator-kie-kogito-runtimes/pull/3749#discussion_r1819693921


##########
kogito-codegen-modules/kogito-codegen-processes/src/main/resources/class-templates/usertask/RestResourceUserTaskQuarkusTemplate.java:
##########
@@ -52,14 +55,62 @@
 
 import org.kie.kogito.usertask.model.*;
 
-import jakarta.inject.Inject;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.JavaType;
+import com.fasterxml.jackson.databind.JsonMappingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.ObjectMapper.DefaultTyping;
+import com.fasterxml.jackson.databind.cfg.MapperConfig;
+import com.fasterxml.jackson.databind.deser.DeserializationProblemHandler;
+import com.fasterxml.jackson.databind.jsontype.PolymorphicTypeValidator;
+import com.fasterxml.jackson.databind.jsontype.TypeIdResolver;
+import 
com.fasterxml.jackson.databind.jsontype.PolymorphicTypeValidator.Validity;
+import com.fasterxml.jackson.databind.module.SimpleModule;
 
 @Path("/usertasks/instance")
 public class UserTasksResource {
 
     @Inject
     UserTaskService userTaskService;
 
+    @Inject
+    ObjectMapper objectMapper;
+
+    ObjectMapper mapper;
+
+    @jakarta.annotation.PostConstruct
+    public void init() {
+        mapper = objectMapper.copy();
+        SimpleModule module = new SimpleModule();
+        mapper.addHandler(new DeserializationProblemHandler() {
+            @Override
+            public JavaType handleMissingTypeId(DeserializationContext ctxt, 
JavaType baseType, TypeIdResolver idResolver, String failureMsg) throws 
IOException {
+                return baseType;
+            }
+        });
+        mapper.registerModule(module);
+
+        PolymorphicTypeValidator validator = new PolymorphicTypeValidator() {
+
+            @Override
+            public Validity validateBaseType(MapperConfig<?> config, JavaType 
baseType) {
+                return Validity.ALLOWED;

Review Comment:
   Could this be a potential security issue?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to