On 2020-03-28T17:24:31 -0700 Tatu Saloranta <[email protected]> wrote: > > Jackson does not have out-of-the-box support for whitelisting all > types allowed for general use; it only supports this for validating > polymorphic deserialization (which is explained f.ex in > https://medium.com/@cowtowncoder/jackson-2-10-safe-default-typing-2d018f0ce2ba).
Yep, this was the post I read originally but couldn't work out if it applied to me. It seems like it doesn't, given that I can't get type annotations into the input JSON. > But if you want, you should be able to implement this relatively > easily by registering `Deserializers` (custom provider for > deserializers) that will verify that type for which deserializer is > needed is legit (class from list you define), and throws `Exception` > if not, return `null` if it is (to let default JsonDeserializer be > used). > Provider needs to be added by a `Module` using > `ObjectMapper.registerModule()`. > > Simplest way to do that would probably be to subclass > `SimpleDeserializers`, override `_find(JavaType)` method, then > construct `SimpleModule`, call `setDeserializers(...)`, register > resulting module. Sounds good, thanks! I'll give it a shot. -- Mark Raynsford | http://www.io7m.com -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jackson-user/20200329144242.19de0a00%40sunflower.int.arc7.info.
pgplzE2ue22UN.pgp
Description: OpenPGP digital signature
