On Sun, Apr 5, 2020 at 8:43 AM mjuric <[email protected]> wrote:
>
> I discovered that Jackson under some circumstances would map private fields
> even though visibility is set to public only. See below very simple
> convertValue unit test example where I would expect r1 and r2 to have 2
> different values, since I assumed that Jackson wouldn't map public getters to
> their internal private fields when visibility is public only. I found a
> similar issue with private set methods where it would attempt to create
> internal deserializers for these setters and in turn cause exceptions when
> the parameter was not serializable. Sure, I can workaround this using
> JsonIgnore annotations, but is this really suppose to work like that or is
> this maybe a bug? I tested this with versions 2.9.8 and 2.10.4.
Good question!
This is intentional, controlled by feature:
MapperFeature.INFER_PROPERTY_MUTATORS
which, when enabled (default: true) will "pull in" otherwise
non-visible mutators (setter or field), as long as there is accessor
(visible get method).
If you do not wish this to happen (for example, due to security
reasons), you would want to disable this setting -- or, remove
visibility of getters as well.
I hope this helps,
-+ Tatu +-
--
You received this message because you are subscribed to the Google Groups
"jackson-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jackson-user/CAL4a10iHnJB6TzydRJgC8CgKq6-Pvi3PNONYJaMA4OeZ7vmYEA%40mail.gmail.com.
