Class DefaultBaseTypeLimitingValidator
java.lang.Object
com.fasterxml.jackson.databind.jsontype.PolymorphicTypeValidator
com.fasterxml.jackson.databind.jsontype.DefaultBaseTypeLimitingValidator
- All Implemented Interfaces:
Serializable
public class DefaultBaseTypeLimitingValidator
extends PolymorphicTypeValidator
implements Serializable
PolymorphicTypeValidator that will only allow polymorphic handling if
the base type is NOT one of potential dangerous base types (see isUnsafeBaseType(com.fasterxml.jackson.databind.cfg.MapperConfig<?>, com.fasterxml.jackson.databind.JavaType)
for specific list of such base types). No further validation is performed on subtype.
Note that when using potentially unsafe base type like Object a custom
implementation (or subtype with override) is needed. Most commonly subclasses would
override both isUnsafeBaseType(com.fasterxml.jackson.databind.cfg.MapperConfig<?>, com.fasterxml.jackson.databind.JavaType) and isSafeSubType(com.fasterxml.jackson.databind.cfg.MapperConfig<?>, com.fasterxml.jackson.databind.JavaType, com.fasterxml.jackson.databind.JavaType): former to allow
all (or just more) base types, and latter to add actual validation of subtype.
- Since:
- 2.11
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class com.fasterxml.jackson.databind.jsontype.PolymorphicTypeValidator
PolymorphicTypeValidator.Base, PolymorphicTypeValidator.Validity -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvalidateBaseType(MapperConfig<?> config, JavaType baseType) Method called when a property with polymorphic value is encountered, and aTypeResolverBuilderis needed.validateSubClassName(MapperConfig<?> config, JavaType baseType, String subClassName) validateSubType(MapperConfig<?> config, JavaType baseType, JavaType subType) Method called after class name has been resolved to actual type, in cases where previous call toPolymorphicTypeValidator.validateSubClassName(com.fasterxml.jackson.databind.cfg.MapperConfig<?>, com.fasterxml.jackson.databind.JavaType, java.lang.String)returnedPolymorphicTypeValidator.Validity.INDETERMINATE.
-
Constructor Details
-
DefaultBaseTypeLimitingValidator
public DefaultBaseTypeLimitingValidator()
-
-
Method Details
-
validateBaseType
public PolymorphicTypeValidator.Validity validateBaseType(MapperConfig<?> config, JavaType baseType) Description copied from class:PolymorphicTypeValidatorMethod called when a property with polymorphic value is encountered, and aTypeResolverBuilderis needed. Intent is to allow early determination of cases where subtyping is completely denied (for example for security reasons), or, conversely, allowed for allow subtypes (when base type guarantees that all subtypes are known to be safe). Check can be thought of as both optimization (for latter case) and eager-fail (for former case) to give better feedback.- Specified by:
validateBaseTypein classPolymorphicTypeValidator- Parameters:
config- Configuration for resolution: typically will beDeserializationConfigbaseType- Nominal base type used for polymorphic handling: subtypes MUST be instances of this type and assignment compatibility is verified by Jackson core- Returns:
- Determination of general validity of all subtypes of given base type; if
PolymorphicTypeValidator.Validity.ALLOWEDreturned, all subtypes will automatically be accepted without further checks; isPolymorphicTypeValidator.Validity.DENIEDreturned no subtyping allowed at all (caller will usually throw an exception); otherwise (returnPolymorphicTypeValidator.Validity.INDETERMINATE) per sub-type validation calls are made for each new subclass encountered.
-
validateSubClassName
public PolymorphicTypeValidator.Validity validateSubClassName(MapperConfig<?> config, JavaType baseType, String subClassName) Description copied from class:PolymorphicTypeValidatorMethod called after intended class name for subtype has been read (and in case of minimal class name, expanded to fully-qualified class name) but before attempt is made to look up actualClassorJavaType. Validator may be able to determine validity of eventual type (and returnPolymorphicTypeValidator.Validity.ALLOWEDorPolymorphicTypeValidator.Validity.DENIED) or, if not able to, can defer validation to actual resolved type by returningPolymorphicTypeValidator.Validity.INDETERMINATE.Validator may also choose to indicate denial by throwing a
JsonMappingException(such asInvalidTypeIdException)- Specified by:
validateSubClassNamein classPolymorphicTypeValidator- Parameters:
config- Configuration for resolution: typically will beDeserializationConfigbaseType- Nominal base type used for polymorphic handling: subtypes MUST be instances of this type and assignment compatibility is verified by Jackson coresubClassName- Name of class that will be resolved toClassif (and only if) validity check is not denied.- Returns:
- Determination of validity of given class name, as a subtype of given base type:
should NOT return
null
-
validateSubType
public PolymorphicTypeValidator.Validity validateSubType(MapperConfig<?> config, JavaType baseType, JavaType subType) Description copied from class:PolymorphicTypeValidatorMethod called after class name has been resolved to actual type, in cases where previous call toPolymorphicTypeValidator.validateSubClassName(com.fasterxml.jackson.databind.cfg.MapperConfig<?>, com.fasterxml.jackson.databind.JavaType, java.lang.String)returnedPolymorphicTypeValidator.Validity.INDETERMINATE. Validator should be able to determine validity and return appropriatePolymorphicTypeValidator.Validityvalue, although it may alsoValidator may also choose to indicate denial by throwing a
JsonMappingException(such asInvalidTypeIdException)- Specified by:
validateSubTypein classPolymorphicTypeValidator- Parameters:
config- Configuration for resolution: typically will beDeserializationConfigbaseType- Nominal base type used for polymorphic handling: subtypes MUST be instances of this type and assignment compatibility has been verified by Jackson coresubType- Resolved subtype to validate- Returns:
- Determination of validity of given class name, as a subtype of given base type:
should NOT return
null
-