jackson-databind icon indicating copy to clipboard operation
jackson-databind copied to clipboard

Published 20 hours ago verified publisher icon FasterXML

Provide an ObjectMapper configuration to automatically do `clearLocation()` for `JsonProcessingException`

Open chenjianjx opened this issue 2 years ago • 4 comments

Is your feature request related to a problem? Please describe.

You can manually call JsonProcessingException.clearLocation() to clear location data, so that sensitive data in a invalid json won't be in error message when logged.

But there are still problems:

  • I should try/catch JsonProcessingException and call clearLocation() everywhere I need parsing. This is troublesome.
  • Some frameworks like Spring calls ObjectMapper deep inside its library and I can't do a try/catch there, e.g. RESTFul request JSON parsing.

So I hope this can be automatically done.

There is a AOP-based solution here . But I think it's too hacky.

Describe the solution you'd like

I hope there can be an ObjectMapper config like ObjectMapper objectMapper = new ObjectMapper().disable(MapperFeature.LOCATION_IN_PROCESSING_EXCEPTION); , so that JsonProcessionException (and its subclasses) 's location will always be null.

In Spring, I can make this objectMapper as a singleton bean and Spring's library will use it.

Usage example See above

Additional context N/A

chenjianjx avatar Dec 01 '21 05:12 chenjianjx

Found this looking for the same thing – this would be very useful indeed!

skagedal avatar Dec 16 '21 10:12 skagedal

I think this is a good idea, in general. I don't have much time to work on it, but would be supportive if anyone wants to try to implement this.

One note: this might make most sense at streaming level, although might require separate StreamReadFeature / StreamWriteFeature. Problem with databind-level setting is that the actual handling almost certain must be done within jackson-core (streaming) and NOT at databind (otherwise ObjectMapper would need to try to catch and rethrow everything; unlikely to be something easy to implement or reliable).

note: will mark as "most-wanted" since I think something like this has been requested before.

cowtowncoder avatar Dec 25 '21 19:12 cowtowncoder

Thank you @cowtowncoder for the reply. Seems that we can add a new feature to StreamReadFeature class.

And to let it finally go to ObjectMapper(), should we use a JsonFactory like this?

        JsonFactory jsonFactory = JsonFactory.builder()
                .disable(StreamReadFeature.SOME_NEW_FEATURE)
                .build();

        ObjectMapper mapper = new ObjectMapper(jsonFactory);

chenjianjx avatar Dec 28 '21 21:12 chenjianjx

@chenjianjx Yes, that would be one way to do it (there is a builder for JsonMapper as well). But it is also possible to change StreamReadFeatures for ObjectReader.

cowtowncoder avatar Dec 29 '21 21:12 cowtowncoder