diff --git a/spring-web/src/main/java/org/springframework/http/converter/json/MappingJackson2HttpMessageConverter.java b/spring-web/src/main/java/org/springframework/http/converter/json/MappingJackson2HttpMessageConverter.java index a0b0a2a5b5..be45e83dcd 100644 --- a/spring-web/src/main/java/org/springframework/http/converter/json/MappingJackson2HttpMessageConverter.java +++ b/spring-web/src/main/java/org/springframework/http/converter/json/MappingJackson2HttpMessageConverter.java @@ -21,14 +21,6 @@ import java.lang.reflect.Type; import java.nio.charset.Charset; import java.util.List; -import com.fasterxml.jackson.core.JsonEncoding; -import com.fasterxml.jackson.core.JsonGenerator; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.core.util.DefaultPrettyPrinter; -import com.fasterxml.jackson.databind.JavaType; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.SerializationFeature; - import org.springframework.http.HttpInputMessage; import org.springframework.http.HttpOutputMessage; import org.springframework.http.MediaType; @@ -38,6 +30,14 @@ import org.springframework.http.converter.HttpMessageNotReadableException; import org.springframework.http.converter.HttpMessageNotWritableException; import org.springframework.util.Assert; +import com.fasterxml.jackson.core.JsonEncoding; +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.core.util.DefaultPrettyPrinter; +import com.fasterxml.jackson.databind.JavaType; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; + /** * Implementation of {@link org.springframework.http.converter.HttpMessageConverter HttpMessageConverter} * that can read and write JSON using Jackson 2's {@link ObjectMapper}. @@ -61,7 +61,7 @@ public class MappingJackson2HttpMessageConverter extends AbstractHttpMessageConv private ObjectMapper objectMapper = new ObjectMapper(); - private boolean prefixJson = false; + private String jsonPrefix; private Boolean prettyPrint; @@ -101,15 +101,25 @@ public class MappingJackson2HttpMessageConverter extends AbstractHttpMessageConv return this.objectMapper; } + /** + * Specify a custom prefix to use for this view's JSON output. + * Default is none. + * @see #setPrefixJson + */ + public void setJsonPrefix(String jsonPrefix) { + this.jsonPrefix = jsonPrefix; + } + /** * Indicate whether the JSON output by this view should be prefixed with "{} &&". Default is false. *

Prefixing the JSON string in this manner is used to help prevent JSON Hijacking. * The prefix renders the string syntactically invalid as a script so that it cannot be hijacked. * This prefix does not affect the evaluation of JSON, but if JSON validation is performed on the * string, the prefix would need to be ignored. + * @see #setJsonPrefix */ public void setPrefixJson(boolean prefixJson) { - this.prefixJson = prefixJson; + this.jsonPrefix = prefixJson ? "{} && " : null; } /** @@ -188,7 +198,7 @@ public class MappingJackson2HttpMessageConverter extends AbstractHttpMessageConv } try { - if (this.prefixJson) { + if (this.jsonPrefix != null) { jsonGenerator.writeRaw("{} && "); } this.objectMapper.writeValue(jsonGenerator, object); diff --git a/spring-web/src/main/java/org/springframework/http/converter/json/MappingJacksonHttpMessageConverter.java b/spring-web/src/main/java/org/springframework/http/converter/json/MappingJacksonHttpMessageConverter.java index 448b3be8e8..fca78c38ad 100644 --- a/spring-web/src/main/java/org/springframework/http/converter/json/MappingJacksonHttpMessageConverter.java +++ b/spring-web/src/main/java/org/springframework/http/converter/json/MappingJacksonHttpMessageConverter.java @@ -28,7 +28,6 @@ import org.codehaus.jackson.map.ObjectMapper; import org.codehaus.jackson.map.SerializationConfig; import org.codehaus.jackson.map.type.TypeFactory; import org.codehaus.jackson.type.JavaType; - import org.springframework.http.HttpInputMessage; import org.springframework.http.HttpOutputMessage; import org.springframework.http.MediaType; @@ -59,7 +58,7 @@ public class MappingJacksonHttpMessageConverter extends AbstractHttpMessageConve private ObjectMapper objectMapper = new ObjectMapper(); - private boolean prefixJson = false; + private String jsonPrefix; private Boolean prettyPrint; @@ -99,15 +98,25 @@ public class MappingJacksonHttpMessageConverter extends AbstractHttpMessageConve return this.objectMapper; } + /** + * Specify a custom prefix to use for this view's JSON output. + * Default is none. + * @see #setPrefixJson + */ + public void setJsonPrefix(String jsonPrefix) { + this.jsonPrefix = jsonPrefix; + } + /** * Indicate whether the JSON output by this view should be prefixed with "{} &&". Default is false. *

Prefixing the JSON string in this manner is used to help prevent JSON Hijacking. * The prefix renders the string syntactically invalid as a script so that it cannot be hijacked. * This prefix does not affect the evaluation of JSON, but if JSON validation is performed on the * string, the prefix would need to be ignored. + * @see #setJsonPrefix */ public void setPrefixJson(boolean prefixJson) { - this.prefixJson = prefixJson; + this.jsonPrefix = prefixJson ? "{} && " : null; } /** @@ -185,7 +194,7 @@ public class MappingJacksonHttpMessageConverter extends AbstractHttpMessageConve } try { - if (this.prefixJson) { + if (this.jsonPrefix != null) { jsonGenerator.writeRaw("{} && "); } this.objectMapper.writeValue(jsonGenerator, object);