root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Make the JSON prefix used in converters configurable 

Issue: SPR-10627
This commit is contained in:
Rossen Stoyanchev 2013-07-19 16:58:21 -04:00
parent dd7508d606
commit cce74b8ba2
2 changed files with 34 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
spring-web/src/main/java/org/springframework/http/converter/json/MappingJackson2HttpMessageConverter.java
View File

@ -21,14 +21,6 @@ import java.lang.reflect.Type;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.util.List; import java.util.List;
import com.fasterxml.jackson.core.JsonEncoding;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.util.DefaultPrettyPrinter;
import com.fasterxml.jackson.databind.JavaType;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import org.springframework.http.HttpInputMessage; import org.springframework.http.HttpInputMessage;
import org.springframework.http.HttpOutputMessage; import org.springframework.http.HttpOutputMessage;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
@ -38,6 +30,14 @@ import org.springframework.http.converter.HttpMessageNotReadableException;
import org.springframework.http.converter.HttpMessageNotWritableException; import org.springframework.http.converter.HttpMessageNotWritableException;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import com.fasterxml.jackson.core.JsonEncoding;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.util.DefaultPrettyPrinter;
import com.fasterxml.jackson.databind.JavaType;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
/** /**
* Implementation of {@link org.springframework.http.converter.HttpMessageConverter HttpMessageConverter} * Implementation of {@link org.springframework.http.converter.HttpMessageConverter HttpMessageConverter}
* that can read and write JSON using <a href="http://jackson.codehaus.org/">Jackson 2's</a> {@link ObjectMapper}. * that can read and write JSON using <a href="http://jackson.codehaus.org/">Jackson 2's</a> {@link ObjectMapper}.
@ -61,7 +61,7 @@ public class MappingJackson2HttpMessageConverter extends AbstractHttpMessageConv
private ObjectMapper objectMapper = new ObjectMapper(); private ObjectMapper objectMapper = new ObjectMapper();
private boolean prefixJson = false; private String jsonPrefix;
private Boolean prettyPrint; private Boolean prettyPrint;
@ -101,15 +101,25 @@ public class MappingJackson2HttpMessageConverter extends AbstractHttpMessageConv
return this.objectMapper; return this.objectMapper;
} }
/**
* Specify a custom prefix to use for this view's JSON output.
* Default is none.
* @see #setPrefixJson
*/
public void setJsonPrefix(String jsonPrefix) {
this.jsonPrefix = jsonPrefix;
}
/** /**
* Indicate whether the JSON output by this view should be prefixed with "{} &&". Default is false. * Indicate whether the JSON output by this view should be prefixed with "{} &&". Default is false.
* <p>Prefixing the JSON string in this manner is used to help prevent JSON Hijacking. * <p>Prefixing the JSON string in this manner is used to help prevent JSON Hijacking.
* The prefix renders the string syntactically invalid as a script so that it cannot be hijacked. * The prefix renders the string syntactically invalid as a script so that it cannot be hijacked.
* This prefix does not affect the evaluation of JSON, but if JSON validation is performed on the * This prefix does not affect the evaluation of JSON, but if JSON validation is performed on the
* string, the prefix would need to be ignored. * string, the prefix would need to be ignored.
* @see #setJsonPrefix
*/ */
public void setPrefixJson(boolean prefixJson) { public void setPrefixJson(boolean prefixJson) {
this.prefixJson = prefixJson; this.jsonPrefix = prefixJson ? "{} && " : null;
} }
/** /**
@ -188,7 +198,7 @@ public class MappingJackson2HttpMessageConverter extends AbstractHttpMessageConv
} }
try { try {
if (this.prefixJson) { if (this.jsonPrefix != null) {
jsonGenerator.writeRaw("{} && "); jsonGenerator.writeRaw("{} && ");
} }
this.objectMapper.writeValue(jsonGenerator, object); this.objectMapper.writeValue(jsonGenerator, object);

17
spring-web/src/main/java/org/springframework/http/converter/json/MappingJacksonHttpMessageConverter.java
View File

@ -28,7 +28,6 @@ import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.map.SerializationConfig; import org.codehaus.jackson.map.SerializationConfig;
import org.codehaus.jackson.map.type.TypeFactory; import org.codehaus.jackson.map.type.TypeFactory;
import org.codehaus.jackson.type.JavaType; import org.codehaus.jackson.type.JavaType;
import org.springframework.http.HttpInputMessage; import org.springframework.http.HttpInputMessage;
import org.springframework.http.HttpOutputMessage; import org.springframework.http.HttpOutputMessage;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
@ -59,7 +58,7 @@ public class MappingJacksonHttpMessageConverter extends AbstractHttpMessageConve
private ObjectMapper objectMapper = new ObjectMapper(); private ObjectMapper objectMapper = new ObjectMapper();
private boolean prefixJson = false; private String jsonPrefix;
private Boolean prettyPrint; private Boolean prettyPrint;
@ -99,15 +98,25 @@ public class MappingJacksonHttpMessageConverter extends AbstractHttpMessageConve
return this.objectMapper; return this.objectMapper;
} }
/**
* Specify a custom prefix to use for this view's JSON output.
* Default is none.
* @see #setPrefixJson
*/
public void setJsonPrefix(String jsonPrefix) {
this.jsonPrefix = jsonPrefix;
}
/** /**
* Indicate whether the JSON output by this view should be prefixed with "{} &&". Default is false. * Indicate whether the JSON output by this view should be prefixed with "{} &&". Default is false.
* <p>Prefixing the JSON string in this manner is used to help prevent JSON Hijacking. * <p>Prefixing the JSON string in this manner is used to help prevent JSON Hijacking.
* The prefix renders the string syntactically invalid as a script so that it cannot be hijacked. * The prefix renders the string syntactically invalid as a script so that it cannot be hijacked.
* This prefix does not affect the evaluation of JSON, but if JSON validation is performed on the * This prefix does not affect the evaluation of JSON, but if JSON validation is performed on the
* string, the prefix would need to be ignored. * string, the prefix would need to be ignored.
* @see #setJsonPrefix
*/ */
public void setPrefixJson(boolean prefixJson) { public void setPrefixJson(boolean prefixJson) {
this.prefixJson = prefixJson; this.jsonPrefix = prefixJson ? "{} && " : null;
} }
/** /**
@ -185,7 +194,7 @@ public class MappingJacksonHttpMessageConverter extends AbstractHttpMessageConve
} }
try { try {
if (this.prefixJson) { if (this.jsonPrefix != null) {
jsonGenerator.writeRaw("{} && "); jsonGenerator.writeRaw("{} && ");
} }
this.objectMapper.writeValue(jsonGenerator, object); this.objectMapper.writeValue(jsonGenerator, object);