Make the JSON prefix used in converters configurable
Issue: SPR-10627
This commit is contained in:
Rossen Stoyanchev
parent
dd7508d606
commit
cce74b8ba2
|
|
@ -21,14 +21,6 @@ import java.lang.reflect.Type;
|
|||
import java.nio.charset.Charset;
|
||||
import java.util.List;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonEncoding;
|
||||
import com.fasterxml.jackson.core.JsonGenerator;
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.core.util.DefaultPrettyPrinter;
|
||||
import com.fasterxml.jackson.databind.JavaType;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.fasterxml.jackson.databind.SerializationFeature;
|
||||
|
||||
import org.springframework.http.HttpInputMessage;
|
||||
import org.springframework.http.HttpOutputMessage;
|
||||
import org.springframework.http.MediaType;
|
||||
|
|
@ -38,6 +30,14 @@ import org.springframework.http.converter.HttpMessageNotReadableException;
|
|||
import org.springframework.http.converter.HttpMessageNotWritableException;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonEncoding;
|
||||
import com.fasterxml.jackson.core.JsonGenerator;
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.core.util.DefaultPrettyPrinter;
|
||||
import com.fasterxml.jackson.databind.JavaType;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.fasterxml.jackson.databind.SerializationFeature;
|
||||
|
||||
/**
|
||||
* Implementation of {@link org.springframework.http.converter.HttpMessageConverter HttpMessageConverter}
|
||||
* that can read and write JSON using <a href="http://jackson.codehaus.org/">Jackson 2's</a> {@link ObjectMapper}.
|
||||
|
|
@ -61,7 +61,7 @@ public class MappingJackson2HttpMessageConverter extends AbstractHttpMessageConv
|
|||
|
||||
private ObjectMapper objectMapper = new ObjectMapper();
|
||||
|
||||
private boolean prefixJson = false;
|
||||
private String jsonPrefix;
|
||||
|
||||
private Boolean prettyPrint;
|
||||
|
||||
|
|
@ -101,15 +101,25 @@ public class MappingJackson2HttpMessageConverter extends AbstractHttpMessageConv
|
|||
return this.objectMapper;
|
||||
}
|
||||
|
||||
/**
|
||||
* Specify a custom prefix to use for this view's JSON output.
|
||||
* Default is none.
|
||||
* @see #setPrefixJson
|
||||
*/
|
||||
public void setJsonPrefix(String jsonPrefix) {
|
||||
this.jsonPrefix = jsonPrefix;
|
||||
}
|
||||
|
||||
/**
|
||||
* Indicate whether the JSON output by this view should be prefixed with "{} &&". Default is false.
|
||||
* <p>Prefixing the JSON string in this manner is used to help prevent JSON Hijacking.
|
||||
* The prefix renders the string syntactically invalid as a script so that it cannot be hijacked.
|
||||
* This prefix does not affect the evaluation of JSON, but if JSON validation is performed on the
|
||||
* string, the prefix would need to be ignored.
|
||||
* @see #setJsonPrefix
|
||||
*/
|
||||
public void setPrefixJson(boolean prefixJson) {
|
||||
this.prefixJson = prefixJson;
|
||||
this.jsonPrefix = prefixJson ? "{} && " : null;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -188,7 +198,7 @@ public class MappingJackson2HttpMessageConverter extends AbstractHttpMessageConv
|
|||
}
|
||||
|
||||
try {
|
||||
if (this.prefixJson) {
|
||||
if (this.jsonPrefix != null) {
|
||||
jsonGenerator.writeRaw("{} && ");
|
||||
}
|
||||
this.objectMapper.writeValue(jsonGenerator, object);
|
||||
|
|
|
|||
|
|
@ -28,7 +28,6 @@ import org.codehaus.jackson.map.ObjectMapper;
|
|||
import org.codehaus.jackson.map.SerializationConfig;
|
||||
import org.codehaus.jackson.map.type.TypeFactory;
|
||||
import org.codehaus.jackson.type.JavaType;
|
||||
|
||||
import org.springframework.http.HttpInputMessage;
|
||||
import org.springframework.http.HttpOutputMessage;
|
||||
import org.springframework.http.MediaType;
|
||||
|
|
@ -59,7 +58,7 @@ public class MappingJacksonHttpMessageConverter extends AbstractHttpMessageConve
|
|||
|
||||
private ObjectMapper objectMapper = new ObjectMapper();
|
||||
|
||||
private boolean prefixJson = false;
|
||||
private String jsonPrefix;
|
||||
|
||||
private Boolean prettyPrint;
|
||||
|
||||
|
|
@ -99,15 +98,25 @@ public class MappingJacksonHttpMessageConverter extends AbstractHttpMessageConve
|
|||
return this.objectMapper;
|
||||
}
|
||||
|
||||
/**
|
||||
* Specify a custom prefix to use for this view's JSON output.
|
||||
* Default is none.
|
||||
* @see #setPrefixJson
|
||||
*/
|
||||
public void setJsonPrefix(String jsonPrefix) {
|
||||
this.jsonPrefix = jsonPrefix;
|
||||
}
|
||||
|
||||
/**
|
||||
* Indicate whether the JSON output by this view should be prefixed with "{} &&". Default is false.
|
||||
* <p>Prefixing the JSON string in this manner is used to help prevent JSON Hijacking.
|
||||
* The prefix renders the string syntactically invalid as a script so that it cannot be hijacked.
|
||||
* This prefix does not affect the evaluation of JSON, but if JSON validation is performed on the
|
||||
* string, the prefix would need to be ignored.
|
||||
* @see #setJsonPrefix
|
||||
*/
|
||||
public void setPrefixJson(boolean prefixJson) {
|
||||
this.prefixJson = prefixJson;
|
||||
this.jsonPrefix = prefixJson ? "{} && " : null;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -185,7 +194,7 @@ public class MappingJacksonHttpMessageConverter extends AbstractHttpMessageConve
|
|||
}
|
||||
|
||||
try {
|
||||
if (this.prefixJson) {
|
||||
if (this.jsonPrefix != null) {
|
||||
jsonGenerator.writeRaw("{} && ");
|
||||
}
|
||||
this.objectMapper.writeValue(jsonGenerator, object);
|
||||
|
|
|
|||
Loading…
Reference in New Issue