Class JacksonSerializationStrategy
- java.lang.Object
-
- net.andreaskluth.session.postgres.serializer.JacksonSerializationStrategy
-
- All Implemented Interfaces:
SerializationStrategy
public class JacksonSerializationStrategy extends Object implements SerializationStrategy
SerializationStrategy
using Jackson to serialize and deserialize data.ATTENTION This class uses Jacksons
objectMapper.enableDefaultTyping();
feature. When unvalidated data is written to the session this could lead to code execution via so called serialization gadgets.ATTENTION As jackson has more limitations, in what it can serialize and deserialize and under which conditions, be super careful about the data stored in the session. Consider compiling with
-parameters
otherwise constructors have to be annotated withJsonCreator
.E.g. for maven
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> <compilerArgs> <arg>-verbose</arg> <arg>-parameters</arg> <arg>-Xlint:all</arg> </compilerArgs> </configuration> </plugin>
-
-
Constructor Summary
Constructors Constructor Description JacksonSerializationStrategy()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Map<String,Object>
deserialize(byte[] input)
byte[]
serialize(Map<String,Object> input)
-
-
-
Method Detail
-
deserialize
public Map<String,Object> deserialize(byte[] input)
- Specified by:
deserialize
in interfaceSerializationStrategy
-
serialize
public byte[] serialize(Map<String,Object> input)
- Specified by:
serialize
in interfaceSerializationStrategy
-
-