Class JacksonSerializationStrategy
java.lang.Object
net.andreaskluth.session.postgres.serializer.JacksonSerializationStrategy
- All Implemented Interfaces:
SerializationStrategy
public class JacksonSerializationStrategy extends java.lang.Object implements SerializationStrategy
SerializationStrategy using Jackson to serialize and deserialize data.
ATTENTION This class uses Jacksons objectMapper.enableDefaultTyping();
feature. When unvalidated data is written to the session this could lead to code execution via so
called serialization gadgets.
ATTENTION As jackson has more limitations, in what it can serialize and deserialize and
under which conditions, be super careful about the data stored in the session. Consider compiling
with -parameters otherwise constructors have to be annotated with JsonCreator.
E.g. for maven
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<compilerArgs>
<arg>-verbose</arg>
<arg>-parameters</arg>
<arg>-Xlint:all</arg>
</compilerArgs>
</configuration>
</plugin>
-
Constructor Summary
Constructors Constructor Description JacksonSerializationStrategy() -
Method Summary
Modifier and Type Method Description java.util.Map<java.lang.String,java.lang.Object>deserialize(byte[] input)byte[]serialize(java.util.Map<java.lang.String,java.lang.Object> input)
-
Constructor Details
-
JacksonSerializationStrategy
public JacksonSerializationStrategy()
-
-
Method Details
-
deserialize
public java.util.Map<java.lang.String,java.lang.Object> deserialize(byte[] input)- Specified by:
deserializein interfaceSerializationStrategy
-
serialize
public byte[] serialize(java.util.Map<java.lang.String,java.lang.Object> input)- Specified by:
serializein interfaceSerializationStrategy
-