【发布时间】:2019-06-14 00:22:12
【问题描述】:
我已经编写了自定义 JSON 反序列化器,它的工作方式与预期一样,但我的问题是它始终处于打开状态,因为它是在配置级别定义的。
我想在方法或控制器级别的某些自定义注释上禁用它,因此当该注释存在时它不起作用,但是当没有注释时,自定义 JSON 反序列化器可以工作。那可能吗 ?
我的反序列化代码:
@Configuration
public class OwaspConfiguration extends WebMvcConfigurerAdapter{
@Override
public void extendMessageConverters(List<HttpMessageConverter<?>> converters) {
converters.add(jsonConverter());
}
@Bean
public HttpMessageConverter<?> jsonConverter() {
SimpleModule module = new SimpleModule();
module.addDeserializer(String.class, new DefaultJsonSerializer());
ObjectMapper objectMapper = Jackson2ObjectMapperBuilder.json().build();
objectMapper.registerModule(module);
return new MappingJackson2HttpMessageConverter(objectMapper);
}
}
public class DefaultJsonSerializer extends JsonDeserializer<String> implements ContextualDeserializer {
public static final org.owasp.html.PolicyFactory POLICY_FACTORY = new HtmlPolicyBuilder().toFactory();
@Override
public String deserialize(JsonParser parser, DeserializationContext ctxt) throws IOException {
String value = parser.getValueAsString();
if (StringUtils.isEmpty(value))
return value;
else {
String originalWithUnescaped = unescapeUntilNoHtmlEntityFound(value);
return unescapeEntities(POLICY_FACTORY.sanitize(originalWithUnescaped), true);
}
}
@Override
public JsonDeserializer<?> createContextual(DeserializationContext ctxt, BeanProperty property)
throws JsonMappingException {
return this;
}
private String unescapeUntilNoHtmlEntityFound(final String value) {
String unescaped = unescapeEntities(value, true);
if (!unescaped.equals(value))
return unescapeUntilNoHtmlEntityFound(unescaped);
else
return unescaped;
}
}
【问题讨论】:
-
查看此答案,了解如何为特定字段使用序列化程序:stackoverflow.com/questions/45099529/…
-
您可能正在寻找JSON Views?
标签: json spring spring-boot jackson deserialization