You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@turbine.apache.org by gk...@apache.org on 2015/08/06 16:10:31 UTC
svn commit: r1694505 - in /turbine/fulcrum/trunk/json:
gson/src/test/org/apache/fulcrum/json/gson/
jackson/src/test/org/apache/fulcrum/json/jackson/
jackson2/src/java/org/apache/fulcrum/json/jackson/ jackson2/src/test/
jackson2/src/test/org/apache/fulc...
Author: gk
Date: Thu Aug 6 14:10:31 2015
New Revision: 1694505
URL: http://svn.apache.org/r1694505
Log:
- Added global character escape (first in jackson 2), optional class
- Update to JUnit 4
Modified:
turbine/fulcrum/trunk/json/gson/src/test/org/apache/fulcrum/json/gson/DefaultServiceTest.java
turbine/fulcrum/trunk/json/jackson/src/test/org/apache/fulcrum/json/jackson/DefaultServiceTest.java
turbine/fulcrum/trunk/json/jackson/src/test/org/apache/fulcrum/json/jackson/JacksonMapperTest.java
turbine/fulcrum/trunk/json/jackson2/src/java/org/apache/fulcrum/json/jackson/Jackson2MapperService.java
turbine/fulcrum/trunk/json/jackson2/src/test/TestComponentConfig.xml
turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/DefaultServiceTest.java
turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/JacksonMapperEnabledDefaultTypingTest.java
turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/JacksonMapperEnabledDefaultTyping_OBJECT_AND_NON_CONCRETE_Test.java
turbine/fulcrum/trunk/json/xdocs/index.xml
Modified: turbine/fulcrum/trunk/json/gson/src/test/org/apache/fulcrum/json/gson/DefaultServiceTest.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/json/gson/src/test/org/apache/fulcrum/json/gson/DefaultServiceTest.java?rev=1694505&r1=1694504&r2=1694505&view=diff
==============================================================================
--- turbine/fulcrum/trunk/json/gson/src/test/org/apache/fulcrum/json/gson/DefaultServiceTest.java (original)
+++ turbine/fulcrum/trunk/json/gson/src/test/org/apache/fulcrum/json/gson/DefaultServiceTest.java Thu Aug 6 14:10:31 2015
@@ -19,6 +19,9 @@ package org.apache.fulcrum.json.gson;
* under the License.
*/
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
import java.lang.reflect.Type;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
@@ -32,7 +35,9 @@ import org.apache.avalon.framework.activ
import org.apache.fulcrum.json.JsonService;
import org.apache.fulcrum.json.Rectangle;
import org.apache.fulcrum.json.TestClass;
-import org.apache.fulcrum.testcontainer.BaseUnitTest;
+import org.apache.fulcrum.testcontainer.BaseUnit4Test;
+import org.junit.Before;
+import org.junit.Test;
import com.google.gson.reflect.TypeToken;
@@ -42,31 +47,21 @@ import com.google.gson.reflect.TypeToken
* @author gk
* @version $Id$
*/
-public class DefaultServiceTest extends BaseUnitTest {
+public class DefaultServiceTest extends BaseUnit4Test {
private JsonService sc = null;
private final String preDefinedOutput = "{\"container\":{\"cf\":\"Config.xml\"},\"configurationName\":\"Config.xml\",\"name\":\"mytest\"}";
-
- /**
- * Constructor for test.
- *
- * @param testName
- * name of the test being executed
- */
- public DefaultServiceTest(String testName) {
- super(testName);
- }
-
- public void setUp() throws Exception {
- super.setUp();
- sc = (JsonService) this.lookup(JsonService.ROLE);
-
+ @Before
+ public void setUp() throws Exception
+ {
+ sc = (JsonService) this.lookup( JsonService.ROLE );
}
+ @Test
public void testSerialize() throws Exception {
String serJson = sc.ser(new TestClass("mytest"));
assertEquals("Serialization failed ", preDefinedOutput, serJson);
}
-
+ @Test
public void testSerializeExcludeNothing() throws Exception {
String serJson = sc.serializeAllExceptFilter(new TestClass("mytest"),
(String[]) null);
@@ -75,47 +70,45 @@ public class DefaultServiceTest extends
"{\"container\":{\"cf\":\"Config.xml\"},\"configurationName\":\"Config.xml\",\"name\":\"mytest\"}",
serJson);
}
-
+ @Test
// deep exclude?!
public void testSerializeExcludeClass() throws Exception {
String serJson = sc.serializeAllExceptFilter(new TestClass("mytest"),
String.class, (String[]) null);
assertEquals("Serialization failed ", "{\"container\":{}}", serJson);
}
-
+ @Test
public void testSerializeExcludeClassAndField() throws Exception {
String serJson = sc.serializeAllExceptFilter(new TestClass("mytest"),
String.class, "container");
assertEquals("Serialization failed ", "{}", serJson);
}
-
+ @Test
public void testSerializeExcludeClassAndFields() throws Exception {
String serJson = sc.serializeAllExceptFilter(new TestClass("mytest"),
Map.class, "configurationName", "name");
assertEquals("Serialization failed ", "{}", serJson);
}
-
+ @Test
public void testSerializeExcludeField() throws Exception {
-
String serJson = sc.serializeAllExceptFilter(new TestClass("mytest"),
"configurationName");
assertEquals("Serialization failed ",
"{\"container\":{\"cf\":\"Config.xml\"},\"name\":\"mytest\"}",
serJson);
}
-
+ @Test
public void testSerializeDate() throws Exception {
final SimpleDateFormat MMddyyyy = new SimpleDateFormat("MM/dd/yyyy");
Map<String, Object> map = new HashMap<String, Object>();
map.put("date", Calendar.getInstance().getTime());
-
sc.setDateFormat(MMddyyyy);
String serJson = sc.ser(map);
System.out.println("serJson:" + serJson);
assertTrue("Serialize with Adapater failed ",
serJson.matches("\\{\"date\":\"\\d\\d/\\d\\d/\\d{4}\"\\}"));
}
-
+ @Test
// does not seerialize size
public void testSerializeCollection() throws Exception {
List<Rectangle> rectList = new ArrayList<Rectangle>();
@@ -129,7 +122,7 @@ public class DefaultServiceTest extends
"[{'w':0,'h':0,'name':'rect0'},{'w':1,'h':1,'name':'rect1'},{'w':2,'h':2,'name':'rect2'},{'w':3,'h':3,'name':'rect3'},{'w':4,'h':4,'name':'rect4'},{'w':5,'h':5,'name':'rect5'},{'w':6,'h':6,'name':'rect6'},{'w':7,'h':7,'name':'rect7'},{'w':8,'h':8,'name':'rect8'},{'w':9,'h':9,'name':'rect9'}]",
adapterSer.replace('"', '\''));
}
-
+ @Test
public void testSerializationCollectioPrimitiveWrapper() throws Exception {
List<Integer> intList = new ArrayList<Integer>();
@@ -143,7 +136,7 @@ public class DefaultServiceTest extends
"[0,1,4,9,16,25,36,49,64,81]",
result);
}
-
+ @Test
public void testSerializeTypeAdapterForCollection() throws Exception {
sc.addAdapter("Collection Adapter", ArrayList.class,
new TypeAdapterForCollection());
@@ -158,7 +151,7 @@ public class DefaultServiceTest extends
"{'rect0':0,'rect1':1,'rect2':4,'rect3':9,'rect4':16,'rect5':25,'rect6':36,'rect7':49,'rect8':64,'rect9':81}",
adapterSer.replace('"', '\''));
}
-
+ @Test
public void testMixinAdapter() throws Exception {
sc.addAdapter("Test Adapter", TestClass.class, new TestJsonSerializer());
String adapterSer = sc.ser(new TestClass("mytest"));
@@ -170,13 +163,13 @@ public class DefaultServiceTest extends
assertEquals("failed adapter serialization:",
"{\"container\":{\"cf\":\"Config.xml\"},\"configurationName\":\"Config.xml\",\"name\":\"mytest\"}", defaultSer);
}
-
+ @Test
public void testDeSerialize() throws Exception {
String serJson = sc.ser(new TestClass("mytest"));
Object deson = sc.deSer(serJson, TestClass.class);
assertEquals("Serialization failed ", TestClass.class, deson.getClass());
}
-
+ @Test
public void testDeserializationCollection() throws Exception {
List<Rectangle> rectList = new ArrayList<Rectangle>();
for (int i = 0; i < 10; i++) {
@@ -191,7 +184,7 @@ public class DefaultServiceTest extends
.get(i).getSize());
}
}
-
+ @Test
public void testDeserializationTypeAdapterForCollection() throws Exception {
sc.addAdapter("Collection Adapter", ArrayList.class,
TypeAdapterForCollection.class);
@@ -207,7 +200,7 @@ public class DefaultServiceTest extends
.get(i).getSize());
}
}
-
+ @Test
public void testSerializeWithMixinAndFilter() throws Exception {
Rectangle filteredRectangle = new Rectangle(5, 10);
filteredRectangle.setName("jim");
@@ -222,7 +215,7 @@ public class DefaultServiceTest extends
"{\"name\":\"jim\",\"width\":5}",
rectangle);
}
-
+ @Test
public void testSerializeWithOnlyFilter() throws Exception {
// as gson adds we could not use multiple disjunct exclusion strategies
@@ -232,7 +225,7 @@ public class DefaultServiceTest extends
"{\"configurationName\":\"Config.xml\"}",
serJson);
}
-
+ @Test
public void testSerializeWithOnlyFilter2() throws Exception {
// as gson adds we could not use multiple disjunct exclusion strategies
@@ -243,7 +236,6 @@ public class DefaultServiceTest extends
"Ser filtered Rectangle failed ",
"{\"w\":5}",
rectangle);
-
}
Modified: turbine/fulcrum/trunk/json/jackson/src/test/org/apache/fulcrum/json/jackson/DefaultServiceTest.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/json/jackson/src/test/org/apache/fulcrum/json/jackson/DefaultServiceTest.java?rev=1694505&r1=1694504&r2=1694505&view=diff
==============================================================================
--- turbine/fulcrum/trunk/json/jackson/src/test/org/apache/fulcrum/json/jackson/DefaultServiceTest.java (original)
+++ turbine/fulcrum/trunk/json/jackson/src/test/org/apache/fulcrum/json/jackson/DefaultServiceTest.java Thu Aug 6 14:10:31 2015
@@ -19,6 +19,8 @@ package org.apache.fulcrum.json.jackson;
* under the License.
*/
+import static org.junit.Assert.*;
+
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
@@ -29,7 +31,10 @@ import java.util.Map;
import org.apache.fulcrum.json.JsonService;
import org.apache.fulcrum.json.TestClass;
+import org.apache.fulcrum.testcontainer.BaseUnit4Test;
import org.apache.fulcrum.testcontainer.BaseUnitTest;
+import org.junit.Before;
+import org.junit.Test;
/**
@@ -38,30 +43,20 @@ import org.apache.fulcrum.testcontainer.
* @author gk
* @version $Id$
*/
-public class DefaultServiceTest extends BaseUnitTest {
+public class DefaultServiceTest extends BaseUnit4Test {
private JsonService sc = null;
private final String preDefinedOutput = "{\"container\":{\"cf\":\"Config.xml\"},\"configurationName\":\"Config.xml\",\"name\":\"mytest\"}";
- /**
- * Constructor for test.
- *
- * @param testName
- * name of the test being executed
- */
- public DefaultServiceTest(String testName) {
- super(testName);
- }
-
+ @Before
public void setUp() throws Exception {
- super.setUp();
sc = (JsonService) this.lookup(JsonService.ROLE);
}
-
+ @Test
public void testSerialize() throws Exception {
String serJson = sc.ser(new TestClass("mytest"));
assertEquals("Serialization failed ", preDefinedOutput, serJson);
}
-
+ @Test
public void testSerializeExcludeNothing() throws Exception {
String serJson = sc.ser(new TestClass("mytest"));
assertEquals(
@@ -69,8 +64,7 @@ public class DefaultServiceTest extends
"{\"container\":{\"cf\":\"Config.xml\"},\"configurationName\":\"Config.xml\",\"name\":\"mytest\"}",
serJson);
}
-
-
+ @Test
public void ignoreTestSerializeExcludeClass() throws Exception {
// jackson 1 could yet not exclude classes
}
@@ -87,7 +81,7 @@ public class DefaultServiceTest extends
// no deep ignore??
}
-
+ @Test
public void testSerializeDate() throws Exception {
final SimpleDateFormat MMddyyyy = new SimpleDateFormat("MM/dd/yyyy");
Map<String, Object> map = new HashMap<String, Object>();
@@ -99,7 +93,7 @@ public class DefaultServiceTest extends
assertTrue("Serialize with Adapter failed ",
serJson.matches("\\{\"date\":\"\\d\\d/\\d\\d/\\d{4}\"\\}"));
}
-
+ @Test
// jackson serializes size too
public void testSerializeCollection() throws Exception {
List<org.apache.fulcrum.json.Rectangle> rectList = new ArrayList<org.apache.fulcrum.json.Rectangle>();
@@ -113,9 +107,8 @@ public class DefaultServiceTest extends
"[{'w':0,'h':0,'name':'rect0','size':0},{'w':1,'h':1,'name':'rect1','size':1},{'w':2,'h':2,'name':'rect2','size':4},{'w':3,'h':3,'name':'rect3','size':9},{'w':4,'h':4,'name':'rect4','size':16},{'w':5,'h':5,'name':'rect5','size':25},{'w':6,'h':6,'name':'rect6','size':36},{'w':7,'h':7,'name':'rect7','size':49},{'w':8,'h':8,'name':'rect8','size':64},{'w':9,'h':9,'name':'rect9','size':81}]",
adapterSer.replace('"', '\''));
}
-
+ @Test
public void testSerializationCollectioPrimitiveWrapper() throws Exception {
-
List<Integer> intList = new ArrayList<Integer>();
for (int i = 0; i < 10; i++) {
Integer integer = new Integer(i*i);
@@ -153,14 +146,14 @@ public class DefaultServiceTest extends
// assertEquals("failed adapter serialization:",
// "{\"n\":\"mytest\",\"p\":\"Config.xml\",\"c\":[]}", adapterSer);
// }
-
+ @Test
public void testDeSerialize() throws Exception {
String serJson = sc.ser(new TestClass("mytest"));
Object deson = sc.deSer(serJson, TestClass.class);
assertEquals("Serialization failed ", TestClass.class, deson.getClass());
}
-
+ @Test
public void testDeserializationCollection() throws Exception {
List<Rectangle> rectList = new ArrayList<Rectangle>();
for (int i = 0; i < 10; i++) {
@@ -180,7 +173,7 @@ public class DefaultServiceTest extends
public void testDeserializationTypeAdapterForCollection() throws Exception {
// not implemented
}
-
+ @Test
public void testSerializeWithMixinAndFilter() throws Exception {
Bean filteredBean = new Bean();
filteredBean.setName("joe");
@@ -194,7 +187,7 @@ public class DefaultServiceTest extends
"{}",
bean);
}
-
+ @Test
public void testSerializeWithOnlyFilter() throws Exception {
// no deep include ??
Bean filteredBean = new Bean();
Modified: turbine/fulcrum/trunk/json/jackson/src/test/org/apache/fulcrum/json/jackson/JacksonMapperTest.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/json/jackson/src/test/org/apache/fulcrum/json/jackson/JacksonMapperTest.java?rev=1694505&r1=1694504&r2=1694505&view=diff
==============================================================================
--- turbine/fulcrum/trunk/json/jackson/src/test/org/apache/fulcrum/json/jackson/JacksonMapperTest.java (original)
+++ turbine/fulcrum/trunk/json/jackson/src/test/org/apache/fulcrum/json/jackson/JacksonMapperTest.java Thu Aug 6 14:10:31 2015
@@ -19,9 +19,11 @@ package org.apache.fulcrum.json.jackson;
* under the License.
*/
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
import java.util.ArrayList;
import java.util.Calendar;
-import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
@@ -32,9 +34,11 @@ import org.apache.avalon.framework.logge
import org.apache.fulcrum.json.JsonService;
import org.apache.fulcrum.json.Rectangle;
import org.apache.fulcrum.json.TestClass;
-import org.apache.fulcrum.testcontainer.BaseUnitTest;
+import org.apache.fulcrum.testcontainer.BaseUnit4Test;
import org.codehaus.jackson.annotate.JsonIgnore;
import org.codehaus.jackson.annotate.JsonProperty;
+import org.junit.Before;
+import org.junit.Test;
/**
* Jackson1 JSON Test
@@ -42,33 +46,23 @@ import org.codehaus.jackson.annotate.Jso
* @author gk
* @version $Id$
*/
-public class JacksonMapperTest extends BaseUnitTest {
+public class JacksonMapperTest extends BaseUnit4Test {
private JsonService sc = null;
+ private final String preDefinedOutput = "{\"container\":{\"cf\":\"Config.xml\"},\"configurationName\":\"Config.xml\",\"name\":\"mytest\"}";
Logger logger;
- /**
- * Constructor for test.
- *
- * @param testName
- * name of the test being executed
- */
- public JacksonMapperTest(String testName) {
- super(testName);
- }
-
+ @Before
public void setUp() throws Exception {
- super.setUp();
sc = (JsonService) this.lookup(JsonService.ROLE);
logger = new ConsoleLogger(ConsoleLogger.LEVEL_DEBUG);
}
-
+ @Test
public void testSerialize() throws Exception {
- String serJson = sc.ser(new JacksonMapperTest("mytest"));
- assertEquals("Set failed ", "{\"name\":\"mytest\"}", serJson);
+ String serJson = sc.ser(new TestClass("mytest"));
+ assertEquals("Serialization failed ", preDefinedOutput, serJson);
}
-
+ @Test
public void testSerializeDateWithDefaultDateFormat() throws Exception {
-
Map<String, Date> map = new HashMap<String, Date>();
map.put("date", Calendar.getInstance().getTime());
String serJson = sc.ser(map);
@@ -76,7 +70,7 @@ public class JacksonMapperTest extends B
serJson.matches("\\{\"date\":\"\\d\\d/\\d\\d/\\d{4}\"\\}"));
}
-
+ @Test
public void testDeSerialize1() throws Exception {
Map<String, Integer> map = new HashMap<String, Integer>();
@@ -85,14 +79,14 @@ public class JacksonMapperTest extends B
assertEquals("Integer DeSer failed ", 5001, deserMap.get("name"));
}
-
+ @Test
public void testSerializeSingleObjectExcludeWithMixins() throws Exception {
sc.addAdapter("M4RMixin", Rectangle.class, Mixin.class);
String serRect = sc.ser(new Rectangle(25, 3));
assertEquals("DeSer failed ", "{\"width\":25}", serRect);
}
-
+ @Test
public void testSerializeTwoObjectsIncludeOnlyAnnotationCustomFilterId()
throws Exception {
Bean filteredBean = new Bean();
@@ -110,7 +104,7 @@ public class JacksonMapperTest extends B
logger.debug("rectangle: " + rectangle);
}
-
+ @Test
public void testDeSerialize() throws Exception {
String serJson = sc.ser(new TestClass("mytest"));
Object deson = sc.deSer(serJson, TestClass.class);
@@ -134,7 +128,7 @@ public class JacksonMapperTest extends B
// .get(i).getW());
// }
// }
-
+ @Test
public void testMixins() throws Exception {
Rectangle filteredRectangle = new Rectangle(5, 10);
@@ -144,7 +138,7 @@ public class JacksonMapperTest extends B
filteredRectangle);
assertEquals("Ser failed ", "{\"width\":5}", serRect);
}
-
+ @Test
public void testMixis2() throws Exception {
Bean filteredBean = new Bean();
filteredBean.setName("joe");
@@ -158,9 +152,8 @@ public class JacksonMapperTest extends B
String bean = sc.serializeOnlyFilter(filteredBean, Bean.class, "name");
assertEquals("Ser filtered Bean failed ", "{\"name\":\"joe\"}", bean);
}
-
+ @Test
public void testFilteredCollectionOfBeans() throws Exception {
-
List<Bean> beanList = new ArrayList<Bean>();
for (int i = 0; i < 10; i++) {
Bean filteredBean = new Bean();
@@ -180,11 +173,9 @@ public class JacksonMapperTest extends B
logger.debug("deser bean: " + bean.getName() + " is "
+ bean.getAge());
}
-
}
-
+ @Test
public void testMixinCollectionOfBeans() throws Exception {
-
List<Bean> beanList = new ArrayList<Bean>();
for (int i = 0; i < 10; i++) {
Bean filteredBean = new Bean();
@@ -204,7 +195,6 @@ public class JacksonMapperTest extends B
logger.debug("deser bean: " + bean.getName() + " is "
+ bean.getAge());
}
-
}
// @JsonFilter("myFilter")
Modified: turbine/fulcrum/trunk/json/jackson2/src/java/org/apache/fulcrum/json/jackson/Jackson2MapperService.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/json/jackson2/src/java/org/apache/fulcrum/json/jackson/Jackson2MapperService.java?rev=1694505&r1=1694504&r2=1694505&view=diff
==============================================================================
--- turbine/fulcrum/trunk/json/jackson2/src/java/org/apache/fulcrum/json/jackson/Jackson2MapperService.java (original)
+++ turbine/fulcrum/trunk/json/jackson2/src/java/org/apache/fulcrum/json/jackson/Jackson2MapperService.java Thu Aug 6 14:10:31 2015
@@ -39,6 +39,8 @@ import com.fasterxml.jackson.core.JsonGe
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonParser.Feature;
import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.SerializableString;
+import com.fasterxml.jackson.core.io.CharacterEscapes;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.AnnotationIntrospector;
import com.fasterxml.jackson.databind.DeserializationFeature;
@@ -83,6 +85,8 @@ public class Jackson2MapperService exten
private static final String DEFAULT_TYPING = "defaultTyping";
private static final String CACHE_FILTERS = "cacheFilters";
private static final String DATE_FORMAT = "dateFormat";
+ private static final String ESCAPE_CHARS = "escapeCharsGlobal";
+ private static final String ESCAPE_CHAR_CLASS = "escapeCharsClass";
ObjectMapper mapper;
AnnotationIntrospector primary; // support default
AnnotationIntrospector secondary;
@@ -105,6 +109,8 @@ public class Jackson2MapperService exten
// multiple serialization in one thread
String[] defaultTypeDefs = null;
private CacheService cacheService;
+ private boolean escapeCharsGlobal = false; // to be backward compatible, but should be true, then escaping to avoid XSS payload by default
+ private String escapeCharsClass = null;
@Override
public String ser(Object src) throws Exception {
@@ -503,6 +509,17 @@ public class Jackson2MapperService exten
if (configuredKeepFilter != null) {
this.cacheFilters = configuredKeepFilter.getValueAsBoolean();
}
+ final Configuration configuredEscapeChars = conf.getChild(ESCAPE_CHARS,
+ false);
+ if (configuredEscapeChars != null) {
+ this.escapeCharsGlobal = configuredEscapeChars.getValueAsBoolean();
+ }
+ final Configuration configuredEscapeCharClass = conf.getChild(ESCAPE_CHAR_CLASS,
+ false);
+ if (configuredEscapeCharClass != null) {
+ this.escapeCharsClass = configuredEscapeCharClass.getValue();
+ }
+
final Configuration configuredDefaultType = conf.getChild(
DEFAULT_TYPING, false);
if (configuredDefaultType != null) {
@@ -685,6 +702,20 @@ public class Jackson2MapperService exten
}
mapper.setDateFormat(new SimpleDateFormat(dateFormat));
+
+ if (escapeCharsGlobal) {
+ mapper.getFactory().setCharacterEscapes(characterEscapes);
+ }
+ if (escapeCharsClass != null) {
+ try {
+ characterEscapes = (CharacterEscapes) Class.forName(escapeCharsClass).getConstructor()
+ .newInstance();
+ } catch (Exception e) {
+ throw new Exception(
+ "JsonMapperService: Error instantiating " + escapeCharsClass
+ + " for " + ESCAPE_CHAR_CLASS );
+ }
+ }
getLogger().debug("initialized mapper:" + mapper);
@@ -726,4 +757,31 @@ public class Jackson2MapperService exten
if (!cacheFilters)
mapper.configure(SerializationFeature.FLUSH_AFTER_WRITE_VALUE, true);
}
+
+ static CharacterEscapes characterEscapes = new CharacterEscapes() {
+ private static final long serialVersionUID = 1L;
+ private final int[] asciiEscapes;
+ { // instance init
+ int[] esc = standardAsciiEscapesForJSON();
+ // this avoids to get evaluated immediately
+ esc['<'] = CharacterEscapes.ESCAPE_STANDARD;
+ esc['>'] = CharacterEscapes.ESCAPE_STANDARD;
+ esc['&'] = CharacterEscapes.ESCAPE_STANDARD;
+ esc['\''] = CharacterEscapes.ESCAPE_STANDARD;
+ //esc['/'] = '/'; //CharacterEscapes.ESCAPE_CUSTOM;
+ asciiEscapes = esc;
+ }
+ @Override
+ public int[] getEscapeCodesForAscii() {
+ return asciiEscapes;
+ }
+ @Override
+ public SerializableString getEscapeSequence(final int ch) {
+// if ( ch == '/') {
+// return new SerializedString("\\\\/");
+// } else {
+ return null;
+// }
+ }
+ };
}
Modified: turbine/fulcrum/trunk/json/jackson2/src/test/TestComponentConfig.xml
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/json/jackson2/src/test/TestComponentConfig.xml?rev=1694505&r1=1694504&r2=1694505&view=diff
==============================================================================
--- turbine/fulcrum/trunk/json/jackson2/src/test/TestComponentConfig.xml (original)
+++ turbine/fulcrum/trunk/json/jackson2/src/test/TestComponentConfig.xml Thu Aug 6 14:10:31 2015
@@ -35,7 +35,9 @@
</features>
</annotationInspectors>
<dateFormat>MM/dd/yyyy</dateFormat>
+ <escapeCharsGlobal>true</escapeCharsGlobal>
<!-- defaultTyping type="NON_FINAL" key="type"/--><!-- or OBJECT_AND_NON_CONCRETE -->
<!-- cacheFilters>false</cacheFilters-->
+ <!-- escapeCharsClass>net.example.EscapeCharClass</escapeCharsClass -->
</json>
</componentConfig>
Modified: turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/DefaultServiceTest.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/DefaultServiceTest.java?rev=1694505&r1=1694504&r2=1694505&view=diff
==============================================================================
--- turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/DefaultServiceTest.java (original)
+++ turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/DefaultServiceTest.java Thu Aug 6 14:10:31 2015
@@ -30,6 +30,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import org.apache.avalon.framework.logger.ConsoleLogger;
import org.apache.fulcrum.json.JsonService;
import org.apache.fulcrum.json.Rectangle;
import org.apache.fulcrum.json.TestClass;
@@ -38,6 +39,7 @@ import org.apache.fulcrum.testcontainer.
import org.junit.Before;
import org.junit.Test;
+import com.fasterxml.jackson.core.io.CharacterEscapes;
import com.fasterxml.jackson.core.type.TypeReference;
/**
@@ -52,7 +54,7 @@ public class DefaultServiceTest extends
@Before
public void setUp() throws Exception {
- //setLogLevel(ConsoleLogger.LEVEL_DEBUG);
+ setLogLevel(ConsoleLogger.LEVEL_DEBUG);
sc = (JsonService) this.lookup(JsonService.ROLE);
}
@@ -353,5 +355,17 @@ public class DefaultServiceTest extends
TypeReference<List<TypedRectangle>> typeRef = new TypeReference<List<TypedRectangle>>(){};
System.out.println("aa:" +((Jackson2MapperService)sc).serCollectionWithTypeReference(rectList,typeRef, false));
}
+ @Test
+ // jackson dies not escape anything, except double quotes and backslash, you could provide
+ public void testSerializeHTMLEscape() throws Exception {
+ Rectangle filteredRect = new Rectangle(2, 3, "rectÃber<strong>StockundStein ï</strong></script><script>alert('xss')</script>" + 0);
+ String adapterSer = sc.ser(filteredRect);
+ System.out.println(adapterSer);
+ assertEquals("html entities ser",
+ "{'w':2,'h':3,'name':'rectÃber\\u003Cstrong\\u003EStockundStein \\u0026iuml;\\u003C/strong\\u003E\\u003C/script\\u003E\\u003Cscript\\u003Ealert(\\u0027xss\\u0027)\\u003C/script\\u003E0','size':6}",
+ adapterSer.replace('"', '\''));
+ // you could set your own escapes here in class esc extending from CharacterEscapes.
+ //((Jackson2MapperService)sc).getMapper().getFactory().setCharacterEscapes(esc ) );
+ }
}
Modified: turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/JacksonMapperEnabledDefaultTypingTest.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/JacksonMapperEnabledDefaultTypingTest.java?rev=1694505&r1=1694504&r2=1694505&view=diff
==============================================================================
--- turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/JacksonMapperEnabledDefaultTypingTest.java (original)
+++ turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/JacksonMapperEnabledDefaultTypingTest.java Thu Aug 6 14:10:31 2015
@@ -78,13 +78,12 @@ public class JacksonMapperEnabledDefault
}
@Test
public void testSerializeDateWithDefaultDateFormat() throws Exception {
-
Map<String, Date> map = new HashMap<String, Date>();
map.put("date", Calendar.getInstance().getTime());
String serJson = sc.ser(map);
- //System.out.println("serJson:" +serJson);
- assertTrue(
- "Serialize with Adapater failed ",
+ System.out.println("serJson:" +serJson);
+ assertEquals(
+ "Serialize with Adapater failed ",true,
serJson.matches(".*\"java.util.Date\",\"\\d\\d/\\d\\d/\\d{4}\".*"));
}
@Test
Modified: turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/JacksonMapperEnabledDefaultTyping_OBJECT_AND_NON_CONCRETE_Test.java
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/JacksonMapperEnabledDefaultTyping_OBJECT_AND_NON_CONCRETE_Test.java?rev=1694505&r1=1694504&r2=1694505&view=diff
==============================================================================
--- turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/JacksonMapperEnabledDefaultTyping_OBJECT_AND_NON_CONCRETE_Test.java (original)
+++ turbine/fulcrum/trunk/json/jackson2/src/test/org/apache/fulcrum/json/jackson/JacksonMapperEnabledDefaultTyping_OBJECT_AND_NON_CONCRETE_Test.java Thu Aug 6 14:10:31 2015
@@ -83,7 +83,7 @@ public class JacksonMapperEnabledDefault
Map<String, Date> map = new HashMap<String, Date>();
map.put("date", Calendar.getInstance().getTime());
String serJson = sc.ser(map);
- //System.out.println("serJson:" +serJson);
+ System.out.println("serJson:" +serJson);
assertTrue(
"Serialize with Adapater failed ",
serJson.matches(".*\"java.util.Date\",\"\\d\\d/\\d\\d/\\d{4}\".*"));
Modified: turbine/fulcrum/trunk/json/xdocs/index.xml
URL: http://svn.apache.org/viewvc/turbine/fulcrum/trunk/json/xdocs/index.xml?rev=1694505&r1=1694504&r2=1694505&view=diff
==============================================================================
--- turbine/fulcrum/trunk/json/xdocs/index.xml (original)
+++ turbine/fulcrum/trunk/json/xdocs/index.xml Thu Aug 6 14:10:31 2015
@@ -28,7 +28,7 @@
<body>
<section name="Overview">
- <p>The intent of this component is to provide a configurable and customized integration of JSON De-/Serializers using GSON, Jackson 1 and Jackson 2 APIs into Avalon/Turbine.
+ <p>The intent of this component is to provide a configurable and customized integration of JSON De-/Serializers using GSON, Jackson 1 and Jackson 2 APIs into Avalon/Turbine. It is a common pattern with client-side MVC applications to embed data for a base set of objects in a page instead of making a separate AJAX request to load them.
It is written for use in Turbine but it can be used in any container compatible
with Avalon's ECM container. There are three implementations