-
Notifications
You must be signed in to change notification settings - Fork 40.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow Jackson StreamReadConstraints to be configured #34709
Comments
Thanks for raising this, @pjfanning. At the @cowtowncoder if you have a moment, could you please point us in the right direction here? |
Constructing a I'm not sure if this is something that jackson-databind should have but @cowtowncoder may see differently. If there is no way for you to refactor your code, you could subclass jackson-databind's |
@wilkinsona could you highlight some code that you are worried about? I looked at spring-boot and all I can find is lots of code that uses Instead of private static JsonFactory JSON_FACTORY;
// add some code to create JSON_FACTORY with your preferred StreamReadConstraints settings
public static createObjectMapper() {
return JsonMapper.builder(JSON_FACTORY).build();
} |
My concern is a general one and doesn't really focus on any specific area of Spring Boot's code. If there's a mechanism in Jackson for configuring the constraints then based on our past experience with configuring Jackson I expect that we'll be able to use it without too much difficulty. It's a configuration mechanism that's similar to what Jackson offers in various other areas that I am looking for. If there is one area that's likely to be of specific concern it is in and around |
Jackson is moving towards making Object Mappers immutable. You may need to rethink the idea of reconfiguring at that level. Factories and Builders are where Jackson config happens or that's where things are moving. |
Ok, while @pjfanning is correct in that we are moving to Builder-based configuration, there does need to be some support for old-style direct configuration for compatibility reasons. For new functionality this may not be needed but for I will file a EDIT: created FasterXML/jackson-core#962 Thank you @pjfanning for due diligency here: I think this is something that must be resolved for 2.15.0 final & is a good catch now (instead of after release). |
@wilkinsona I did add the obvious 2.x, non-builder mechanism (see FasterXML/jackson-core#962), that is, As usual, help by Spring Boot team is much appreciated: as much as I want 2.15.0 to get done ASAP, I want to also avoid rushing and breaking existing usage by valued user communities. |
Thanks very much, @cowtowncoder. |
With the new setter, it'll be possible for someone to configure the constraints in a Spring Boot application without requiring any changes in Boot: @Bean
Jackson2ObjectMapperBuilderCustomizer customStreamReadConstraints() {
return (builder) -> builder.postConfigurer((objectMapper) -> objectMapper.getFactory()
.setStreamReadConstraints(StreamReadConstraints.builder().maxNestingDepth(2000).build()));
} This will ensure that any |
Correct @wilkinsona, that's the idea. |
We've added a @Configuration
public class JacksonConfig {
@Bean
Jackson2ObjectMapperBuilderCustomizer customStreamReadConstraints() {
return (builder) -> builder.postConfigurer((objectMapper) -> objectMapper.getFactory()
.setStreamReadConstraints(StreamReadConstraints.builder().maxStringLength(100000000).build()));
}
} public static void main(String[] args) {
StreamReadConstraints.overrideDefaultStreamReadConstraints(
StreamReadConstraints.builder().maxStringLength(100000000).build()
);
SpringApplication.run(ApiApplication.class, args);
} |
The only way I could get this to work was to override the defaults in a static context, e.g. @Configuration
public class JacksonConfig {
static {
StreamReadConstraints.overrideDefaultStreamReadConstraints(
StreamReadConstraints.builder().maxStringLength(100000000).build()
);
}
} |
@jamesdh I can't reproduce the behaviour you've described in either case. If |
@wilkinsona I got |
It's really a Jackson question, but as far as I know changes to the defaults should affect every |
I think this issue should be closed as the original change was done. And if there are follow-up issues, file issue in appropriate place(s). |
I'd like to keep the issue open to see if there's sufficient interest in some |
We just ran into this situation. Received a constraints limit reached. It would be nice to be able to set this via properties as most of the configuration we do is via those properties. |
Jackson does not offer much any global configutation, by design -- it is typically embedded as a component so global configuration tends to break usage in unintended places. So no support for property configuration will be added on Jackson side. EDIT: please disregard, as per @wilkinsona comment I was confused about question; not related to Jackson side. Spring definitely has lots of relevant configurability. |
@cowtowncoder, I assume @jjstreet was referring to Spring Boot properties. We already provide several for configuring an |
@wilkinsona Thank you for pointing this out -- yeah I should pay attention to where issue exists, not just look at title & update :) |
It would be quite useful. I keep hitting certain limits every now and then. Copying the same configuration class to every microservice is quite suboptimal. Releasing a jar that has the ability to enable the configuration via properties and including it as a dependency in every app is even more problematic. |
I will say that we were able to route around the stream limit constraints by using the suggested customizer class. Where would such a property exist? |
I'm not sure but it couldn't be a |
This works to allow larger string/json as input |
Jackson 2.15 (v2.15.0-rc1 is out) has a default set of limits that it applies to inputs. Input Files that breach those limits will cause parse exceptions.
spring-boot will need to consider if those limits are ok or if you need to provide a way to configure the Jackson StreamReadConstraints.
https://javadoc.io/static/com.fasterxml.jackson.core/jackson-core/2.15.0-rc1/com/fasterxml/jackson/core/StreamReadConstraints.html
The text was updated successfully, but these errors were encountered: