@Produces(value={"application/json","application/*+json"})
@Consumes(value={"application/json","application/*+json"})
@Provider
public final class JsonRiJaxrsProvider
extends Object
implements javax.ws.rs.ext.MessageBodyReader<org.json.JSONObject>, javax.ws.rs.ext.MessageBodyWriter<org.json.JSONObject>
JSONObject input/output| Constructor and Description |
|---|
JsonRiJaxrsProvider()
Constructs JSON provider using default insecure
JSONTokener. |
JsonRiJaxrsProvider(Map<String,org.everit.json.schema.Schema> schemasByPropertyName)
Constructs JSON provider using default insecure
JSONTokener with validation against a given schema depending on the input JSON root property. |
JsonRiJaxrsProvider(Map<String,org.everit.json.schema.Schema> schemasByPropertyName,
int maxJsonStringSize,
int maxNumOfImmediateChildren,
int maxDepth)
Constructs JSON provider using hardened
JSONTokener that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks. |
JsonRiJaxrsProvider(org.everit.json.schema.Schema schema)
Constructs JSON provider using default insecure
JSONTokener with single JSON schema validation. |
JsonRiJaxrsProvider(org.everit.json.schema.Schema schema,
int maxJsonStringSize,
int maxNumOfImmediateChildren,
int maxDepth)
Constructs JSON provider using hardened
JSONTokener that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks. |
| Modifier and Type | Method and Description |
|---|---|
long |
getSize(org.json.JSONObject o,
Class<?> type,
Type genericType,
Annotation[] annotations,
javax.ws.rs.core.MediaType mediaType) |
boolean |
isReadable(Class<?> type,
Type genericType,
Annotation[] annotations,
javax.ws.rs.core.MediaType mediaType) |
boolean |
isWriteable(Class<?> type,
Type genericType,
Annotation[] annotations,
javax.ws.rs.core.MediaType mediaType) |
org.json.JSONObject |
readFrom(Class<org.json.JSONObject> type,
Type genericType,
Annotation[] annotations,
javax.ws.rs.core.MediaType mediaType,
javax.ws.rs.core.MultivaluedMap<String,String> httpHeaders,
InputStream entityStream) |
void |
writeTo(org.json.JSONObject o,
Class<?> type,
Type genericType,
Annotation[] annotations,
javax.ws.rs.core.MediaType mediaType,
javax.ws.rs.core.MultivaluedMap<String,Object> httpHeaders,
OutputStream entityStream) |
public JsonRiJaxrsProvider()
JSONTokener. Only for trusted environments or protected by JSON-threat-mitigating proxy (e.g. WAF as in Web Application Firewall)public JsonRiJaxrsProvider(org.everit.json.schema.Schema schema)
JSONTokener with single JSON schema validation. Only for trusted environments or protected by JSON-threat-mitigating proxy (e.g. WAF as
in Web Application Firewall)schema - JSON schema, null iff no schema validation shall occurpublic JsonRiJaxrsProvider(Map<String,org.everit.json.schema.Schema> schemasByPropertyName)
JSONTokener with validation against a given schema depending on the input JSON root property. Only for trusted environments or protected
by JSON-threat-mitigating proxy (e.g. WAF as in Web Application Firewall).schemasByPropertyName - mappings of JSON property names to schemas, defining which schema to apply according to which (root) property the input JSON object has; if schemasByPropertyName is empty, or
schemasByPropertyName does not contain any schema for the input JSON (root) property, no schema validation shall occur. Any input JSON without any root property is considered
invalid.public JsonRiJaxrsProvider(org.everit.json.schema.Schema schema,
int maxJsonStringSize,
int maxNumOfImmediateChildren,
int maxDepth)
JSONTokener that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks. Downside: it is slower
at parsing than for JsonRiJaxrsProvider().schema - JSON schema, null iff no schema validation shall occurmaxJsonStringSize - allowed maximum size of JSON keys and string values. Negative or zero values not allowed.maxNumOfImmediateChildren - allowed maximum number of keys (therefore key-value pairs) in JSON object, or items in JSON array. Negative or zero values not allowed.maxDepth - allowed maximum depth of JSON object. Negative or zero values not allowed.public JsonRiJaxrsProvider(Map<String,org.everit.json.schema.Schema> schemasByPropertyName, int maxJsonStringSize, int maxNumOfImmediateChildren, int maxDepth)
JSONTokener that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks. Downside: it is slower
at parsing than for JsonRiJaxrsProvider(). This provider also validates input JSON against a given schema depending on the input JSON root property.schemasByPropertyName - mappings of JSON property names to schemas, defining which schema to apply according to which (root) property the input JSON object has; if schemasByPropertyName is empty, or
schemasByPropertyName does not contain any schema for the input JSON (root) property, no schema validation shall occur. Any input JSON without any root property is considered
invalid.maxJsonStringSize - allowed maximum size of JSON keys and string values. Negative or zero values not allowed.maxNumOfImmediateChildren - allowed maximum number of keys (therefore key-value pairs) in JSON object, or items in JSON array. Negative or zero values not allowed.maxDepth - allowed maximum depth of JSON object. Negative or zero values not allowed.public boolean isWriteable(Class<?> type, Type genericType, Annotation[] annotations, javax.ws.rs.core.MediaType mediaType)
isWriteable in interface javax.ws.rs.ext.MessageBodyWriter<org.json.JSONObject>public long getSize(org.json.JSONObject o,
Class<?> type,
Type genericType,
Annotation[] annotations,
javax.ws.rs.core.MediaType mediaType)
getSize in interface javax.ws.rs.ext.MessageBodyWriter<org.json.JSONObject>public void writeTo(org.json.JSONObject o,
Class<?> type,
Type genericType,
Annotation[] annotations,
javax.ws.rs.core.MediaType mediaType,
javax.ws.rs.core.MultivaluedMap<String,Object> httpHeaders,
OutputStream entityStream)
throws IOException,
javax.ws.rs.WebApplicationException
writeTo in interface javax.ws.rs.ext.MessageBodyWriter<org.json.JSONObject>IOExceptionjavax.ws.rs.WebApplicationExceptionpublic boolean isReadable(Class<?> type, Type genericType, Annotation[] annotations, javax.ws.rs.core.MediaType mediaType)
isReadable in interface javax.ws.rs.ext.MessageBodyReader<org.json.JSONObject>public org.json.JSONObject readFrom(Class<org.json.JSONObject> type, Type genericType, Annotation[] annotations, javax.ws.rs.core.MediaType mediaType, javax.ws.rs.core.MultivaluedMap<String,String> httpHeaders, InputStream entityStream) throws IOException, javax.ws.rs.WebApplicationException
readFrom in interface javax.ws.rs.ext.MessageBodyReader<org.json.JSONObject>IOExceptionjavax.ws.rs.WebApplicationExceptionCopyright © 2012–2020. All rights reserved.