Package org.ow2.authzforce.jaxrs.util

Class JsonRiJaxrsProvider

  • All Implemented Interfaces:
    javax.ws.rs.ext.MessageBodyReader<org.json.JSONObject>, javax.ws.rs.ext.MessageBodyWriter<org.json.JSONObject>
    @Produces({"application/json","application/*+json"})
@Consumes({"application/json","application/*+json"})
@Provider
public final class JsonRiJaxrsProvider
extends Object
implements javax.ws.rs.ext.MessageBodyReader<org.json.JSONObject>, javax.ws.rs.ext.MessageBodyWriter<org.json.JSONObject>
    JAX-RS entity provider for JSONObject input/output

    • Constructor Summary

      Constructors 
      Constructor Description
      JsonRiJaxrsProvider()
      Constructs JSON provider using default insecure JSONTokener.
      JsonRiJaxrsProvider​(Map<String,​org.everit.json.schema.Schema> schemasByPropertyName)
      Constructs JSON provider using default insecure JSONTokener with validation against a given schema depending on the input JSON root property.
      JsonRiJaxrsProvider​(Map<String,​org.everit.json.schema.Schema> schemasByPropertyName, int maxJsonStringSize, int maxNumOfImmediateChildren, int maxDepth)
      Constructs JSON provider using hardened JSONTokener that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks.
      JsonRiJaxrsProvider​(org.everit.json.schema.Schema schema)
      Constructs JSON provider using default insecure JSONTokener with single JSON schema validation.
      JsonRiJaxrsProvider​(org.everit.json.schema.Schema schema, int maxJsonStringSize, int maxNumOfImmediateChildren, int maxDepth)
      Constructs JSON provider using hardened JSONTokener that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks.

    • Constructor Detail

      • JsonRiJaxrsProvider

        public JsonRiJaxrsProvider()
        Constructs JSON provider using default insecure JSONTokener. Only for trusted environments or protected by JSON-threat-mitigating proxy (e.g. WAF as in Web Application Firewall)

      • JsonRiJaxrsProvider

        public JsonRiJaxrsProvider​(org.everit.json.schema.Schema schema)
        Constructs JSON provider using default insecure JSONTokener with single JSON schema validation. Only for trusted environments or protected by JSON-threat-mitigating proxy (e.g. WAF as in Web Application Firewall)
        Parameters:
        schema - JSON schema, null iff no schema validation shall occur

      • JsonRiJaxrsProvider

        public JsonRiJaxrsProvider​(Map<String,​org.everit.json.schema.Schema> schemasByPropertyName)
        Constructs JSON provider using default insecure JSONTokener with validation against a given schema depending on the input JSON root property. Only for trusted environments or protected by JSON-threat-mitigating proxy (e.g. WAF as in Web Application Firewall).
        Parameters:
        schemasByPropertyName - mappings of JSON property names to schemas, defining which schema to apply according to which (root) property the input JSON object has; if schemasByPropertyName is empty, or schemasByPropertyName does not contain any schema for the input JSON (root) property, no schema validation shall occur. Any input JSON without any root property is considered invalid.

      • JsonRiJaxrsProvider

        public JsonRiJaxrsProvider​(org.everit.json.schema.Schema schema,
                           int maxJsonStringSize,
                           int maxNumOfImmediateChildren,
                           int maxDepth)
        Constructs JSON provider using hardened JSONTokener that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks. Downside: it is slower at parsing than for JsonRiJaxrsProvider().
        Parameters:
        schema - JSON schema, null iff no schema validation shall occur
        maxJsonStringSize - allowed maximum size of JSON keys and string values. Negative or zero values not allowed.
        maxNumOfImmediateChildren - allowed maximum number of keys (therefore key-value pairs) in JSON object, or items in JSON array. Negative or zero values not allowed.
        maxDepth - allowed maximum depth of JSON object. Negative or zero values not allowed.

      • JsonRiJaxrsProvider

        public JsonRiJaxrsProvider​(Map<String,​org.everit.json.schema.Schema> schemasByPropertyName,
                           int maxJsonStringSize,
                           int maxNumOfImmediateChildren,
                           int maxDepth)
        Constructs JSON provider using hardened JSONTokener that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks. Downside: it is slower at parsing than for JsonRiJaxrsProvider(). This provider also validates input JSON against a given schema depending on the input JSON root property.
        Parameters:
        schemasByPropertyName - mappings of JSON property names to schemas, defining which schema to apply according to which (root) property the input JSON object has; if schemasByPropertyName is empty, or schemasByPropertyName does not contain any schema for the input JSON (root) property, no schema validation shall occur. Any input JSON without any root property is considered invalid.
        maxJsonStringSize - allowed maximum size of JSON keys and string values. Negative or zero values not allowed.
        maxNumOfImmediateChildren - allowed maximum number of keys (therefore key-value pairs) in JSON object, or items in JSON array. Negative or zero values not allowed.
        maxDepth - allowed maximum depth of JSON object. Negative or zero values not allowed.

    • Method Detail

      • isWriteable

        public boolean isWriteable​(Class<?> type,
                           Type genericType,
                           Annotation[] annotations,
                           javax.ws.rs.core.MediaType mediaType)
        Specified by:
        isWriteable in interface javax.ws.rs.ext.MessageBodyWriter<org.json.JSONObject>

      • getSize

        public long getSize​(org.json.JSONObject o,
                    Class<?> type,
                    Type genericType,
                    Annotation[] annotations,
                    javax.ws.rs.core.MediaType mediaType)
        Specified by:
        getSize in interface javax.ws.rs.ext.MessageBodyWriter<org.json.JSONObject>

      • writeTo

        public void writeTo​(org.json.JSONObject o,
                    Class<?> type,
                    Type genericType,
                    Annotation[] annotations,
                    javax.ws.rs.core.MediaType mediaType,
                    javax.ws.rs.core.MultivaluedMap<String,​Object> httpHeaders,
                    OutputStream entityStream)
             throws IOException,
                    javax.ws.rs.WebApplicationException
        Specified by:
        writeTo in interface javax.ws.rs.ext.MessageBodyWriter<org.json.JSONObject>
        Throws:
        IOException
        javax.ws.rs.WebApplicationException

      • isReadable

        public boolean isReadable​(Class<?> type,
                          Type genericType,
                          Annotation[] annotations,
                          javax.ws.rs.core.MediaType mediaType)
        Specified by:
        isReadable in interface javax.ws.rs.ext.MessageBodyReader<org.json.JSONObject>

      • readFrom

        public org.json.JSONObject readFrom​(Class<org.json.JSONObject> type,
                                    Type genericType,
                                    Annotation[] annotations,
                                    javax.ws.rs.core.MediaType mediaType,
                                    javax.ws.rs.core.MultivaluedMap<String,​String> httpHeaders,
                                    InputStream entityStream)
                             throws javax.ws.rs.WebApplicationException
        Specified by:
        readFrom in interface javax.ws.rs.ext.MessageBodyReader<org.json.JSONObject>
        Throws:
        javax.ws.rs.WebApplicationException