Package org.ow2.authzforce.jaxrs.util

Class JsonRiJaxrsProvider

java.lang.Object

org.ow2.authzforce.jaxrs.util.JsonRiJaxrsProvider

All Implemented Interfaces:

jakarta.ws.rs.ext.MessageBodyReader<org.json.JSONObject>, jakarta.ws.rs.ext.MessageBodyWriter<org.json.JSONObject>

@Produces({"application/json","application/*+json"})
@Consumes({"application/json","application/*+json"})
@Provider
public final class JsonRiJaxrsProvider
extends Object
implements jakarta.ws.rs.ext.MessageBodyReader<org.json.JSONObject>, jakarta.ws.rs.ext.MessageBodyWriter<org.json.JSONObject>

JAX-RS entity provider for JSONObject input/output

Constructor Summary

Constructors

Constructor	Description
JsonRiJaxrsProvider()	Constructs JSON provider using default insecure JSONTokener.
JsonRiJaxrsProvider(Map<String,org.everit.json.schema.Schema> schemasByPropertyName)	Constructs JSON provider using default insecure JSONTokener with validation against a given schema depending on the input JSON root property.
JsonRiJaxrsProvider(Map<String,org.everit.json.schema.Schema> schemasByPropertyName, int maxJsonStringSize, int maxNumOfImmediateChildren, int maxDepth)	Constructs JSON provider using hardened JSONTokener that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks.
JsonRiJaxrsProvider(org.everit.json.schema.Schema schema)	Constructs JSON provider using default insecure JSONTokener with single JSON schema validation.
JsonRiJaxrsProvider(org.everit.json.schema.Schema schema, int maxJsonStringSize, int maxNumOfImmediateChildren, int maxDepth)	Constructs JSON provider using hardened JSONTokener that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks.

Method Summary

Modifier and Type	Method	Description
long	getSize(org.json.JSONObject o, Class<?> type, Type genericType, Annotation[] annotations, jakarta.ws.rs.core.MediaType mediaType)
boolean	isReadable(Class<?> type, Type genericType, Annotation[] annotations, jakarta.ws.rs.core.MediaType mediaType)
boolean	isWriteable(Class<?> type, Type genericType, Annotation[] annotations, jakarta.ws.rs.core.MediaType mediaType)
org.json.JSONObject	readFrom(Class<org.json.JSONObject> type, Type genericType, Annotation[] annotations, jakarta.ws.rs.core.MediaType mediaType, jakarta.ws.rs.core.MultivaluedMap<String,String> httpHeaders, InputStream entityStream)
void	writeTo(org.json.JSONObject o, Class<?> type, Type genericType, Annotation[] annotations, jakarta.ws.rs.core.MediaType mediaType, jakarta.ws.rs.core.MultivaluedMap<String,Object> httpHeaders, OutputStream entityStream)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

JsonRiJaxrsProvider

public JsonRiJaxrsProvider()

Constructs JSON provider using default insecure JSONTokener. Only for trusted environments or protected by JSON-threat-mitigating proxy (e.g. WAF as in Web Application Firewall)

JsonRiJaxrsProvider

public JsonRiJaxrsProvider(org.everit.json.schema.Schema schema)

Constructs JSON provider using default insecure JSONTokener with single JSON schema validation. Only for trusted environments or protected by JSON-threat-mitigating proxy (e.g. WAF as in Web Application Firewall)

Parameters:

schema - JSON schema, null iff no schema validation shall occur

JsonRiJaxrsProvider

public JsonRiJaxrsProvider(Map<String,org.everit.json.schema.Schema> schemasByPropertyName)

Constructs JSON provider using default insecure JSONTokener with validation against a given schema depending on the input JSON root property. Only for trusted environments or protected by JSON-threat-mitigating proxy (e.g. WAF as in Web Application Firewall).

Parameters:

schemasByPropertyName - mappings of JSON property names to schemas, defining which schema to apply according to which (root) property the input JSON object has; if schemasByPropertyName is empty, or schemasByPropertyName does not contain any schema for the input JSON (root) property, no schema validation shall occur. Any input JSON without any root property is considered invalid.

JsonRiJaxrsProvider

public JsonRiJaxrsProvider(org.everit.json.schema.Schema schema,
 int maxJsonStringSize,
 int maxNumOfImmediateChildren,
 int maxDepth)

Constructs JSON provider using hardened JSONTokener that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks. Downside: it is slower at parsing than for JsonRiJaxrsProvider().

Parameters:

schema - JSON schema, null iff no schema validation shall occur

maxJsonStringSize - allowed maximum size of JSON keys and string values. Negative or zero values not allowed.

maxNumOfImmediateChildren - allowed maximum number of keys (therefore key-value pairs) in JSON object, or items in JSON array. Negative or zero values not allowed.

maxDepth - allowed maximum depth of JSON object. Negative or zero values not allowed.

JsonRiJaxrsProvider

public JsonRiJaxrsProvider(Map<String,org.everit.json.schema.Schema> schemasByPropertyName,
 int maxJsonStringSize,
 int maxNumOfImmediateChildren,
 int maxDepth)

Constructs JSON provider using hardened JSONTokener that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks. Downside: it is slower at parsing than for JsonRiJaxrsProvider(). This provider also validates input JSON against a given schema depending on the input JSON root property.

Parameters:

schemasByPropertyName - mappings of JSON property names to schemas, defining which schema to apply according to which (root) property the input JSON object has; if schemasByPropertyName is empty, or schemasByPropertyName does not contain any schema for the input JSON (root) property, no schema validation shall occur. Any input JSON without any root property is considered invalid.

maxJsonStringSize - allowed maximum size of JSON keys and string values. Negative or zero values not allowed.

maxNumOfImmediateChildren - allowed maximum number of keys (therefore key-value pairs) in JSON object, or items in JSON array. Negative or zero values not allowed.

maxDepth - allowed maximum depth of JSON object. Negative or zero values not allowed.

Method Details

isWriteable

public boolean isWriteable(Class<?> type,
 Type genericType,
 Annotation[] annotations,
 jakarta.ws.rs.core.MediaType mediaType)

Specified by:

isWriteable in interface jakarta.ws.rs.ext.MessageBodyWriter<org.json.JSONObject>

getSize

public long getSize(org.json.JSONObject o,
 Class<?> type,
 Type genericType,
 Annotation[] annotations,
 jakarta.ws.rs.core.MediaType mediaType)

Specified by:

getSize in interface jakarta.ws.rs.ext.MessageBodyWriter<org.json.JSONObject>

writeTo

public void writeTo(org.json.JSONObject o,
 Class<?> type,
 Type genericType,
 Annotation[] annotations,
 jakarta.ws.rs.core.MediaType mediaType,
 jakarta.ws.rs.core.MultivaluedMap<String,Object> httpHeaders,
 OutputStream entityStream)
             throws IOException,
jakarta.ws.rs.WebApplicationException

Specified by:

writeTo in interface jakarta.ws.rs.ext.MessageBodyWriter<org.json.JSONObject>

Throws:

IOException

jakarta.ws.rs.WebApplicationException

isReadable

public boolean isReadable(Class<?> type,
 Type genericType,
 Annotation[] annotations,
 jakarta.ws.rs.core.MediaType mediaType)

Specified by:

isReadable in interface jakarta.ws.rs.ext.MessageBodyReader<org.json.JSONObject>

readFrom

public org.json.JSONObject readFrom(Class<org.json.JSONObject> type,
 Type genericType,
 Annotation[] annotations,
 jakarta.ws.rs.core.MediaType mediaType,
 jakarta.ws.rs.core.MultivaluedMap<String,String> httpHeaders,
 InputStream entityStream)
                             throws jakarta.ws.rs.WebApplicationException

Specified by:

readFrom in interface jakarta.ws.rs.ext.MessageBodyReader<org.json.JSONObject>

Throws:

jakarta.ws.rs.WebApplicationException