@Provider
public final class JsonRiCxfJaxrsProvider<T>
extends org.apache.cxf.jaxrs.provider.AbstractConfigurableProvider
implements javax.ws.rs.ext.MessageBodyReader<org.json.JSONObject>, javax.ws.rs.ext.MessageBodyWriter<T>
JSONObject input/output with configurable Consume/Produce media types and optional buffering
TODO: this is copy-paste from org.ow2.authzforce.core.pdp.xacml.json.jaxrs.JsonRiJaxrsProvider class (authzforce-ce-jaxrs-pdp-xacml-json project), except this one handles JaxbErrorMessage,
and extends CXF-specific AbstractConfigurableProvider to allow configuration of Consume/Produce media types and use of this info at runtime. See how we can reuse in one way or the other.
| Constructor and Description |
|---|
JsonRiCxfJaxrsProvider()
Constructs JSON provider using default insecure
JSONTokener. |
JsonRiCxfJaxrsProvider(int maxJsonStringSize,
int maxNumOfImmediateChildren,
int maxDepth)
Constructs JSON provider using hardened
JSONTokener that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks. |
| Modifier and Type | Method and Description |
|---|---|
long |
getSize(T o,
Class<?> type,
Type genericType,
Annotation[] annotations,
javax.ws.rs.core.MediaType mediaType) |
boolean |
isReadable(Class<?> type,
Type genericType,
Annotation[] annotations,
javax.ws.rs.core.MediaType mediaType) |
boolean |
isWriteable(Class<?> type,
Type genericType,
Annotation[] annotations,
javax.ws.rs.core.MediaType mediaType) |
org.json.JSONObject |
readFrom(Class<org.json.JSONObject> type,
Type genericType,
Annotation[] annotations,
javax.ws.rs.core.MediaType mediaType,
javax.ws.rs.core.MultivaluedMap<String,String> httpHeaders,
InputStream entityStream) |
void |
writeTo(T o,
Class<?> type,
Type genericType,
Annotation[] annotations,
javax.ws.rs.core.MediaType mediaType,
javax.ws.rs.core.MultivaluedMap<String,Object> httpHeaders,
OutputStream entityStream) |
getBus, getConsumeMediaTypes, getEnableBuffering, getEnableStreaming, getProduceMediaTypes, init, isPayloadEmpty, isPayloadEmpty, reportEmptyContentLength, setBus, setConsumeMediaTypes, setEnableBuffering, setEnableStreaming, setProduceMediaTypespublic JsonRiCxfJaxrsProvider()
JSONTokener. Only for trusted environments or protected by JSON-threat-mitigating proxy (e.g. WAF as in Web Application Firewall)@ConstructorProperties(value={"maxJsonStringSize","maxNumOfImmediateChildren","maxDepth"}) public JsonRiCxfJaxrsProvider(int maxJsonStringSize, int maxNumOfImmediateChildren, int maxDepth)
JSONTokener that checks limits on JSON structures, such as arrays and strings, in order to mitigate content-level attacks. Downside: it is slower
at parsing than for JsonRiCxfJaxrsProvider().maxJsonStringSize - allowed maximum size of JSON keys and string values. If negative or zero, limits are ignored and this is equivalent to JsonRiCxfJaxrsProvider().maxNumOfImmediateChildren - allowed maximum number of keys (therefore key-value pairs) in JSON object, or items in JSON array. If negative or zero, limits are ignored and this is equivalent to
JsonRiCxfJaxrsProvider().maxDepth - allowed maximum depth of JSON object. If negative or zero, limits are ignored and this is equivalent to JsonRiCxfJaxrsProvider().public boolean isWriteable(Class<?> type, Type genericType, Annotation[] annotations, javax.ws.rs.core.MediaType mediaType)
isWriteable in interface javax.ws.rs.ext.MessageBodyWriter<T>public long getSize(T o, Class<?> type, Type genericType, Annotation[] annotations, javax.ws.rs.core.MediaType mediaType)
getSize in interface javax.ws.rs.ext.MessageBodyWriter<T>public void writeTo(T o, Class<?> type, Type genericType, Annotation[] annotations, javax.ws.rs.core.MediaType mediaType, javax.ws.rs.core.MultivaluedMap<String,Object> httpHeaders, OutputStream entityStream) throws IOException, javax.ws.rs.WebApplicationException
writeTo in interface javax.ws.rs.ext.MessageBodyWriter<T>IOExceptionjavax.ws.rs.WebApplicationExceptionpublic boolean isReadable(Class<?> type, Type genericType, Annotation[] annotations, javax.ws.rs.core.MediaType mediaType)
isReadable in interface javax.ws.rs.ext.MessageBodyReader<org.json.JSONObject>public org.json.JSONObject readFrom(Class<org.json.JSONObject> type, Type genericType, Annotation[] annotations, javax.ws.rs.core.MediaType mediaType, javax.ws.rs.core.MultivaluedMap<String,String> httpHeaders, InputStream entityStream) throws IOException, javax.ws.rs.WebApplicationException
readFrom in interface javax.ws.rs.ext.MessageBodyReader<org.json.JSONObject>IOExceptionjavax.ws.rs.WebApplicationExceptionCopyright © 2012–2020. All rights reserved.