raboof/pekko
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Packages Wiki Activity Actions 11

Jackson whitelist for deserialization of unbound class, #26910

Browse source
This commit is contained in:
Patrik Nordwall 2019-06-05 12:31:02 +02:00
parent 5d22e1e20d
commit c62f428d51
5 changed files with 60 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

14
akka-serialization-jackson/src/test/scala/akka/serialization/jackson/JacksonSerializerSpec.scala
View file

@ -82,6 +82,8 @@ object ScalaTestMessages {
// not defined in JsonSubTypes
final case class Cockroach(name: String) extends Animal
final case class OldCommandNotInBindings(name: String)
}
class ScalaTestEventMigration extends JacksonMigration {
@ -273,6 +275,17 @@ class JacksonJsonSerializerSpec extends JacksonSerializerSpec("jackson-json") {
json should ===(expected)
}
}
"allow deserialization of classes in configured whitelist-class-prefix" in {
val json = """{"name":"abc"}"""
val old = SimpleCommand("abc")
val serializer = serializerFor(old)
val expected = OldCommandNotInBindings("abc")
deserializeFromJsonString(json, serializer.identifier, serializer.manifest(expected)) should ===(expected)
}
}
}
@ -294,6 +307,7 @@ abstract class JacksonSerializerSpec(serializerName: String)
"akka.serialization.jackson.JavaTestMessages$$TestMessage" = $serializerName
}
}
akka.serialization.jackson.whitelist-class-prefix = ["akka.serialization.jackson.ScalaTestMessages$$OldCommand"]
""")))
with WordSpecLike
with Matchers