Skip to content

Jackson2ExecutionContextStringSerializer should trust result of Arrays.asList() by default. #3830

New issue
New issue
Closed
Closed
Jackson2ExecutionContextStringSerializer should trust result of Arrays.asList() by default.#3830
Labels
for: backport-to-4.2.xIssues that will be back-ported to the 4.2.x linetype: enhancement
Milestone
 
4.3.2
@634750802

Description

@634750802
634750802
opened on Jan 14, 2021

Please do a quick search on Github issues first, the feature you are about to request might have already been requested.

Expected Behavior
Jackson2ExecutionContextStringSerializer trust class java.util.Arrays$ArrayList.

Current Behavior

Caused by: java.lang.IllegalArgumentException: The class with java.util.Arrays$ArrayList and name of java.util.Arrays$ArrayList is not trusted. If you believe this class is safe to deserialize, you can add it to the base set of trusted classes at construction time or provide an explicit mapping using Jackson annotations or a custom ObjectMapper. If the serialization is only done by a trusted source, you can also enable default typing.

Exception caught when I use executionContext.put("name", Arrays.asList(...)).

Context

  • reason: Arrays.asList() returns a static inner class of Arrays but not java.util.ArrayList which is already trusted.
  • workarounds: executionContext.put("name", new ArrayList(Arrays.asList(...)))

Metadata

Metadata

Assignees

No one assigned

    Labels

    for: backport-to-4.2.xIssues that will be back-ported to the 4.2.x linetype: enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions