Skip to content

Ability to whitelist properties for deserialization #184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
stevebread opened this issue Mar 6, 2013 · 2 comments
Closed

Ability to whitelist properties for deserialization #184

stevebread opened this issue Mar 6, 2013 · 2 comments

Comments

@stevebread
Copy link

It is possible to whitelist properties for serialization using a FIlterProvider. Whitelisting is more secure than blacklisting and a similar approach should be available for deserialization.
@cowtowncoder
Copy link
Member

Makes sense. The main challenge with all changes to deserialization is that number of code paths is much higher for BeanDeserializer than BeanSerializer. But hopefully this can be implemented at some point.

christophercurrie pushed a commit to christophercurrie/jackson-databind that referenced this issue Jul 19, 2015
@cowtowncoder
Fixed FasterXML#184
fca10e3
@cowtowncoder
Copy link
Member

I think this might be covered by #1296, if and when that gets implemented. Mechanism would be different. However, since filters are not used for deserialization, I think I'll close this in favor of the annotation based variant, since adding support for filters for deserialization is not likely to be implemented in near term.

@ksiv ksiv mentioned this issue Jul 2, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cowtowncoder @stevebread