Reputation: 61
Springboot throwing giving Jackson exceptions
During testing , I have faced the issue.I have published a rest API with a controller class with a model input . While Calling the API , instead of a single string , an array [{"a":1,"b":2}] has been used. Which triggered the following error:
{
"timestamp": "2018-12-19T12:33:36.729+0000",
"status": 400,
"error": "Bad Request",
"message": "JSON parse error: Cannot deserialize instance of `java.lang.String` out of START_ARRAY token; nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize instance of `java.lang.String` out of START_ARRAY token\n at [Source: (PushbackInputStream); line: 3, column: 14] (through reference chain: com.xy.df.model.inputReq[\"req\"])",
"path": "x/y/z"
}
We did not imported JACKSON dependency in application , explicitly in POM. I have noticed in the parent pom jackson version used is :2.9.5
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.5</version>
</dependency>
1.Is it vulnerable for RCE? How to resolve this in Spring-boot ? 2. How I can supress/override the exception message so that client never gets to know what libraries used underneath ?
Upvotes: 0
Views: 2540
Answers (2)
Reputation: 61
I have resolved issue . Before going ahead , one needs to understand couple of very useful annotations-
@ExceptionHandler - This handler helps you define an error class for which you want to catch the exception
@controller advice - It caters a cross cutting approach . Any class mentioned as controller advice , it is available for all the controller under your microservice.
@ControllerAdvice
public class ExceptionController {
@Autowired
SomeGenericResponse someGenericResponse ; /* data model of common response */
@ExceptionHandler(value = <My case Jackson Class>.class)
public ResponseEntity<SomeGenericResponse> CustomException(HttpServletRequest req, HttpServletResponse res,Exception ex) {
someGenericResponse.setMessage("Your Message");
someGenericResponse.setStatus("false");
return new ResponseEntity<SomeGenericResponse> someGenericResponse ,HttpStatus.BAD_REQUEST);
}
}
Upvotes: 0
Reputation: 874
JsonMappingException: out of START_ARRAY token exception is thrown by Jackson object mapper as it's expecting an Object {} whereas it found an Array [{}] in response.
This can be solved by replacing Object with Object[] in the argument for geForObject("url",Object[].class).
References:
Upvotes: 3
Related Questions
- How to fix jackson java 8 data/time error?
- Unable to start application after upgrading jackson-databind version
- InvalidDefinitionException with jackson-datatype-jsr310 version 2.12.3
- Jackson Inheritance
- com.fasterxml.jackson.databind.exc.MismatchedInputException:
- Jackson version with Maven in SpringBoot 2.3
- Jackson InvalidDefinitionException: Cannot construct instance because no default no-arguments constructor found
- UnrecognizedPropertyException from Jackson library
- jackson-databind issue with spring-core
- Spring mvc bean creation error because of Jackson databind