Module tools.jackson.databind
Package tools.jackson.databind.jsontype

Class BasicPolymorphicTypeValidator.Builder

java.lang.Object
tools.jackson.databind.jsontype.BasicPolymorphicTypeValidator.Builder
Enclosing class:
BasicPolymorphicTypeValidator
public static class BasicPolymorphicTypeValidator.Builder extends Object
Builder class for configuring and constructing immutable BasicPolymorphicTypeValidator instances. Criteria for allowing polymorphic subtypes is specified by adding rules in priority order, starting with the rules to evaluate first: when a matching rule is found, its status (PolymorphicTypeValidator.Validity.ALLOWED or PolymorphicTypeValidator.Validity.DENIED) is used and no further rules are checked.

  • Field Details

  • Constructor Details

    • Builder

      protected Builder()

  • Method Details

    • allowIfBaseType

      public BasicPolymorphicTypeValidator.Builder allowIfBaseType(Class<?> baseOfBase)
      Method for appending matcher that will allow all subtypes in cases where nominal base type is specified class, or one of its subtypes. For example, call to 
          builder.allowIfBaseType(MyBaseType.class)
      would indicate that any polymorphic properties where declared base type is MyBaseType (or subclass thereof) would allow all legal (assignment-compatible) subtypes.

    • allowIfBaseType

      public BasicPolymorphicTypeValidator.Builder allowIfBaseType(Pattern patternForBase)
      Method for appending matcher that will allow all subtypes in cases where nominal base type's class name matches given Pattern For example, call to 
          builder.allowIfBaseType(Pattern.compile("com\\.mycompany\\..*")
      would indicate that any polymorphic properties where declared base type is in package com.mycompany would allow all legal (assignment-compatible) subtypes.

      NOTE! Pattern match is applied using if (patternForBase.matcher(typeId).matches()) { } that is, it must match the whole class name, not just part.

    • allowIfBaseType

      public BasicPolymorphicTypeValidator.Builder allowIfBaseType(String prefixForBase)
      Method for appending matcher that will allow all subtypes in cases where nominal base type's class name starts with specific prefix. For example, call to 
          builder.allowIfBaseType("com.mycompany.")
      would indicate that any polymorphic properties where declared base type is in package com.mycompany would allow all legal (assignment-compatible) subtypes.

    • allowIfBaseType

      public BasicPolymorphicTypeValidator.Builder allowIfBaseType(BasicPolymorphicTypeValidator.TypeMatcher matcher)
      Method for appending custom matcher called with base type: if matcher returns true, all possible subtypes will be accepted; if false, other matchers are applied.
      Parameters:
      matcher - Custom matcher to apply to base type
      Returns:
      This Builder to allow call chaining

    • denyForExactBaseType

      public BasicPolymorphicTypeValidator.Builder denyForExactBaseType(Class<?> baseTypeToDeny)
      Method for appending matcher that will mark any polymorphic properties with exact specific class to be invalid. For example, call to 
          builder.denyforExactBaseType(Object.class)
      would indicate that any polymorphic properties where declared base type is java.lang.Object would be deemed invalid, and attempt to deserialize values of such types should result in an exception.

    • allowIfSubType

      public BasicPolymorphicTypeValidator.Builder allowIfSubType(Class<?> subTypeBase)
      Method for appending matcher that will allow specific subtype (regardless of declared base type) if it is subTypeBase or its subtype. For example, call to 
          builder.allowIfSubType(MyImplType.class)
      would indicate that any polymorphic values with type of is MyImplType (or subclass thereof) would be allowed.

    • allowIfSubType

      public BasicPolymorphicTypeValidator.Builder allowIfSubType(Pattern patternForSubType)
      Method for appending matcher that will allow specific subtype (regardless of declared base type) in cases where subclass name matches given Pattern. For example, call to 
          builder.allowIfSubType(Pattern.compile("com\\.mycompany\\.")
      would indicate that any polymorphic values in package com.mycompany would be allowed.

      NOTE! Pattern match is applied using if (patternForSubType.matcher(typeId).matches()) { } that is, it must match the whole class name, not just part.

    • allowIfSubType

      public BasicPolymorphicTypeValidator.Builder allowIfSubType(String prefixForSubType)
      Method for appending matcher that will allow specific subtype (regardless of declared base type) in cases where subclass name starts with specified prefix For example, call to 
          builder.allowIfSubType("com.mycompany.")
      would indicate that any polymorphic values in package com.mycompany would be allowed.

    • allowIfSubType

      public BasicPolymorphicTypeValidator.Builder allowIfSubType(BasicPolymorphicTypeValidator.TypeMatcher matcher)
      Method for appending custom matcher called with resolved subtype: if matcher returns true, type will be accepted; if false, other matchers are applied.
      Parameters:
      matcher - Custom matcher to apply to resolved subtype
      Returns:
      This Builder to allow call chaining

    • allowIfSubTypeIsArray

      public BasicPolymorphicTypeValidator.Builder allowIfSubTypeIsArray()
      Method for appending matcher that will allow all subtypes that are Java arrays (regardless of element type). Note that this does NOT validate element type itself as long as Polymorphic Type handling is enabled for element type: this is the case with all standard "Default Typing" inclusion criteria as well as for annotation (@JsonTypeInfo) use case (since annotation only applies to element types, not container).

      NOTE: not used with other Java collection types (Lists, Collections), mostly since use of generic types as polymorphic values is not (well) supported.

    • allowSubTypesWithExplicitDeserializer

      public BasicPolymorphicTypeValidator.Builder allowSubTypesWithExplicitDeserializer()
      Method for appending matcher that will allow all subtypes for which a ValueDeserializer) is explicitly provided by either jackson-databind itself or one of registered JacksonModules. Determination is implementation by calling DeserializerFactory.hasExplicitDeserializerFor(tools.jackson.databind.DatabindContext, java.lang.Class<?>).

      In practice this matcher should remove the need to register any standard Jackson-supported JDK types, as well as most if not all 3rd party types; leaving only POJOs and those 3rd party types that are not supported by relevant modules. In turn this should not open security holes to "gadget" types since insecure types should not be supported by datatype modules. For highest security cases (where input is untrusted) it is still preferable to add more specific allow-rules, if possible.

      NOTE: Modules need to provide support for detection so if 3rd party types do not seem to be supported, Module in question may need to be updated to indicate existence of explicit deserializers.

    • build

      public BasicPolymorphicTypeValidator build()

    • _appendBaseMatcher

      protected BasicPolymorphicTypeValidator.Builder _appendBaseMatcher(BasicPolymorphicTypeValidator.TypeMatcher matcher)

    • _appendSubNameMatcher

      protected BasicPolymorphicTypeValidator.Builder _appendSubNameMatcher(BasicPolymorphicTypeValidator.NameMatcher matcher)

    • _appendSubClassMatcher

      protected BasicPolymorphicTypeValidator.Builder _appendSubClassMatcher(BasicPolymorphicTypeValidator.TypeMatcher matcher)