JBoss 6.4.20补丁中允许使用什么版本的Jackson? [英] What versions of Jackson are allowed in JBoss 6.4.20 patch?

问题描述

我正在尝试在 6.4.20 JBoss补丁.我使用的是org.codehause.jackson，据我所知，JBoss 6.4.x并未为较新的com.fasterxml.jackson提供隐式依赖关系.

I am trying to update my version of Jackson being used after the 6.4.20 JBoss patch. I'm using org.codehause.jackson, and JBoss 6.4.x does not provide implicit dependencies for the newer com.fasterxml.jackson as far as I'm aware.

假设jackson-mapper-asl-1.9.9.redhat-6是用于 6.4.20公告，我看到提到了codehaus-jackson-mapper-asl-1.9.9-12.redhat_6.这是否意味着这是推荐的版本?我可以看到它已于05/14/18发布，而公告已于05/15/18发布.

Is it appropriate to assume that jackson-mapper-asl-1.9.9.redhat-6 is the valid package to use for this patch? When scrolling to the noarch section of the 6.4.20 announcement, I see codehaus-jackson-mapper-asl-1.9.9-12.redhat_6 mentioned. Does that mean this is the version recommended? I can see that it was released 05/14/18 and the announcement was made 05/15/18.

由于codehause-jackson-mapper-asl与fasterxml-jackson-databind相关联，因此我目前遇到以下错误，使我相信自己使用的版本不正确.

Currently I am experiencing the following error as codehause-jackson-mapper-asl is associated with fasterxml-jackson-databind, leading me to believe I'm using the incorrect version.

16:01:22,620错误[org.jboss.resteasy.resteasy_jaxrs.i18n](http-127.0.0.1:8080-1)RESTEASY000100:执行POST失败/查找:org.jboss.resteasy.spi.ReaderException:

16:01:22,620 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (http-127.0.0.1:8080-1) RESTEASY000100: Failed executing POST /find: org.jboss.resteasy.spi.ReaderException:

org.codehaus.jackson.map.JsonMappingException:要反序列化的非法类型[...]:出于安全原因而被阻止

org.codehaus.jackson.map.JsonMappingException: Illegal type [...] to deserialize: prevented for security reasons

[...]

原因:org.codehaus.jackson.map.JsonMappingException:要反序列化的非法类型:出于安全原因，在org.codehaus.jackson.map.deser.BeanDeserializerFactory.checkLegalTypes(BeanDeserializerFactory.java:1521 )[jackson-mapper-asl-1.9.9.redhat-6.jar:1.9.9.redhat-6] `

Caused by: org.codehaus.jackson.map.JsonMappingException: Illegal type [...] to deserialize: prevented for security reasons at org.codehaus.jackson.map.deser.BeanDeserializerFactory.checkLegalTypes(BeanDeserializerFactory.java:1521) [jackson-mapper-asl-1.9.9.redhat-6.jar:1.9.9.redhat-6] `

推荐答案

我最近从JBoss EAP 6.3.0升级到6.4.20，但有相同的例外.

I recently upgraded from JBoss EAP 6.3.0 to 6.4.20 and had the same exception.

在出现异常的堆栈跟踪之后，我发现有必要使用要反序列化的类的完整类名来设置系统属性jackson.deserialization.whitelist.packages.

Following the stackstrace of the exception I discovered that it becomes necessary to set the system property jackson.deserialization.whitelist.packages with the full class name of the classes you want to deserialize.

如果需要，可以仅放置包装的后缀.对于多个值，请用逗号分隔.您可以在第38至45行的jackson-mapper-asl-1.9.9.redhat-6.jar类org.codehaus.jackson.map.deser.BeanDeserializerFactory中看到这一点.

If you want you can put only the suffix of the package. For multiple values, separate by comma. You can see this in the jackson-mapper-asl-1.9.9.redhat-6.jar class org.codehaus.jackson.map.deser.BeanDeserializerFactory of line 38 to 45.

对于JBoss环境，您可以在standalone*.xml或domain.xml中定义系统属性，如下所示:

For JBoss environments you can define the system property in your standalone*.xml or domain.xml, as follows:

<system-properties>
    <property name="jackson.deserialization.whitelist.packages" value="br.com.myapp" />
</system-properties>

这篇关于JBoss 6.4.20补丁中允许使用什么版本的Jackson?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！