Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jsonb-dev] [External] : Refine polymorphic API
  • From: David Kral <david.k.kral@xxxxxxxxxx>
  • Date: Thu, 9 Dec 2021 11:38:12 +0000
  • Accept-language: cs-CZ, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=h6gjTqFstHdNavpukNX4L7xtAv3UjJ0Go1ON8mVE4ZU=; b=LVkC3IE1f0H7fT2rSftuXn+E/+ElcdggTwRSb8xi1dmYqU5Fum0tS1I8l6PueigTDVapsaHewxZ5XFVkC6NPUxEZ/rocTBFHC7ZcLZfwn66slpMsiYahymb9UVEi7jBux5n+vXubreO4hwvmrp2+QdUqQiB/QqyXRFZ+5POk7IUwFvOItp+YQtQCwobKMNJv1Gy79/DGvUteCshL5LE6fM0pctqHpTmR5KgSGsAXy0oEEL5m7s02sFQNhT2GxDrCFGuP8o1uR9w17cCj9gFkP6RSMKaGswi+ZYKcFYiS8QACKsMnJsS9coDefgLO8PQMkxlesHjuVw0QXj7VoBVGAQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Swt4P54YbiIa9Z23o6gWn4LX4Y5YKMcCvqYL4ytigNhN+8y3m7vd7Sxaa1g6UE52oyRvk7NYNOqF+IOjkwHRGcwt/bOqQVbyga/i6NYGQgGCa2Xli+w1sNhSHX7vy9P7GnuwwAXIyS+KRmbuJFzvSjt23lLGfo5k/8Fcyoj3v+kK+5LGKhpmEblWbcSxBpMSv9VDlZo9ge1pbaBgsS+VtkxE5GiQuLntJFrkewRI2nwdstWIbhYRwo18MKZnOwjzrbO04cNqqEetmqtaznCAqKWG9esSW9h15l0p4sRroF02Im/SunxnVcBKU6Qx5IBVkh9ZYjosMKDCCeBPL+2DjQ==
  • Delivered-to: jsonb-dev@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/jsonb-dev/>
  • List-help: <mailto:jsonb-dev-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/jsonb-dev>, <mailto:jsonb-dev-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/jsonb-dev>, <mailto:jsonb-dev-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AQHX7Ok6xPYXnMjM+k2vqU19VSp8LKwp/BXQ
  • Thread-topic: [External] : [jsonb-dev] Refine polymorphic API

Hi Romain,

 

  1. 301
    Yes, that is an issue, but I do not see the problem there if it is disabled by default and if allowed packages are required by the spec to be set. That’s exactly what the spec requires. In that case it is reasonably secure since it must be allowed by the user explicitly. Impl should not load the class until it verifies that the class is in the allowed package.
  2. 302
    I will be honest here; I am not sure what API duplication are you talking about. I do not see anything wrong about adding this functionality. From my point of view, there is nothing wrong with having the format done over the enum.

 

David

 

Od: jsonb-dev <jsonb-dev-bounces@xxxxxxxxxxx> za uživatele Romain Manni-Bucau
Odesláno: čtvrtek 9. prosince 2021 11:40
Komu: jsonb developer discussions <jsonb-dev@xxxxxxxxxxx>
Předmět: [External] : [jsonb-dev] Refine polymorphic API

 

Hi all,

 

opened 2 issues we should tackle before next release on polymorphic topic:

 

 

Long story short we should ensure we are not dynamic at all on the types (301). This kind of behavior was introduced in existing (de)serialization libraries to mitigate the 0-day issue but it is not a solution so let's stick to a clean design for our first release please.

 

The other issue (302) is mainly about not wanting to do too much at first release and opening the door to a design we'll regret in release N+1 since we will get back to another duplication of API.

 

Overall our API should stick to:

 

@JsonbAnnotation

@Retention(RetentionPolicy.RUNTIME)

@Target({ElementType.ANNOTATION_TYPE, ElementType.TYPE})

public @interface JsonbPolymorphicType {

 

    /**

     * Key used for keeping polymorphic information when {@link Format#PROPERTY} is chosen.

     * Default value is {@code @type}.

     *

     * @return key name

     */

    String key() default "";

    /**

     * Allowed aliases of the given polymorphic type.

     *

     * @return list of allowed aliases

     */

    JsonbSubtype[] value() default {};

 

}

 

Overall it is way more important to ensure we can use (de)serializer in a portable manner to handle these requirements than addind and adding similar API which never cover all the users requirements so let's stay robust and simple and work on real underlying issues (keep in mind we worked on that before (de)serializers behavior was not defined enough originally so it is not only syntaxic sugar because we didn't do our homework ;)).


Romain Manni-Bucau
@rmannibucau |  Blog | Old BlogGithub | LinkedIn | Book

Back to the top