SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6 - OCEJPAD 6
How To Ask Questions How To Answer Questions
Rob Spoor wrote:Are you sure that Jackson is being used here? I've worked with WebLogic, and that used MOXy out-of-the-box. I think that JBoss tries to use JSON-P by default. Maybe your server uses one of these, or something else.
Stephan van Hulst wrote:Why do you have annotations on both your fields and your getters/setters?
Ron McLeod wrote:Can you share an example of the JSON representation which is not being deserialized correctly?
Stephan van Hulst wrote:I think it just completely ignores your annotations and uses the default names derived from your getters and setters to populate the object. How do you know that the annotations works correctly in the rest of the project?
Sergei Prosvirnin wrote:For example such announcements work as expected.
Ron McLeod wrote:I don't think there the problem is with your annotated DTO. I used it in a simple Quarkus (not Spring) based project, and the payload deserialized as expected.
Sergei Prosvirnin wrote:I found a solution in the form of using the old version of the package (funny, usually on the forums they advise to change to the new one).
Ron McLeod wrote:Also, I noticed from your POM tree that you were using version 2.6.3 for jackson-databind, and version 2.9.8 for jackson-annotations and jackson-core. The different versions may have not been compatible (databind has a dependency on both annotations and core).
SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6 - OCEJPAD 6
How To Ask Questions How To Answer Questions
Rob Spoor wrote:
Sergei Prosvirnin wrote:I found a solution in the form of using the old version of the package (funny, usually on the forums they advise to change to the new one).
That's Jackson 1.x which has been inactive for a long, long time. The latest release I could find on Maven Central is from 2013.
Jackson is (unfortunately) known for vulnerabilities that are found quite often (at least partly because of its extensive feature set), so you definitely don't want to use a version that's almost 8 years old. As long as you monitor for these vulnerabilities and update as soon as one is found, you should be pretty safe.
For monitoring I use Snyk.io (free account), but at work we use Jenkins with the OWASP dependency checker. There are probably other solutions as well.
Ron McLeod wrote:Also, I noticed from your POM tree that you were using version 2.6.3 for jackson-databind, and version 2.9.8 for jackson-annotations and jackson-core. The different versions may have not been compatible (databind has a dependency on both annotations and core).
This could very well be the cause of the issue. Certain library sets rely on using compatible versions. For instance, all Jackson libraries should have the same version; all POI libraries should have the same version; all Quarkus libraries should have the same version. If you have different versions, the results can be unpredictable. I've seen quite a number of NoSuchMethodError and similar errors because of version mismatches. Your case could well be that, although you don't get errors, something else goes wrong.
SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6 - OCEJPAD 6
How To Ask Questions How To Answer Questions
Consider Paul's rocket mass heater. |