Rob Spoor wrote:
Sergei Prosvirnin wrote:I found a solution in the form of using the old version of the package (funny, usually on the forums they advise to change to the new one).
That's Jackson 1.x which has been inactive for a long, long time. The latest release I could find on Maven Central is from 2013.
Jackson is (unfortunately) known for vulnerabilities that are found quite often (at least partly because of its extensive feature set), so you definitely don't want to use a version that's almost 8 years old. As long as you monitor for these vulnerabilities and update as soon as one is found, you should be pretty safe.
For monitoring I use Snyk.io (free account), but at work we use Jenkins with the OWASP dependency checker. There are probably other solutions as well.
Ron McLeod wrote:Also, I noticed from your POM tree that you were using version 2.6.3 for jackson-databind, and version 2.9.8 for jackson-annotations and jackson-core. The different versions may have not been compatible (databind has a dependency on both annotations and core).
This could very well be the cause of the issue. Certain library sets rely on using compatible versions. For instance, all Jackson libraries should have the same version; all POI libraries should have the same version; all Quarkus libraries should have the same version. If you have different versions, the results can be unpredictable. I've seen quite a number of NoSuchMethodError and similar errors because of version mismatches. Your case could well be that, although you don't get errors, something else goes wrong.
Ron McLeod wrote:I don't think there the problem is with your annotated DTO. I used it in a simple Quarkus (not Spring) based project, and the payload deserialized as expected.
Stephan van Hulst wrote:I think it just completely ignores your annotations and uses the default names derived from your getters and setters to populate the object. How do you know that the annotations works correctly in the rest of the project?
Ron McLeod wrote:Can you share an example of the JSON representation which is not being deserialized correctly?
Stephan van Hulst wrote:Why do you have annotations on both your fields and your getters/setters?
Rob Spoor wrote:Are you sure that Jackson is being used here? I've worked with WebLogic, and that used MOXy out-of-the-box. I think that JBoss tries to use JSON-P by default. Maybe your server uses one of these, or something else.
Tim Holloway wrote:Well, for my JPA webapps, I have 3 layers: one for the raw database Entities, one for CRUD/finder operations on those entities (and in some cases, parent/child aggregates), and the highest layer is for business database service logic: graphs of entity relationships organised into working sets so that they can be detached and re-attached. The two logic layers: serice and DAO , I have marked as transactional, with the transaction context being inherited. That is to say, DAO operations made on behalf of a service function operate in the transaction of the service function.
A long-running and possibly failing operation such as HTTP is something that I would try very hard to deal with before invoking the service layer. That is. in the Business layer or perhaps a special layer between Business and Database Services. I would try to avoid making in transactional. If it has to be transactional, then you are entered the realm of XA transactions and that's a whole different can of worms and required a lot more transaction support than the basic JPA transaction system provides.
Tim Holloway wrote:Here's a general rule on how to work with the forum:
Ideally, someone should be able to pull up this page in 5 years or so (and people often do exactly that!), print it out on paper and be able to make sense of all the questions and answers. Editing in-place and offsite links both interfere with that ability.
Which is why we discourage them. It may be less efficient to do it the way we suggest, but sometimes efficiency isn't the goal.
Tim Holloway wrote:I may be showing my blindness again, but I don't see dependencies for Springfox in your POM. But despite that, you seem to have a reference to it in your Maven repository cache. Is that the actual POM that you are using?
Mohammed Sardar. wrote:Could you confirm whether Controller & Service are placed in the same package where @SpringBootApplication class in placed ?
I faced this kind of issue once before.