Win a copy of liveProject: Protecting User Data with Spring Security and OAuth2 this week in the Spring forum!

Sergei Prosvirnin

+ Follow
since Nov 12, 2020
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Sergei Prosvirnin

Rob Spoor wrote:

Sergei Prosvirnin wrote:I found a solution in the form of using the old version of the package (funny, usually on the forums they advise to change to the new one).

That's Jackson 1.x which has been inactive for a long, long time. The latest release I could find on Maven Central is from 2013.

Jackson is (unfortunately) known for vulnerabilities that are found quite often (at least partly because of its extensive feature set), so you definitely don't want to use a version that's almost 8 years old. As long as you monitor for these vulnerabilities and update as soon as one is found, you should be pretty safe.

For monitoring I use (free account), but at work we use Jenkins with the OWASP dependency checker. There are probably other solutions as well.

Ron McLeod wrote:Also, I noticed from your POM tree that you were using version 2.6.3 for jackson-databind, and version 2.9.8 for jackson-annotations and jackson-core.  The different versions may have not been compatible (databind has a dependency on both annotations and core).

This could very well be the cause of the issue. Certain library sets rely on using compatible versions. For instance, all Jackson libraries should have the same version; all POI libraries should have the same version; all Quarkus libraries should have the same version. If you have different versions, the results can be unpredictable. I've seen quite a number of NoSuchMethodError and similar errors because of version mismatches. Your case could well be that, although you don't get errors, something else goes wrong.

This is a rather large and old project, and in this case it is now impossible to upgrade to a new version, even due to the broken code of colleagues. Thanks for the help!
2 days ago

Ron McLeod wrote:I don't think there the problem is with your annotated DTO. I used it in a simple Quarkus (not Spring) based project, and the payload deserialized as expected.

Thank you for this test, I am flattered by your involvement. I found a solution in the form of using the old version of the package (funny, usually on the forums they advise to change to the new one).

6 days ago

Stephan van Hulst wrote:I think it just completely ignores your annotations and uses the default names derived from your getters and setters to populate the object. How do you know that the annotations works correctly in the rest of the project?

For example such announcements work as expected.

6 days ago

Ron McLeod wrote:Can you share an example of the JSON representation which is not being deserialized correctly?

Unsuccess - HTTP Status 400

6 days ago

Stephan van Hulst wrote:Why do you have annotations on both your fields and your getters/setters?

This is autogeneration of pugin jsonschema2pojo -

Rob Spoor wrote:Are you sure that Jackson is being used here? I've worked with WebLogic, and that used MOXy out-of-the-box. I think that JBoss tries to use JSON-P by default. Maybe your server uses one of these, or something else.

Yes, the rest of Jackson's annotations work great in this project, I use Tomcat.
My task is to get a callback from an ASP.NET application which uses PascalCase, not fooBar -> FooBar unlike Java. I am using the model below where @JsonProperty is logically used, but unfortunately I don't see the effect, I can only see the result of serialization if I send camelCase. Why this annotation doesn't work?

  • JDK 1.8
  • Output for $ mvn dependency:tree -Dverbose -$%2520mvn%2520dependency:tree%2520-Dverbose

  • Hello, I hope I get my answer here regarding the Quartz API! In the Spring settings file, there is a line in cron format (e.g. 0 */1 * * * * ?) which defines how often to run a method in an inherited class. How do I get this string from the settings file in the executeInternal(JobExecutionContext jobExecutionContext) method not as a cron format, but the actual number of seconds, i.e. for the example above "60". I assume there is a ready method for such tasks in Quartz API.
    1 month ago

    Tim Holloway wrote:Well, for my JPA webapps, I have 3 layers: one for the raw database Entities, one for CRUD/finder operations on those entities (and in some cases, parent/child aggregates), and the highest layer is for business database service logic: graphs of entity relationships organised into working sets so that they can be detached and re-attached. The two logic layers: serice and DAO , I have marked as transactional, with the transaction context being inherited. That is to say, DAO operations made on behalf of a service function operate in the transaction of the service function.

    A long-running and possibly failing operation such as HTTP is something that I would try very hard to deal with before invoking the service layer. That is. in the Business layer or perhaps a special layer between Business and Database Services. I would try to avoid making in transactional. If it has to be transactional, then you are entered the realm of XA transactions and that's a whole different can of worms and required a lot more transaction support than the basic JPA transaction system provides.

    Thanks for the advice!
    I am having some problems with Spring @Transactional and hope to find a solution here. I have a method in the service labeled as @Transactional which works by calling a method to request data via HTTP protocol (I'm using Apache HttpClient now), parsing the response and writing the result to the database. Since it all works in one method I'm afraid that this may cause transaction cancellation, because my project has a transaction time limit and request from external API may be really long.

    Here I would like an answer on how to most correctly separate HTTP request+response parsing and database operations in such a case. As an option it is possible to have two methods one for transaction and the other for the rest of the logic, but I already have an assumption that there is a generally accepted design pattern for such tasks.

    Tim Holloway wrote:Here's a general rule on how to work with the forum:

    Ideally, someone should be able to pull up this page in 5 years or so (and people often do exactly that!), print it out on paper and be able to make sense of all the questions and answers. Editing in-place and offsite links both interfere with that ability.

    Which is why we discourage them. It may be less efficient to do it the way we suggest, but sometimes efficiency isn't the goal.

    Sorry about this mess.

    I found a solution, instead of using these dependencies,

    use this one.

    In my case, Swagger is accessible via a URL - http://localhost:8080/api/swagger-ui/index.html
    3 months ago

    Tim Holloway wrote:I may be showing my blindness again, but I don't see dependencies for Springfox in your POM. But despite that, you seem to have a reference to it in your Maven repository cache. Is that the actual POM that you are using?

    Sorry, I went crazy and took the file from the wrong branch. I updated the file.
    3 months ago
    This is the first time I can't get any version of swagger-fox up and running. Spring Boot 2.4.2 + JDK 8. I have previously added swagger-fox to my projects using the instruction below, but none fit.

    Link on tuturial -

    Run failed -


    3 months ago

    Mohammed Sardar. wrote:Could you confirm whether Controller & Service are placed in the same package where @SpringBootApplication class in placed ?

    I faced this kind of issue once before.

    Yes, but the classes are divided into separate sub-packages. I hope very much that I have a problem similar to you.