Polymorphic deserialization causes IllegalArgumentException in Jackson 2.8.1
See original GitHub issueThere seems to be an issue trying to deserialize an object after serialization. The error message is odd because it says that the parent is not a subtype of the child, which is correct because that is of course backwards to what the relationship actually is.
Here is a very simple test case that works fine with Jackson 2.7.5 but is broken with Jackson 2.8.1.
package jackson.test;
import org.junit.Test;
import com.fasterxml.jackson.databind.ObjectMapper;
public class BrokenJackson {
@Test
public void test() throws Exception {
ObjectMapper objectMapper = new ObjectMapper();
final JacksonChild childObject = new JacksonChild();
String value = objectMapper.writeValueAsString(childObject);
objectMapper.readValue(value, JacksonChild.class);
}
}
package jackson.test;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonInclude;
@JsonIgnoreProperties(ignoreUnknown = true)
@JsonInclude(JsonInclude.Include.NON_EMPTY)
public class JacksonChild extends JacksonParent {
}
package jackson.test;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonSubTypes;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
@JsonTypeInfo(use = JsonTypeInfo.Id.NAME,
include = JsonTypeInfo.As.PROPERTY, property = "type",
defaultImpl = JacksonParent.class)
@JsonSubTypes({ @JsonSubTypes.Type(value = JacksonChild.class, name = "child") })
@JsonIgnoreProperties(ignoreUnknown = true)
@JsonInclude(JsonInclude.Include.NON_EMPTY)
public class JacksonParent {
}
If you run the test case with these 3 classes, the resulting stacktrace is:
java.lang.IllegalArgumentException: Class jackson.test.JacksonParent not subtype of [simple type, class jackson.test.JacksonChild]
at com.fasterxml.jackson.databind.type.TypeFactory.constructSpecializedType(TypeFactory.java:359)
at com.fasterxml.jackson.databind.jsontype.impl.StdTypeResolverBuilder.buildTypeDeserializer(StdTypeResolverBuilder.java:118)
at com.fasterxml.jackson.databind.deser.BasicDeserializerFactory.findTypeDeserializer(BasicDeserializerFactory.java:1363)
at com.fasterxml.jackson.databind.DeserializationContext.findRootValueDeserializer(DeserializationContext.java:481)
at com.fasterxml.jackson.databind.ObjectMapper._findRootDeserializer(ObjectMapper.java:3890)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3785)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2833)
at jackson.test.BrokenJackson.test(BrokenJackson.java:16)
.....
Issue Analytics
- State:
- Created 7 years ago
- Reactions:3
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Polymorphic Deserialization Issue with Jackson - Stack Overflow
1 Answer 1 ... Jackson is not aware of polymorphism, it just tries to create an instance of the concrete DeviceInfo class. However,...
Read more >DeserializationFeature (jackson-databind 2.13.1 API)
Feature that determines whether JSON floating point numbers are to be deserialized into BigDecimal s if only generic type description (either Object or...
Read more >Security update for jackson-databind, jackson-dataformats ...
An update that fixes three vulnerabilities is now available. Description: This update for jackson-databind, jackson-dataformats-binary, ...
Read more >SUSE alert SUSE-SU-2022:1678-1 (jackson-databind ...
SUSE Security Update: Security update for jackson-databind, ... about DeserializationFeature + Bug in polymorphic deserialization with ...
Read more >Understanding insecure implementation of Jackson ...
Polymorphic type handling basically refers to the way Jackson handles data when complex class structures are used to serialize and deserialize ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
This is by design: as exception says,
JacksonParent
is not a subtype ofJacksonChild
. Problem being that although you ask forJacksonChild
, it is possible that due todefaultImpl
,JacksonParent
would be returned; and that is not assignment-compatible. Earlier versions did not verify this, although they would have resulted inClassCastException
if this happened. In this case, fix would be to use:if you know for sure that
defaultImpl
is never used.Now: it may be that ideally exception should be postponed and only thrown if problem occurs, not just because it might occur. I think there may already be an issue for this; but I’ll leave this open if not (if there is, I’ll close one as dup).
Closing, same as #1488 and there is I think an issue for improving handling for this particular case, to defer throwing exception.