Implementation that uses Jackson2 to provide (de)serialization.
By default, this implementation trusts a limited set of classes to be
deserialized from the execution context. If a class is not trusted by default
and is safe to deserialize, you can provide an explicit mapping using Jackson
annotations, as shown in the following example:
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
public class MyTrustedType implements Serializable {
}
It is also possible to provide a custom
ObjectMapper
with a mixin for
the trusted type:
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.addMixIn(MyTrustedType.class, Object.class);
Jackson2ExecutionContextStringSerializer serializer = new Jackson2ExecutionContextStringSerializer();
serializer.setObjectMapper(objectMapper);
// register serializer in JobRepositoryFactoryBean
If the (de)serialization is only done by a trusted source, you can also enable
default typing:
PolymorphicTypeValidator polymorphicTypeValidator = .. // configure your trusted PolymorphicTypeValidator
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.activateDefaultTyping(polymorphicTypeValidator);
Jackson2ExecutionContextStringSerializer serializer = new Jackson2ExecutionContextStringSerializer();
serializer.setObjectMapper(objectMapper);
// register serializer in JobRepositoryFactoryBean