Implementation that uses Jackson2 to provide (de)serialization.
By default, this implementation trusts a limited set of classes to be
deserialized from the execution context. If a class is not trusted by default
and is safe to deserialize, you can add it to the base set of trusted classes
at
construction time
or provide
an explicit mapping using Jackson annotations, as shown in the following example:
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
public class MyTrustedType implements Serializable {
}
It is also possible to provide a custom
ObjectMapper
with a mixin for
the trusted type:
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.addMixIn(MyTrustedType.class, Object.class);
Jackson2ExecutionContextStringSerializer serializer = new Jackson2ExecutionContextStringSerializer();
serializer.setObjectMapper(objectMapper);
// register serializer in JobRepositoryFactoryBean
If the (de)serialization is only done by a trusted source, you can also enable
default typing:
PolymorphicTypeValidator polymorphicTypeValidator = .. // configure your trusted PolymorphicTypeValidator
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.activateDefaultTyping(polymorphicTypeValidator);
Jackson2ExecutionContextStringSerializer serializer = new Jackson2ExecutionContextStringSerializer();
serializer.setObjectMapper(objectMapper);
// register serializer in JobRepositoryFactoryBean