Let's look at deserializing an integer field, for example.
The code path in afterburner ends up here:
|
int v = p.hasToken(JsonToken.VALUE_NUMBER_INT) ? p.getIntValue() : _deserializeInt(p, ctxt); |
If the value being deserialized is not a VALUE_NUMBER_INT, then the code delegates to _deserializeInt which will always attempt to coerce a VALUE_STRING to an integer:
|
if (t == JsonToken.VALUE_STRING) { // let's do implicit re-parse |
|
String text = p.getText().trim(); |
|
if (_hasTextualNull(text)) { |
|
return 0; |
|
} |
|
try { |
|
int len = text.length(); |
|
if (len > 9) { |
|
long l = Long.parseLong(text); |
|
if (l < Integer.MIN_VALUE || l > Integer.MAX_VALUE) { |
|
throw ctxt.weirdStringException(text, Integer.TYPE, |
|
"Overflow: numeric value ("+text+") out of range of int ("+Integer.MIN_VALUE+" - "+Integer.MAX_VALUE+")"); |
|
} |
|
return (int) l; |
|
} |
|
if (len == 0) { |
|
return 0; |
|
} |
|
return NumberInput.parseInt(text); |
|
} catch (IllegalArgumentException iae) { |
|
throw ctxt.weirdStringException(text, Integer.TYPE, "not a valid int value"); |
|
} |
|
} |
This code path should only be enabled if MapperFeature.ALLOW_COERCION_OF_SCALARS is enabled.
Similarly, this check should be performed when attempting to deserialize other scalar types like boolean and long.
