Provide an ObjectMapper configuration to automatically do `clearLocation()` for `JsonProcessingException`

[chenjianjx]

Is your feature request related to a problem? Please describe.

You can manually call JsonProcessingException.clearLocation() to clear location data, so that sensitive data in a invalid json won't be in error message when logged.

But there are still problems:

• I should try/catch JsonProcessingException and call clearLocation() everywhere I need parsing. This is troublesome.
• Some frameworks like Spring calls ObjectMapper deep inside its library and I can't do a try/catch there, e.g. RESTFul request JSON parsing.

So I hope this can be automatically done.

There is a AOP-based solution here . But I think it's too hacky.

Describe the solution you'd like

I hope there can be an ObjectMapper config like ObjectMapper objectMapper = new ObjectMapper().disable(MapperFeature.LOCATION_IN_PROCESSING_EXCEPTION); , so that JsonProcessionException (and its subclasses) 's location will always be null.

In Spring, I can make this objectMapper as a singleton bean and Spring's library will use it.

Usage example See above

Additional context N/A

[skagedal]

Found this looking for the same thing – this would be very useful indeed!

[cowtowncoder]

I think this is a good idea, in general. I don't have much time to work on it, but would be supportive if anyone wants to try to implement this.

One note: this might make most sense at streaming level, although might require separate StreamReadFeature / StreamWriteFeature. Problem with databind-level setting is that the actual handling almost certain must be done within jackson-core (streaming) and NOT at databind (otherwise ObjectMapper would need to try to catch and rethrow everything; unlikely to be something easy to implement or reliable).

note: will mark as "most-wanted" since I think something like this has been requested before.

[chenjianjx]

Thank you @cowtowncoder for the reply. Seems that we can add a new feature to StreamReadFeature class.

And to let it finally go to ObjectMapper(), should we use a JsonFactory like this?

        JsonFactory jsonFactory = JsonFactory.builder()
                .disable(StreamReadFeature.SOME_NEW_FEATURE)
                .build();

        ObjectMapper mapper = new ObjectMapper(jsonFactory);

[cowtowncoder]

@chenjianjx Yes, that would be one way to do it (there is a builder for JsonMapper as well). But it is also possible to change StreamReadFeatures for ObjectReader.