A JSON Merge Patch (RFC 7396) is typically a JSON object, and Jackson (at least versions 2.13 and 2.14.0-RC2) deserializes JSON objects to javax.json.JsonMergePatch as expected.
However, when deserializing input that is not a JSON object, Jackson throws an exception, with the exact exception depending on whether the input is a JSON array or scalar.
RFC 7396 does not limit the JSON Merge Patch format to JSON Objects and in fact handles the case where the merge patch is not an object explicitly in the pseudocode function presented in Section 2 of the RFC. More importantly, Jackson's current behavior is somewhat awkward for instance when using JsonMergePatch directly in a Spring controller like so:
When called with a body that is a JSON array, this throws an NPE, with a typical Spring exception handler would convert into a response with HTTP status code 500.
IMO, the preferred fix would be to call JsonValueDeserializer#deserialize instead of _deserializeObject from JsonMergePatchDeserializer (see PR #26), which would return a JsonValue. Alternatively, _deserializeObject could check whether the current token is START_OBJECT and return an empty JsonObject.
A JSON Merge Patch (RFC 7396) is typically a JSON object, and Jackson (at least versions 2.13 and 2.14.0-RC2) deserializes JSON objects to
javax.json.JsonMergePatchas expected.However, when deserializing input that is not a JSON object, Jackson throws an exception, with the exact exception depending on whether the input is a JSON array or scalar.
RFC 7396 does not limit the JSON Merge Patch format to JSON Objects and in fact handles the case where the merge patch is not an object explicitly in the pseudocode function presented in Section 2 of the RFC. More importantly, Jackson's current behavior is somewhat awkward for instance when using
JsonMergePatchdirectly in a Spring controller like so:When called with a body that is a JSON array, this throws an NPE, with a typical Spring exception handler would convert into a response with HTTP status code 500.
IMO, the preferred fix would be to call
JsonValueDeserializer#deserializeinstead of_deserializeObjectfromJsonMergePatchDeserializer(see PR #26), which would return aJsonValue. Alternatively,_deserializeObjectcould check whether the current token isSTART_OBJECTand return an emptyJsonObject.