search

spring-cloud / spring-cloud-open-service-broker

Spring Cloud project for creating service brokers that conform to the Open Server Broker API specification
https://spring.io/projects/spring-cloud-open-service-broker
Apache License 2.0
168 stars 118 forks source link

Add JsonIgnore annotations to CreateServiceInstanceRequest getters #320

Closed juan-palacios closed 3 years ago

juan-palacios commented 3 years ago

There seems to be a compatibility issue between Spring Cloud Open Service Broker and Jackson

After upgrading Jackson to 2.12.2 we are seeing:

04:36:52 [http-nio-auto-1-exec-9] WARN  o.s.h.c.j.MappingJackson2HttpMessageConverter - Failed to evaluate Jackson deserialization for type [[simple type, class org.springframework.cloud.servicebroker.model.instance.CreateServiceInstanceRequest]]: com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Conflicting getter definitions for property "organization_guid": org.springframework.cloud.servicebroker.model.instance.CreateServiceInstanceRequest#getOrganizationGuid() vs org.springframework.cloud.servicebroker.model.instance.CreateServiceInstanceRequest#getOrganizationGuidToSerialize()
04:36:52 [http-nio-auto-1-exec-9] WARN  o.s.h.c.j.MappingJackson2HttpMessageConverter - Failed to evaluate Jackson deserialization for type [[simple type, class org.springframework.cloud.servicebroker.model.instance.CreateServiceInstanceRequest]]: com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Conflicting getter definitions for property "organization_guid": org.springframework.cloud.servicebroker.model.instance.CreateServiceInstanceRequest#getOrganizationGuid() vs org.springframework.cloud.servicebroker.model.instance.CreateServiceInstanceRequest#getOrganizationGuidToSerialize()
04:36:52 [http-nio-auto-1-exec-9] ERROR i.a.v.o.LoggingServiceBrokerExceptionHandler - Unknown exception handled: 
org.springframework.web.HttpMediaTypeNotSupportedException: Content type 'application/json;charset=UTF-8' not supported
        at org.springframework.web.servlet.mvc.method.annotation.AbstractMessageConverterMethodArgumentResolver.readWithMessageConverters(AbstractMessageConverterMethodArgumentResolver.java:207)
        at org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor.readWithMessageConverters(RequestResponseBodyMethodProcessor.java:158)
        at org.springframework.web.servlet.mvc.method.annotation.RequestResponseBodyMethodProcessor.resolveArgument(RequestResponseBodyMethodProcessor.java:131)
        at org.springframework.web.method.support.HandlerMethodArgumentResolverComposite.resolveArgument(HandlerMethodArgumentResolverComposite.java:121)
        at org.springframework.web.method.support.InvocableHandlerMethod.getMethodArgumentValues(InvocableHandlerMethod.java:170)
        at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137)
        at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:106)
        at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:894)
        at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
        at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1060)
        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:962)
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
        at org.springframework.web.servlet.FrameworkServlet.doPut(FrameworkServlet.java:920)

I managed to fix the issue by adding a MixIn:

interface CreateServiceInstanceRequestMixIn {

    @JsonIgnore
    fun getOrganizationGuid()
    @JsonIgnore
    fun getSpaceGuid()
    @JsonIgnore
    fun getServiceDefinition()
}

I also had to replace the swagger converters for Spring Doc because they hard-code the ObjectMapper:

            val converters = ModelConverters.getInstance()
            converters.removeConverter(converters.converters[0])
            converters.addConverter(ModelResolver(mapper))
royclarkson commented 3 years ago

Thanks for reporting the issue. Which versions of Spring Cloud Open Service Broker and Spring Boot are you using?

juan-palacios commented 3 years ago

@royclarkson Spring Boot 2.4.3 and Spring Cloud 3.3.0

royclarkson commented 3 years ago

Thanks for the info. Spring Boot 2.4.3 manages the version of Jackson to 2.11.4. We test with the Spring Boot managed versions of dependencies in this project as well, and have not tested with the newer version of Jackson. Do you have a specific reason to manage Jackson to a newer version?

juan-palacios commented 3 years ago

We are updating our libraries regularly to get latest features and bugfixes. I think in this instance there was a CVE that got raised and we were trying to bump to the latest which is not affected (I think this one CVE: 2020-28491?)

royclarkson commented 3 years ago

Thanks. Indeed, that's a good reason to upgrade. :)

royclarkson commented 3 years ago

FYI, Jackson 2.11.4 is not vulnerable to that CVE.

akheel96 commented 3 years ago

@royclarkson We are facing same issue in spring boot 2.5.3 version with jackson 2.12.4. And i see that Spring Boot 2.5.x manages the version of Jackson to 2.12.4. Can we know why is it happenning ?

royclarkson commented 3 years ago

@akheel96 there were changes in that version of Jackson. We'll need to release a Boot 2.5 compatibility update. See #327.

royclarkson commented 3 years ago

That commit message should be Boot 2.5.5 (not 3.5.5). Apologies for the confusion.