Verify use of ObjectMapper

wultra / powerauth-server

PowerAuth Server component is the back-end counterpart of PowerAuth Mobile SDK that holds device registrations and verifies MFA signatures.

GNU Affero General Public License v3.0

17 stars 11 forks source link

Verify use of ObjectMapper #531

Open petrdvorak opened 3 years ago

petrdvorak commented 3 years ago

We are often using a new instance of ObjectMapper, like so:

private final ObjectMapper objectMapper = new ObjectMapper();

We should check if we can configure ObjectMapper globally.

romanstrobl commented 3 years ago

Good point. We should also evaluate the ObjectMapper configuration. For instance, in ECIES we have a problem with compatibility between versions when new fields are not recognized, which leads to hard to diagnose errors. Sometimes the object mapper needs to be strict and sometimes its strictness is counter-productive. We should evaluate each usage separately.

romanstrobl commented 3 years ago

See: https://github.com/wultra/powerauth-server/issues/446