1

Is there a way to configure a Jackson ObjectMapper to not include the source of the content it is trying to decode in error messages?

Simple example:

public class App {
  public static class House {
    String color;
  }

  public static void main(String[] args) {
    try {
      final var mapper = new ObjectMapper();
      final var house = mapper.readValue("{\"name\": \"The Villa\"}\n", House.class);
    } catch (Exception e) {
      System.err.println(e.getMessage());
    }
  }
}

This will print:

Unrecognized field "name" (class test.objectmapper.App$House), not marked as ignorable (0 known properties: ])
 at [Source: (String)"{"name": "The Villa"}
"; line: 1, column: 11] (through reference chain: test.objectmapper.App$House["name"])

I would like it to not include the "Source" part. This can be important in an application where you want to limit the possibilities of sensitive data ending up in application logs.

skagedal
  • 2,323
  • 23
  • 34
  • I did not test but setting `WRAP_EXCEPTIONS` to false could help. From the documentation: "...this can be convenient both in that all exceptions will be checked and declared, and so there is more contextual information". This feature is enabled by default. https://fasterxml.github.io/jackson-databind/javadoc/2.7/com/fasterxml/jackson/databind/DeserializationFeature.html#WRAP_EXCEPTIONS – Dan_Maff Dec 16 '21 at 07:38
  • Thanks for the suggestion! I tried that now, it did not make a difference unfortunately... – skagedal Dec 16 '21 at 08:00
  • From the deserialization features's list it seems that the most similar to what you are looking for is is `WRAP_EXCEPTIONS` suggested by @Dan_Maff that unfortunately permits the passage of exceptions produced by parsing and that is exactly your case. Probably the only one way is intercept the exception and produces a new one inglobing just the cause. – dariosicily Dec 16 '21 at 08:41
  • Yes, I think that flag only determines what it should do with exceptions coming from other places, such as `IOException`. This is an exception (a specific subclass of `JsonMappingException`) that is thrown by Jackson itself. So yeah, it would seem that there is no setting to do what I want, and I'll have to make sure that each code path that uses an ObjectMapper catches these exceptions and takes care of the message. – skagedal Dec 16 '21 at 09:51
  • I found however that there's an easy way to clear this information from a JsonMappingException when you have (the method `clearLocation()`). There is a feature request here to ask to make this enabled by default as a configuration – this is exactly what I'm looking for: https://github.com/FasterXML/jackson-databind/issues/3340 – skagedal Dec 16 '21 at 18:53
  • I didn't know this and it actually makes sense there is alread one method due to the possibile existence of sensible informations inside the json, thanks for the update and for the link. – dariosicily Dec 17 '21 at 07:17
  • Also found this question, which my question is a duplicate of: https://stackoverflow.com/a/68815934 I used the "Flag" thing to mark it as such, is that right? – skagedal Dec 17 '21 at 15:57

0 Answers0