一、背景

最近看到又有同学被 fastjson 坑了。
该同学在类中自定义了 get 方法,在该 get 方法中引用了一个对象,由于某段代码中 “没有用到”该方法就没注入,最后出现了空指针。
由于自己确定没有主动调用这个方法,排查了半天,借助 arthas 看 trace 才发现这个坑。

二、问题复现

@Data
public class Student {

    private String name;

    public String getValue() {
        return "test";
    }
}

测试:

public class StudentDemo {
    public static void main(String[] args) {
        Student student = new Student();
        student.setName("Student");

        System.out.println(JSON.toJSONString(student));
    }
}

结果是:{“name”:“Student”,“value”:“test”}

可见 fastjson 的 toJSONString 方法转 JSON 时,底层是通过解析 get 方法来识别属性的,它认为有一个 value 属性,转为 JSON 字符串时会自动调用对应的 get 方法获取 value 属性的值。

如果自定义的 get 方法中使用到了尚没有设置的对象,由于并没有显示调用 getAddress 方法,很多人并不会意识到需要注入 repository 对象,如果调用了 toJSONString 方法就极容易出现空指针异常。

@Data
public class Student {

    private String name;

    private String addressId;

    private AddressRepository repository;


    // 省略其他
    public Address getAddress() {
        return repository.get(addressId);
    }
}
public class StudentDemo {
    public static void main(String[] args) {
        Student student = new Student();
        student.setName("Student");
        student.setAddressId("10086");

        // 很多人并不会意识到这里会自动调用 getAddress 方法,因此没有设置  repository,空指针了!
        log.info("过程中某个日志, 参数:{}", JSON.toJSONString(student));
    }
}

三、如何解决

方法一:自定义的方法避免定义为 get 开头。

import com.alibaba.fastjson.annotation.JSONField;
import lombok.Data;

@Data
public class Student {

    private String name;


    public String fetchValue() {
        return "test";
    }
}

方法二:使用 @JSONField(serialize = false) 在 getValue 方法上,让 fastjson 忽略该方法。

import com.alibaba.fastjson.annotation.JSONField;
import lombok.Data;

@Data
public class Student {

    private String name;

    @JSONField(serialize = false)
    public String getValue() {
        return "test";
    }
}

四、启发

大家在进行项目开发时,当你发现对象转 JSON 字符串时“莫名其妙地”多出了某些属性,其实就是这个原因。
大家在使用 fastjson 将对象转为 JSON 字符串时一定要小心这个坑。

GitHub 加速计划 / js / json
18
5
下载
适用于现代 C++ 的 JSON。
最近提交(Master分支:3 个月前 )
f06604fc * :page_facing_up: bump the copyright years Signed-off-by: Niels Lohmann <mail@nlohmann.me> * :page_facing_up: bump the copyright years Signed-off-by: Niels Lohmann <mail@nlohmann.me> * :page_facing_up: bump the copyright years Signed-off-by: Niels Lohmann <niels.lohmann@gmail.com> --------- Signed-off-by: Niels Lohmann <mail@nlohmann.me> Signed-off-by: Niels Lohmann <niels.lohmann@gmail.com> 4 天前
d23291ba * add a ci step for Json_Diagnostic_Positions Signed-off-by: Harinath Nampally <harinath922@gmail.com> * Update ci.cmake to address review comments Signed-off-by: Harinath Nampally <harinath922@gmail.com> * address review comment Signed-off-by: Harinath Nampally <harinath922@gmail.com> * fix typo in the comment Signed-off-by: Harinath Nampally <harinath922@gmail.com> * fix typos in ci.cmake Signed-off-by: Harinath Nampally <harinath922@gmail.com> * invoke the new ci step from ubuntu.yml Signed-off-by: Harinath Nampally <harinath922@gmail.com> * issue4561 - use diagnostic positions for exceptions Signed-off-by: Harinath Nampally <harinath922@gmail.com> * fix ci_test_documentation check Signed-off-by: Harinath Nampally <harinath922@gmail.com> * address review comments Signed-off-by: Harinath Nampally <harinath922@gmail.com> * fix ci check failures for unit-diagnostic-postions.cpp Signed-off-by: Harinath Nampally <harinath922@gmail.com> * improvements based on review comments Signed-off-by: Harinath Nampally <harinath922@gmail.com> * fix const correctness string Signed-off-by: Harinath Nampally <harinath922@gmail.com> * further refinements based on reviews Signed-off-by: Harinath Nampally <harinath922@gmail.com> * add one more test case for full coverage Signed-off-by: Harinath Nampally <harinath922@gmail.com> * ci check fix - add const Signed-off-by: Harinath Nampally <harinath922@gmail.com> * add unit tests for json_diagnostic_postions only Signed-off-by: Harinath Nampally <harinath922@gmail.com> * fix ci_test_diagnostics Signed-off-by: Harinath Nampally <harinath922@gmail.com> * fix ci_test_build_documentation check Signed-off-by: Harinath Nampally <harinath922@gmail.com> --------- Signed-off-by: Harinath Nampally <harinath922@gmail.com> 4 天前
Logo

旨在为数千万中国开发者提供一个无缝且高效的云端环境,以支持学习、使用和贡献开源项目。

更多推荐