又被 fastjson 坑了?它调用了我自定义的 get 方法!
json
适用于现代 C++ 的 JSON。
项目地址:https://gitcode.com/gh_mirrors/js/json
免费下载资源
·
一、背景
最近看到又有同学被 fastjson 坑了。
该同学在类中自定义了 get 方法,在该 get 方法中引用了一个对象,由于某段代码中 “没有用到”该方法就没注入,最后出现了空指针。
由于自己确定没有主动调用这个方法,排查了半天,借助 arthas 看 trace 才发现这个坑。
二、问题复现
@Data
public class Student {
private String name;
public String getValue() {
return "test";
}
}
测试:
public class StudentDemo {
public static void main(String[] args) {
Student student = new Student();
student.setName("Student");
System.out.println(JSON.toJSONString(student));
}
}
结果是:{“name”:“Student”,“value”:“test”}
可见 fastjson 的 toJSONString 方法转 JSON 时,底层是通过解析 get 方法来识别属性的,它认为有一个 value 属性,转为 JSON 字符串时会自动调用对应的 get 方法获取 value 属性的值。
如果自定义的 get 方法中使用到了尚没有设置的对象,由于并没有显示调用 getAddress 方法,很多人并不会意识到需要注入 repository 对象,如果调用了 toJSONString 方法就极容易出现空指针异常。
@Data
public class Student {
private String name;
private String addressId;
private AddressRepository repository;
// 省略其他
public Address getAddress() {
return repository.get(addressId);
}
}
public class StudentDemo {
public static void main(String[] args) {
Student student = new Student();
student.setName("Student");
student.setAddressId("10086");
// 很多人并不会意识到这里会自动调用 getAddress 方法,因此没有设置 repository,空指针了!
log.info("过程中某个日志, 参数:{}", JSON.toJSONString(student));
}
}
三、如何解决
方法一:自定义的方法避免定义为 get 开头。
import com.alibaba.fastjson.annotation.JSONField;
import lombok.Data;
@Data
public class Student {
private String name;
public String fetchValue() {
return "test";
}
}
方法二:使用 @JSONField(serialize = false)
在 getValue 方法上,让 fastjson 忽略该方法。
import com.alibaba.fastjson.annotation.JSONField;
import lombok.Data;
@Data
public class Student {
private String name;
@JSONField(serialize = false)
public String getValue() {
return "test";
}
}
四、启发
大家在进行项目开发时,当你发现对象转 JSON 字符串时“莫名其妙地”多出了某些属性,其实就是这个原因。
大家在使用 fastjson 将对象转为 JSON 字符串时一定要小心这个坑。
GitHub 加速计划 / js / json
18
5
下载
适用于现代 C++ 的 JSON。
最近提交(Master分支:3 个月前 )
f06604fc
* :page_facing_up: bump the copyright years
Signed-off-by: Niels Lohmann <mail@nlohmann.me>
* :page_facing_up: bump the copyright years
Signed-off-by: Niels Lohmann <mail@nlohmann.me>
* :page_facing_up: bump the copyright years
Signed-off-by: Niels Lohmann <niels.lohmann@gmail.com>
---------
Signed-off-by: Niels Lohmann <mail@nlohmann.me>
Signed-off-by: Niels Lohmann <niels.lohmann@gmail.com> 4 天前
d23291ba
* add a ci step for Json_Diagnostic_Positions
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* Update ci.cmake to address review comments
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* address review comment
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* fix typo in the comment
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* fix typos in ci.cmake
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* invoke the new ci step from ubuntu.yml
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* issue4561 - use diagnostic positions for exceptions
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* fix ci_test_documentation check
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* address review comments
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* fix ci check failures for unit-diagnostic-postions.cpp
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* improvements based on review comments
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* fix const correctness string
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* further refinements based on reviews
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* add one more test case for full coverage
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* ci check fix - add const
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* add unit tests for json_diagnostic_postions only
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* fix ci_test_diagnostics
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
* fix ci_test_build_documentation check
Signed-off-by: Harinath Nampally <harinath922@gmail.com>
---------
Signed-off-by: Harinath Nampally <harinath922@gmail.com> 4 天前
更多推荐
已为社区贡献13条内容
所有评论(0)