-
-
Notifications
You must be signed in to change notification settings - Fork 765
JsonFactory Features
Tatu Saloranta edited this page Apr 3, 2015
·
6 revisions
Jackson Streaming API has a set of on/off features that change aspects that have effect on both reading and writing JSON. Settings are set on JsonFactory, and generally can NOT be dynamically changed after first JsonParser or JsonGenerator has been created.
JsonFactory f = new JsonFactory();
f.disable(JsonFactory.Feature.CANONICALIZE_FIELD_NAMES);These features determine if and how canonicalization of JSON Object property names is done.
-
CANONICALIZE_FIELD_NAMES (default: true)
- Means that once name
Stringis decoded from input (byteorcharstream), it will be added in a symbol table, to reduce overhead of decoding same name next time it is seen (by any parser constructed by same factory)
- Means that once name
-
INTERN_FIELD_NAMES (default: true)
- If canonicalization is enabled, this feature determines whether
Stringdecoded is also interned (usingString.intern()) or not -- doing that can help further improve deserialization performance since identity comparison may be used. - If names are unlikely to repeat, or if sheer number of distinct names is huge (in tens of thousands or above), it may make sense to disable this feature.
- If canonicalization is enabled, this feature determines whether
-
FAIL_ON_SYMBOL_HASH_OVERFLOW (default:true) (added in 2.4)
- Since canonicalization uses hash-based approach for resolving byte-/char-sequences into names, it is theoretically possible to construct sets of names that have exceptionally high rate of collision. If so, performance of hash lookups may be severely degraded. To guard against this possibility, symbol table uses heuristics to detect likely attack, based on unusually high number of collisions.
- NOTE: hashing in use is NOT the same as what
java.lang.Stringused with JDK 7 and before, and is therefore NOT vulnerable to the same attack (i.e. need attack specifically tailored to attack Jackson's hashing scheme) - In unlikely event that the exception is triggered for valid data, it may make sense to either disable this feature, or to disable canonicalization. However, Jackson authors would also like to be notified for such usage as it may point to an issue with hashing scheme -- so please file an issue if you encounter this problem.
- Only relevant if canonicalization is enabled
- [Generator Features](JsonGenerator Features)
- [Parser Features](JsonParser Features)