The most recent discussion of Json libraries has been about Alibaba’s open source FastJson, though embarrassingly much of the discussion has been about its frequently exposed security vulnerabilities. The main reason for the wide impact of FastJson vulnerability is that it is very popular in China, while Jackson is the mainstream choice in foreign countries. The reason for the popularity of FastJson in China may be that the author is a Chinese, the version is updated frequently and there are many Chinese materials. Another neat thing about FastJson is that the most common FastJson methods are set up to be static and can be used directly for simple serialization and deserialization without needing to be instantiated or configured. All Jackson operations rely on ObjectMapper to complete, before use need to perform the following operations:

ObjectMapper mapper = new ObjectMapper();
mapper.xxxx
Copy the code

The point of all this nonsense is that the Jackson is a bit of a pain for beginners to use.

Simple to use

Jackson is the official Json library recommended by SpringBoot. Since SpringBoot1.2.0, SpringBoot has provided automatic configuration for Jackson. In the org. Springframework. Boot. Autoconfigure. Jackson package below you can see Jackson JacksonAutoConfiguration automatic configuration of the class, A Bean of type ObjectMapper is injected into the Spring container when the configuration file is prefixed with “spring. Jackson “. This Bean can be used directly if no special configuration is required:

@Autowired
private ObjectMapper objectMapper;
Copy the code

Custom Configuration

Jackson provides a number of additional configurations for a variety of different needs and scenarios. You can configure a new ObjectMapper type Bean yourself and set the associated properties:

@Configuration
public class JSONConverterConfig {    
    @Bean(name = "objectMapper")    
    public ObjectMapper jacksonJsonMapper() {        
        ObjectMapper mapper = new ObjectMapper();        
        mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);       
        returnmapper; }}Copy the code

The above code is a Bean with an ObjectMapper configured and FAIL_ON_UNKNOWN_PROPERTIES configured. Unknown attributes in Json will not be thrown but ignored. Jackson-related configurations are in the DeserializationFeature and SerializationFeature, which can be configured as required.

Serialize XML using Jackson

Jackson is not only a Json library, but also an Xml library, as can be seen from the package name com.fasterxml.jackson. As with Json, Jackson’s manipulation of XML relies on an instantiated object of XmlMapper, a subclass of ObjectMapper:

public class XmlMapper extends ObjectMapper {
    ...
}
Copy the code

Unfortunately, org. Springframework. Boot. Autoconfigure did not provide XmlMapper automatic configuration, we need to manually define a configuration class:

@Configuration
public class XmlConverterConfig {    
    @Bean(name = "xmlMapper")    
    public XmlMapper jacksonXmlMapper() {        
        XmlMapper mapper = new XmlMapper();        
        mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);        
        returnmapper; }}Copy the code

Due to the inheritance relationship between XmlMapper and ObjectMapper, if only XmlMapper Bean is configured, ObjectMapper beans can be used directly in the program, but the objects will be ordered into XML instead of Json as expected. I want to make a distinction here.