Refuse APPLICATION_JSON to avoid data loss #390
Conversation
If APPLICATION_JSON is accepted when posting a SCIM entity, the custom JacksonXmlBindJsonProvider is not used. This is a serious problem, because the REST API appears to work without any errors, but in reality all data relating to the use of a schema extension is lost. This behavior can confuse the user and be very dangerous, it is better to reject the application/json format
|
Do you want to try tweaking the JSON provider? My preference would be to try to make sure everything works with application/json. But if that doesn't work we could merged this for the short term. (as you mentioned, it's better to NOT loose data) Per spec:
|
My concern is that if the framework is integrated in a project that implements other endpoints (not related to scim protocol), using scim custom mapper for all endpoints (standard ones in application/json) it could be a problem. I don't know if it is possible to bind the custom mapper only for scim related endpoints... or at least to have a configuration option to bind custom object mapper to json or not according needs... WDYT ? |
|
I think that is a valid point, but you should be able to define multiple JAX-RS apps in a project. |
Previously application/json requests may have lost any custom extension data. This change adds applicaiton/json to the list of supproted media types (as recommended by the SCIM specs), but restricts it's types to ONLY classes known by SCIMple, and allows other MessageBodyReader/Writer to handle other requests Fixes: #390
If APPLICATION_JSON is accepted when posting a SCIM entity, the custom JacksonXmlBindJsonProvider is not used. This is a serious problem, because the REST API appears to work without any errors, but in reality all data relating to the use of a schema extension is lost. This behavior can confuse the user and be very dangerous, it is better to reject the application/json format