From cfbd9c83a07c2971ca538eb8330d4939c2be69ec Mon Sep 17 00:00:00 2001
From: Enrico Molino <57355804+symphony-enrico@users.noreply.github.com>
Date: Tue, 10 Oct 2023 16:46:28 +0200
Subject: [PATCH] Refuse APPLICATION_JSON to avoid data loss

If APPLICATION_JSON is accepted when posting a SCIM entity, the custom JacksonXmlBindJsonProvider is not used. This is a serious problem, because the REST API appears to work without any errors, but in reality all data relating to the use of a schema extension is lost. This behavior can confuse the user and be very dangerous, it is better to reject the application/json format
---
 .../directory/scim/protocol/BaseResourceTypeResource.java     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scim-spec/scim-spec-protocol/src/main/java/org/apache/directory/scim/protocol/BaseResourceTypeResource.java b/scim-spec/scim-spec-protocol/src/main/java/org/apache/directory/scim/protocol/BaseResourceTypeResource.java
index 806a89473..725fac4d4 100644
--- a/scim-spec/scim-spec-protocol/src/main/java/org/apache/directory/scim/protocol/BaseResourceTypeResource.java
+++ b/scim-spec/scim-spec-protocol/src/main/java/org/apache/directory/scim/protocol/BaseResourceTypeResource.java
@@ -113,7 +113,7 @@ default Response query(@Parameter(name="attributes") @QueryParam("attributes") A
    * @return
    */
   @POST
-  @Consumes({Constants.SCIM_CONTENT_TYPE, MediaType.APPLICATION_JSON})
+  @Consumes(Constants.SCIM_CONTENT_TYPE)
   @Produces({Constants.SCIM_CONTENT_TYPE, MediaType.APPLICATION_JSON})
   @Operation(description = "Create")
   @ApiResponses(value = {
@@ -160,7 +160,7 @@ default Response find(@RequestBody(content = @Content(mediaType = Constants.SCIM
    */
   @PUT
   @Path("{id}")
-  @Consumes({Constants.SCIM_CONTENT_TYPE, MediaType.APPLICATION_JSON})
+  @Consumes(Constants.SCIM_CONTENT_TYPE)
   @Produces({Constants.SCIM_CONTENT_TYPE, MediaType.APPLICATION_JSON})
   @Operation(description = "Update")
   @ApiResponses(value = {