This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch WW-5626-approach-c in repository https://gitbox.apache.org/repos/asf/struts.git
commit f88c7301782bb40679072b4a54210baba9664d46 Author: Lukasz Lenart <[email protected]> AuthorDate: Mon May 4 16:00:24 2026 +0200 WW-5626 register ParameterAuthorizingModule on default Jackson REST handlers --- .../java/org/apache/struts2/rest/handler/JacksonJsonHandler.java | 5 +++-- .../java/org/apache/struts2/rest/handler/JacksonXmlHandler.java | 9 +++++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/plugins/rest/src/main/java/org/apache/struts2/rest/handler/JacksonJsonHandler.java b/plugins/rest/src/main/java/org/apache/struts2/rest/handler/JacksonJsonHandler.java index d97af08e3..834661cd5 100644 --- a/plugins/rest/src/main/java/org/apache/struts2/rest/handler/JacksonJsonHandler.java +++ b/plugins/rest/src/main/java/org/apache/struts2/rest/handler/JacksonJsonHandler.java @@ -32,11 +32,12 @@ import java.io.Writer; /** * Handles JSON content using jackson-lib */ -public class JacksonJsonHandler implements ContentTypeHandler { +public class JacksonJsonHandler implements AuthorizationAwareContentTypeHandler { private static final String DEFAULT_CONTENT_TYPE = "application/json"; private String defaultEncoding = "ISO-8859-1"; - private ObjectMapper mapper = new ObjectMapper(); + private ObjectMapper mapper = new ObjectMapper() + .registerModule(new org.apache.struts2.rest.handler.jackson.ParameterAuthorizingModule()); @Override public void toObject(ActionInvocation invocation, Reader in, Object target) throws IOException { diff --git a/plugins/rest/src/main/java/org/apache/struts2/rest/handler/JacksonXmlHandler.java b/plugins/rest/src/main/java/org/apache/struts2/rest/handler/JacksonXmlHandler.java index a73ad4d21..ccc102023 100644 --- a/plugins/rest/src/main/java/org/apache/struts2/rest/handler/JacksonXmlHandler.java +++ b/plugins/rest/src/main/java/org/apache/struts2/rest/handler/JacksonXmlHandler.java @@ -31,12 +31,17 @@ import java.io.Writer; /** * Handles XML content using Jackson */ -public class JacksonXmlHandler implements ContentTypeHandler { +public class JacksonXmlHandler implements AuthorizationAwareContentTypeHandler { private static final Logger LOG = LogManager.getLogger(JacksonXmlHandler.class); private static final String DEFAULT_CONTENT_TYPE = "application/xml"; - private final XmlMapper mapper = new XmlMapper(); + private final XmlMapper mapper; + + public JacksonXmlHandler() { + mapper = new XmlMapper(); + mapper.registerModule(new org.apache.struts2.rest.handler.jackson.ParameterAuthorizingModule()); + } @Override public void toObject(ActionInvocation invocation, Reader in, Object target) throws IOException {
