17

I have a netty decoder which uses GSon to convert JSon coming from web client to appropriate java objects. The requirement is: Client could be sending unrelated classes, Class A, Class B, Class C etc but I would like to use the same singleton decoder instance in the pipeline to do conversion(since I use spring for configuring it). The issue I am facing is I need to know the class object before hand.

public Object decode()
{
    gson.fromJson(jsonString, A.class);
}

This cannot decode B or C. The users of my library, now need to write separate decoders for each class instead of a cast later down the line. The only way I can see for doing this is to pass the String name of the class say "org.example.C" in the JSon string from web client, parse it out in the decoder and then use Class.forName to get the class. Is there a better way to do this?

Abe
  • 8,623
  • 10
  • 50
  • 74
  • 2
    If this is a general-purpose component, think about how you would want your users to configure it. Sensible defaults are also worth thinking about. Would it make sense to have multiple decoder instances, one per class? – Jukka Jun 11 '13 at 17:13
  • Thats how I do this currently, one instance per class type. Issue is that users of my library now need to do internal details like decoders and encoders and configuring them in spring each time a new class is added. I wanted to spare them that and instead do a simple cast. – Abe Jun 11 '13 at 19:02

4 Answers4

11

GSon MUST know the class matching the json string. If you don't wan't to provide it with fromJson(), you can actually specify it in the Json. A way is to define an interface and bind an adapter on it.

Like :

  class A implements MyInterface {
    // ...
  }

  public Object decode()
  {
    Gson  gson = builder.registerTypeAdapter(MyInterface.class, new MyInterfaceAdapter());
    MyInterface a =  gson.fromJson(jsonString, MyInterface.class);
  }

Adapter can be like :

public final class MYInterfaceAdapter implements JsonDeserializer<MyInterface>, JsonSerializer<MyInterface> {
  private static final String PROP_NAME = "myClass";

  @Override
  public MyInterface deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
    try {
      String classPath = json.getAsJsonObject().getAsJsonPrimitive(PROP_NAME).getAsString();
      Class<MyInterface> cls = (Class<MyInterface>) Class.forName(classPath);

      return (MyInterface) context.deserialize(json, cls);
    } catch (ClassNotFoundException e) {
      e.printStackTrace();
    }

    return null;
  }

  @Override
  public JsonElement serialize(MyInterface src, Type typeOfSrc, JsonSerializationContext context) {
    // note : won't work, you must delegate this
    JsonObject jo = context.serialize(src).getAsJsonObject();

    String classPath = src.getClass().getName();
    jo.add(PROP_NAME, new JsonPrimitive(classPath));

    return jo;
  }
}
PomPom
  • 1,468
  • 11
  • 20
  • The problem here is that Class B would not be implementing `MyInterface`. These are not logically linked classes. But probably I need to make users of the lib implement a marker interface to make this code work. – Abe Jun 13 '13 at 16:39
  • So I would go with a TypeAdapterFactory. The main point is that JSon must provide the class to instantiate. GSon is not magical, it can't guess for you :) – PomPom Jun 13 '13 at 17:45
  • Since 1.7 `GsonBuilder` builder has [registerTypeHierarchyAdapter](https://google.github.io/gson/apidocs/com/google/gson/GsonBuilder.html#registerTypeHierarchyAdapter-java.lang.Class-java.lang.Object-) method that may be more suitable in this case. See the [discussion](https://groups.google.com/forum/#!topic/google-gson/0ebOxifqwb0). – Vadzim Apr 03 '17 at 18:22
  • 2
    This is absolutely wrong. Gson can deserialize any valid JSON into syntax tree like this: `gson.fromJson(json, JsonElement.class)`. You can interpret the syntax tree consisting of JSON Arrays (lists), JSON Objects (maps), and JSON primitives (numbers, strings, booleans, null) as you want. – Miha_x64 Apr 26 '17 at 11:21
  • 1
    Don't use this solution. Letting an attacker freely choose the type of an object makes your application vulnerable to all kinds of deserialization attacks. Depending on the libraries included, it might be possible to cause DoS, memory corruption or deletion of arbitrary files and likely much more. See for example https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-1-kryo-serialization (applies here as well even though it is written for Kryo) – Marcono1234 Aug 29 '19 at 10:40
5

Suppose you have these 2 possible JSON responses:

{
  "classA": {"foo": "fooValue"}
}
  or
{
  "classB": {"bar": "barValue"}
}

You can create a class structure like this:

public class Response {
  private A classA;
  private B classB;
  //more possible responses...
  //getters and setters...
}

public class A {
  private String foo;
  //getters and setters...
}

public class B {
  private String bar;
  //getters and setters...
}

Then you can parse any of the possible JSON responses with:

Response response = gson.fromJson(jsonString, Response.class);

Gson will ignore all the JSON fields that don't correspond with any of the attributes in your class structure, so you can adapt a single class to parse different responses...

Then you can check which of the attributes classA, classB, ... is not null and you'll know which response you have received.

MikO
  • 18,243
  • 12
  • 77
  • 109
  • This is for a library that is published to users -> https://github.com/menacher/java-game-server so I really wouldnt know their classes. So no way in which I can fill in Response class. – Abe Jun 11 '13 at 19:05
  • 1
    @Abe, so you have to parse a number of JSON responses and you don't know how they look at all? This is really hard work! – MikO Jun 11 '13 at 19:16
  • Actually the client can send the class name since they know what they are sending, so its not a lost cause. – Abe Jun 11 '13 at 19:32
4

Unsure if this is what you were asking for, but by modifying the RuntimeTypeAdapterFactory class, i made a system for subclassing based on conditions in the Json source. RuntimeTypeAdapterFactory.class:

/*
 * Copyright (C) 2011 Google Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.google.gson.typeadapters;

import java.io.IOException;
import java.util.LinkedHashMap;
import java.util.Map;

import com.google.gson.Gson;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import com.google.gson.JsonPrimitive;
import com.google.gson.TypeAdapter;
import com.google.gson.TypeAdapterFactory;
import com.google.gson.internal.Streams;
import com.google.gson.reflect.TypeToken;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonWriter;

/**
 * Adapts values whose runtime type may differ from their declaration type. This
 * is necessary when a field's type is not the same type that GSON should create
 * when deserializing that field. For example, consider these types:
 * <pre>   {@code
 *   abstract class Shape {
 *     int x;
 *     int y;
 *   }
 *   class Circle extends Shape {
 *     int radius;
 *   }
 *   class Rectangle extends Shape {
 *     int width;
 *     int height;
 *   }
 *   class Diamond extends Shape {
 *     int width;
 *     int height;
 *   }
 *   class Drawing {
 *     Shape bottomShape;
 *     Shape topShape;
 *   }
 * }</pre>
 * <p>Without additional type information, the serialized JSON is ambiguous. Is
 * the bottom shape in this drawing a rectangle or a diamond? <pre>   {@code
 *   {
 *     "bottomShape": {
 *       "width": 10,
 *       "height": 5,
 *       "x": 0,
 *       "y": 0
 *     },
 *     "topShape": {
 *       "radius": 2,
 *       "x": 4,
 *       "y": 1
 *     }
 *   }}</pre>
 * This class addresses this problem by adding type information to the
 * serialized JSON and honoring that type information when the JSON is
 * deserialized: <pre>   {@code
 *   {
 *     "bottomShape": {
 *       "type": "Diamond",
 *       "width": 10,
 *       "height": 5,
 *       "x": 0,
 *       "y": 0
 *     },
 *     "topShape": {
 *       "type": "Circle",
 *       "radius": 2,
 *       "x": 4,
 *       "y": 1
 *     }
 *   }}</pre>
 * Both the type field name ({@code "type"}) and the type labels ({@code
 * "Rectangle"}) are configurable.
 *
 * <h3>Registering Types</h3>
 * Create a {@code RuntimeTypeAdapter} by passing the base type and type field
 * name to the {@link #of} factory method. If you don't supply an explicit type
 * field name, {@code "type"} will be used. <pre>   {@code
 *   RuntimeTypeAdapter<Shape> shapeAdapter
 *       = RuntimeTypeAdapter.of(Shape.class, "type");
 * }</pre>
 * Next register all of your subtypes. Every subtype must be explicitly
 * registered. This protects your application from injection attacks. If you
 * don't supply an explicit type label, the type's simple name will be used.
 * <pre>   {@code
 *   shapeAdapter.registerSubtype(Rectangle.class, "Rectangle");
 *   shapeAdapter.registerSubtype(Circle.class, "Circle");
 *   shapeAdapter.registerSubtype(Diamond.class, "Diamond");
 * }</pre>
 * Finally, register the type adapter in your application's GSON builder:
 * <pre>   {@code
 *   Gson gson = new GsonBuilder()
 *       .registerTypeAdapter(Shape.class, shapeAdapter)
 *       .create();
 * }</pre>
 * Like {@code GsonBuilder}, this API supports chaining: <pre>   {@code
 *   RuntimeTypeAdapter<Shape> shapeAdapter = RuntimeTypeAdapterFactory.of(Shape.class)
 *       .registerSubtype(Rectangle.class)
 *       .registerSubtype(Circle.class)
 *       .registerSubtype(Diamond.class);
 * }</pre>
 */
public final class RuntimeTypeAdapterFactory<T> implements TypeAdapterFactory {
    private final Class<?> baseType;
    private final RuntimeTypeAdapterPredicate predicate;
    private final Map<String, Class<?>> labelToSubtype = new LinkedHashMap<String, Class<?>>();
    private final Map<Class<?>, String> subtypeToLabel = new LinkedHashMap<Class<?>, String>();

    private RuntimeTypeAdapterFactory(Class<?> baseType, RuntimeTypeAdapterPredicate predicate) {
        if (predicate == null || baseType == null) {
            throw new NullPointerException();
        }
        this.baseType = baseType;
        this.predicate = predicate;
    }

    /**
     * Creates a new runtime type adapter using for {@code baseType} using {@code
     * typeFieldName} as the type field name. Type field names are case sensitive.
     */
    public static <T> RuntimeTypeAdapterFactory<T> of(Class<T> baseType, RuntimeTypeAdapterPredicate predicate) {
        return new RuntimeTypeAdapterFactory<T>(baseType, predicate);
    }

    /**
     * Creates a new runtime type adapter for {@code baseType} using {@code "type"} as
     * the type field name.
     */
    public static <T> RuntimeTypeAdapterFactory<T> of(Class<T> baseType) {
        return new RuntimeTypeAdapterFactory<T>(baseType, null);
    }

    /**
     * Registers {@code type} identified by {@code label}. Labels are case
     * sensitive.
     *
     * @throws IllegalArgumentException if either {@code type} or {@code label}
     *     have already been registered on this type adapter.
     */
    public RuntimeTypeAdapterFactory<T> registerSubtype(Class<? extends T> type, String label) {
        if (type == null || label == null) {
            throw new NullPointerException();
        }
        if (subtypeToLabel.containsKey(type) || labelToSubtype.containsKey(label)) {
            throw new IllegalArgumentException("types and labels must be unique");
        }
        labelToSubtype.put(label, type);
        subtypeToLabel.put(type, label);
        return this;
    }

    /**
     * Registers {@code type} identified by its {@link Class#getSimpleName simple
     * name}. Labels are case sensitive.
     *
     * @throws IllegalArgumentException if either {@code type} or its simple name
     *     have already been registered on this type adapter.
     */
    public RuntimeTypeAdapterFactory<T> registerSubtype(Class<? extends T> type) {
        return registerSubtype(type, type.getSimpleName());
    }

    public <R> TypeAdapter<R> create(Gson gson, TypeToken<R> type) {
        if (type.getRawType() != baseType) {
            return null;
        }

        final Map<String, TypeAdapter<?>> labelToDelegate
                = new LinkedHashMap<String, TypeAdapter<?>>();
        final Map<Class<?>, TypeAdapter<?>> subtypeToDelegate
                = new LinkedHashMap<Class<?>, TypeAdapter<?>>();
        for (Map.Entry<String, Class<?>> entry : labelToSubtype.entrySet()) {
            TypeAdapter<?> delegate = gson.getDelegateAdapter(this, TypeToken.get(entry.getValue()));
            labelToDelegate.put(entry.getKey(), delegate);
            subtypeToDelegate.put(entry.getValue(), delegate);
        }

        return new TypeAdapter<R>() {
            @Override public R read(JsonReader in) throws IOException {
                JsonElement jsonElement = Streams.parse(in);
                String label = predicate.process(jsonElement);
                @SuppressWarnings("unchecked") // registration requires that subtype extends T
                        TypeAdapter<R> delegate = (TypeAdapter<R>) labelToDelegate.get(label);
                if (delegate == null) {
                    throw new JsonParseException("cannot deserialize " + baseType + " subtype named "
                            + label + "; did you forget to register a subtype?");
                }
                return delegate.fromJsonTree(jsonElement);
            }

            @Override public void write(JsonWriter out, R value) throws IOException { // Unimplemented as we don't use write.
                /*Class<?> srcType = value.getClass();
                String label = subtypeToLabel.get(srcType);
                @SuppressWarnings("unchecked") // registration requires that subtype extends T
                        TypeAdapter<R> delegate = (TypeAdapter<R>) subtypeToDelegate.get(srcType);
                if (delegate == null) {
                    throw new JsonParseException("cannot serialize " + srcType.getName()
                            + "; did you forget to register a subtype?");
                }
                JsonObject jsonObject = delegate.toJsonTree(value).getAsJsonObject();
                if (jsonObject.has(typeFieldName)) {
                    throw new JsonParseException("cannot serialize " + srcType.getName()
                            + " because it already defines a field named " + typeFieldName);
                }
                JsonObject clone = new JsonObject();
                clone.add(typeFieldName, new JsonPrimitive(label));
                for (Map.Entry<String, JsonElement> e : jsonObject.entrySet()) {
                    clone.add(e.getKey(), e.getValue());
                }*/
                Streams.write(null, out);
            }
        };
    }
}

RuntimeTypeAdapterPredicate.class:

package com.google.gson.typeadapters;

import com.google.gson.JsonElement;

/**
 * Created by Johan on 2014-02-13.
 */
public abstract class RuntimeTypeAdapterPredicate {

    public abstract String process(JsonElement element);

}

Example (taken from a project i'm currently working on):

ItemTypePredicate.class:

package org.libpoe.serial;

import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.typeadapters.RuntimeTypeAdapterPredicate;

/**
 * Created by Johan on 2014-02-13.
 */
public class ItemTypePredicate extends RuntimeTypeAdapterPredicate {

    @Override
    public String process(JsonElement element) {
        JsonObject obj = element.getAsJsonObject();
        int frameType = obj.get("frameType").getAsInt();

        switch(frameType) {
            case 4: return "Gem";
            case 5: return "Currency";
        }
        if (obj.get("typeLine").getAsString().contains("Map")
                && obj.get("descrText").getAsString() != null
                && obj.get("descrText").getAsString().contains("Travel to this Map")) {
            return "Map";
        }

        return "Equipment";
    }
}

Usage:

RuntimeTypeAdapterFactory<Item> itemAdapter = RuntimeTypeAdapterFactory.of(Item.class, new ItemTypePredicate())
        .registerSubtype(Currency.class)
        .registerSubtype(Equipment.class)
        .registerSubtype(Gem.class)
        .registerSubtype(Map.class);

Gson gson = new GsonBuilder()
        .enableComplexMapKeySerialization()
        .registerTypeAdapterFactory(itemAdapter).create();

The hierachy base class is Item. Currency, Equipment, Gem and Map all extend this.

  • This is nearly what i want, but my basic requirement was to identify unrelated classes, which I think is not possible. – Abe Feb 13 '14 at 14:36
1

Create model class ,

public class MyModel {

    private String errorId;

    public String getErrorId() {
        return errorId;
    }

    public void setErrorId(String errorId) {
        this.errorId = errorId;
    }
}

Create subclass

   public class SubClass extends MyModel {
        private String subString;

       public String getSubString() {
            return subString;
        }

        public void setSubString(String subString) {
            this.subString = subString;
        }
 }

call parseGson Method

parseGson(subClass);

gson parse method with object class

   public void parseGson(Object object){
     object = gson.fromJson(response.toString(), object.getClass());
     SubClass subclass = (SubClass)object;
   }

You can set global variables that cast to myModel

((MyModel)object).setErrorId(response.getString("errorid"));
SUcpinar
  • 225
  • 3
  • 12