Json string handling with back slash

Question

I know this question was asked several times before on this forum. But none of it addresses my problem. I am using Jmeter to post json string with content-type "application/json" My Spring mvc app is happy consuming the same and converting it to Java Object. However, when i send a string with a backslash everything seems to fall apart. Here is my Json Input string

    {"signup":{"firstName":"joe", "lastName":"beedu","email":"jb1407874596956@hotmail.com",
"password":"O;\l-wslD6RQ5@M)","confirmPassword":"O;\l-wslD6RQ5@M)", 
"picImage":[81,109,81,109,109,81,109,109,89]}}

Note: password fields have a back slash. More on this later.

Here is my java class for the same.

@JsonRootName(value = "signup")
@XmlRootElement(name = "signup")
public class Signup {

    private String firstName;

    private String lastName;

    private String email;

    private String password;

    private String confirmPassword;

    private byte[] picImage;

}

Removed getters/setters and also validation annotations.

Issue number 1: When i manually escape the password field values with an extra slash like "O;\l-wslD6RQ5@M)" My Spring mvc web app is happy, but doesn't automatically unescape the extra back slash for me. I was expecting my spring converter MappingJackson2HttpMessageConverter to read the json payload and do the magic unescape thing for me, but it doesn't. It will be very ugly if i manually unescape every field in json json objects. Any help here to address this?

Issue number 2: On the client side, i tried several different ways to see if any library automatically escapes the strings in Json object. Given a raw json string like above, is there a way to escape the string that goes into json object? I tried, StringEscapeUtils from apache escapeJson, it didn't work. I tried json-lib too. None of them were able to handle string "O;\l-wslD6RQ5@M)". I had to manually add extra back slash before i add the json string to Http Body.

I would like to use a client side library that escapes json string fields and also on the server side to unescape. I deeply appreciate you guys for reading a lengthy question. I wasted a day on this one. I hope you guys will help me out with an answer or at least a direction.

Thanks Sri

Dup? http://stackoverflow.com/questions/3020094/how-should-i-escape-strings-in-json — stark, Aug 13 '14 at 21:11
@stark: No its not a Dup. It partially addresses client side issue. Among the suggested solutions, i tried apache lib that didn't help. I will try the jettison and json-simple to see it helps. However my other half issues on Server side still remains. So, please edit your comments if possible. — sridhar kondoji, Aug 13 '14 at 21:20
Can't reproduce: this test passes: https://gist.github.com/jnizet/1673c66104f2348349d0. How do you check that the extra backslash is not unescaped by Jackson? — JB Nizet, Aug 13 '14 at 21:26
What, *precisely*, is the content of the "password" var before it's JSON-encoded. That is, if I looped on something like `System.out.println((int) password.charAt(i));`, what would be the numeric values for the characters ?? (Note that you can't trust `toString` here.) — Hot Licks, Aug 13 '14 at 21:35
@JB Nizet: Why does your input has 4 back slashes? On Server side, when i get back the value i see 2 back slashes instead of 1. — sridhar kondoji, Aug 13 '14 at 21:36
@Hot Licks: This is what a user type password field value is "O;\l-wslD6RQ5@M)" Even before i json encode it. To be precise, the above Json input is exactly what i type in jmeter's http request controller's Body Part. — sridhar kondoji, Aug 13 '14 at 21:38
(Note that any valid JSON encoder/decoder should properly escape/unescape the backslashes. However, one cannot guarantee that transmitting/receiving the JSON string (if sent as character data) will preserve the escapes -- that very much depends on the protocol used (and is one reason why it's preferred to transmit JSON as "binary" vs character data).) — Hot Licks, Aug 13 '14 at 21:38
The JSON string is supposed to have two backslashes, since JSON escapes a backslash with another backslash. But Java String literals must also escape backslashes with another backslash. Print the values to the screen to see the actual characters of the strings. Note that if you inspec the string using a debugger, there's a chance that the debugger shows you the Java String literal equivalent, which needs each backslash to be escaped. Hence my question, that you didn't answer: How do you check that the extra backslash is not unescaped by Jackson? — JB Nizet, Aug 13 '14 at 21:38
@Hot Licks I am lost. "O;\\l-wslD6RQ5@M)".charAt(2) prints '\\' ascii code 92 "O;\\l-wslD6RQ5@M)".charAt(3) prints l ascii code 108 What i get now is "O;\l-wslD6RQ5@M)" is not a valid String litereal. I get an error "Illegal escape character in String. It looks like double slash is enough to make it a proper String literal and send it over the wire. What i endup on the server side is password field with two back slashes. Unescpaing this is get what the user entered. I am confused between Json and String escape here. Am i? — sridhar kondoji, Aug 13 '14 at 22:42
Remember, what you put is a String literal (ie, between quotes) is different from what you'd have in the String itself. What is the *actual value* in the variable you're converting to JSON?? — Hot Licks, Aug 13 '14 at 22:44
@Hot Licks: I am manually typing the json raw string {"signup":{"firstName":"joe", "lastName":"beedu","email":"jb1407874596956@hotmail.com", "password":"O;\l-wslD6RQ5@M)","confirmPassword":"O;\l-wslD6RQ5@M)", "picImage":[81,109,81,109,109,81,109,109,89]}} and making a restful post with appropriate accet and content type headers "application/json" On the server side, Jackson libraries are doing the magic of converting to JSON and populating my java object. Here i was expecting my java object password bean property to have single back slash. — sridhar kondoji, Aug 13 '14 at 22:52
"Manually typing" still doesn't describe what you're doing. You've got to understand that any sort of string literal will be munged by the compiler, and in many cases printing/displaying will be similarly munged. You can't trust anything other than the numeric values of characters. — Hot Licks, Aug 13 '14 at 23:35
@Hot Links: I appreciate the fact that you are trying to help me, but somewhere there is a disconnect. In my earlier comments i already said the following. "O;\\l-wslD6RQ5@M)".charAt(2) prints '\\' ascii code 92 "O;\\l-wslD6RQ5@M)".charAt(3) prints 'l' ascii code 108 Does this help in any ways? Ny My bigger question is do passwords allowed to have backslashes at all? — sridhar kondoji, Aug 13 '14 at 23:43
Right, and I said that anything you enter as a string literal is not a good simulation of the "real world" of entering from the keyboard into a data entry field. — Hot Licks, Aug 13 '14 at 23:44

Json string handling with back slash

0 Answers0