Spring issues with configuration of JSON Prefix

Question

I am configuring my Spring project to add JSON Prefix )]}',\n to overcome common vulnerability. I tried configuring per this link, its causing exception while starting up the server. Please help me out resolving this.

@Configuration
@EnableWebMvc
public Class WebAppConfig extends WebMvcConfigurationSupport
{
    public void addPrefixJSON()
    {
        List<HttpMessageConverter<?>> converters = super.getMessageConverters();
        MappingJackson2HttpMessageConverter convert = new MappingJackson2HttpMessageConverter();
        convert.setPrefixJson(true);
        converters.add(convert);
    }
}

and I am getting the follwing exception,

08:01:23,435 ERROR [org.springframework.web.context.ContextLoader] 
(ServerService Thread Pool -- 68) Context initialization failed: 
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMappingHandlerMapping' defined in class path resource 
[org/springframework/web/servlet/config/annotation/DelegatingWebMvcConfiguration.class]: Instantiation of bean failed; nested exception is 
org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public 
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping 
org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport.requestMappingHandlerMapping()] threw exception; nested exception is 
java.lang.ClassCastException: org.springframework.web.accept.ContentNegotiationManagerFactoryBean$$EnhancerByCGLIB$$6af53d42 cannot be cast to 
org.springframework.web.accept.ContentNegotiationManager

I have included <mvc:annotation-driven /> in my spring-servlet.xml Do we have any other manual methods to add the prefix in older version's of Jackson, say Jackson 1.6?

Update:

The problem is fixed with Jackson 2.0 and I'm able to view the prefix in the browser, however I am not able to see the output from angular end.

My configuration is like:

<mvc:annotation-driven content-negotiation-manager="contentManager">
            <mvc:message-converters>
                <bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
                    <property name="jsonPrefix" value=")]}',\n" />
                </bean>
            </mvc:message-converters>
        </mvc:annotation-driven>

and the JSON output is

)]}',\n"{\"userName\":\"ABC\",\"emailId\":\"ABC@gmail.com\"}"

I'm perplexed with this output, besides Angular is not recognizing the output and not able to read the values from this object. Any help would be greatful. Thanks in advance.

Besides, please help me on how to validate this prefix after it has been added to the JSON Response. — Dhananjayan Santhanakrishnan, Sep 01 '15 at 09:45

Sanjay · Answer 1 · 2015-12-26T02:24:41.297

1

In Spring Lemon, simply configuring a bean as below worked for us, rather than the above configuration:

@Bean
public MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter() {

    MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
    converter.setJsonPrefix(")]}',\n");

    return converter;
}

A simple way to verify whether it's working would be to look at the response data, e.g. in the Network tab in chrome.

edited Dec 26 '15 at 02:24

answered Sep 01 '15 at 10:55

Sanjay

8,755
7
46
62

I tried adding this bean configuration in spring-servlet.xml and checked the response in Chrome. I am not able see the prefix attached to the response. Any thoughts on this? – Dhananjayan Santhanakrishnan Sep 01 '15 at 11:16
true This is my configuration in spring-servlet.xml – Dhananjayan Santhanakrishnan Sep 01 '15 at 11:25
Instead of setting `prefixJson` as `true`, I think you could try out as I have done, i.e. setting `jsonPrefix` to `)]}',\n`. – Sanjay Sep 02 '15 at 04:59
I tried doing that, however I get an error stating that `Bean property 'jsonPrefix' is not writable or has invalid setter method` while starting the application. – Dhananjayan Santhanakrishnan Sep 02 '15 at 08:02
Strange, seems to be working in my case. I'm using Spring Boot 1.3.0.M3. – Sanjay Sep 02 '15 at 11:32
My project doesn't have Spring Boot, won't we be able to do that without Spring Boot? @Sanjay – Dhananjayan Santhanakrishnan Sep 02 '15 at 11:41
Yes, it should work without Spring Boot as well. Probably you could try viewing the source code of `MappingJackson2HttpMessageConverter.java` in your IDE to get some clue on why would it give the error. – Sanjay Sep 02 '15 at 11:45
Guess the problem is with my Jackson version. I'm using spring-web-3.2.1.RELEASE.jar and a jackson version 1.6.6, that might be the problem. I am not able to see the String variable jsonPrefix in the source, it only has a boolean variable prefixJson. That might be causing the problem. – Dhananjayan Santhanakrishnan Sep 02 '15 at 12:20
I configured my project with Jackson 2.0, even now I'm not able to see the response prefixed with the string. Could you please let me know if we have any other way to verify that the string is prefixed? – Dhananjayan Santhanakrishnan Sep 07 '15 at 13:04
I couldn't get you, any link would be great? Thank you! – Dhananjayan Santhanakrishnan Sep 08 '15 at 04:33
I meant, using the curl command (http://curl.haxx.se/), you could see the response body for a request. E.g., curl -v http://localhost:8080/some_json would display the response served at /some_json. – Sanjay Sep 08 '15 at 06:26

score 1 · Accepted Answer · answered Mar 28 '17 at 07:32

I'm perplexed with this output, besides Angular is not recognizing the output and not able to read the values from this object. Any help would be greatful.

the issue is related to the Spring xml configuration: it seems that some character are escaped (maybe \n is escaped) so that if you use

<mvc:annotation-driven content-negotiation-manager="contentManager">
            <mvc:message-converters>
                <bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
                    <property name="jsonPrefix" value=")]}',\n" />
                </bean>
            </mvc:message-converters>
        </mvc:annotation-driven>

the prefix is the string )]}',\n instead of )]}', + new line. So a workaround I have used is to create a class (i.e. CustomMappingJackson2HttpMessageConverter) that extends the original one org.springframework.http.converter.json.MappingJackson2HttpMessageConverter and overrides the method setJsonPrefix, like this one:

public class CustomMappingJackson2HttpMessageConverter
        extends org.springframework.http.converter.json.MappingJackson2HttpMessageConverter {

    public CustomMappingJackson2HttpMessageConverter() {
        super();
    }

    public CustomMappingJackson2HttpMessageConverter(ObjectMapper objectMapper) {
        super(objectMapper);
    }

    @Override
    public void setJsonPrefix(String jsonPrefix) {
        super.setJsonPrefix(jsonPrefix+"\n");
    }   

}

and my configuration is:

<mvc:annotation-driven>
        <mvc:message-converters>
             <bean class="mypackage.CustomMappingJackson2HttpMessageConverter">
                 <property name="jsonPrefix" value=")]}'," />
             </bean>
         </mvc:message-converters>
    </mvc:annotation-driven>

in this way you can keep the configuration in the xml file and allow the correct JSON serialization/deserialization for angular that needs 2 lines, the first one for the )]}', characters and the second one for the JSON itself, in this way Angular works perfectly

JSON response in one line

1 )]}',\n["id":1,"name":"Marco"....]

JSON response in two lines

1 )]}',
2 ["id":1,"name":"Marco"....]

AngularJS ver. 1.5.9
Spring MVC ver. 4.2.8

hope this helps

Adding that using MappingJackson2HttpMessageConverter.setPrefixJson(true) might write out the desired characters by default. — Christian, Oct 30 '17 at 06:04

score 1 · Answer 3 · answered Jul 21 '17 at 22:41

You can XML encode the newline character to allow configuring this purely in XML.

<mvc:annotation-driven>
    <mvc:message-converters>
        <bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
            <property name="jsonPrefix" value=")]}',&#10;" />
        </bean>
    </mvc:message-converters>
</mvc:annotation-driven>

Spring issues with configuration of JSON Prefix

3 Answers3

Linked