SON is a standard format for sharing objects and data within an application. When working in Java, there is no built-in support for JSON processing. There are, however, several widely-used libraries and options to choose from. In this article, we will focus on Jackson, which is one of the most popular.
When protecting applications that use Jackson, it is important to note if Java objects are used to store JSON data (as with Data Binding), or if you are manipulating the JSON data without a corresponding Java object (as with the Jackson Tree Model). This affects configuration of obfuscation settings.
For data bound Java objects (POJOs), we need to preserve get and set methods to ensure proper runtime functionality. If we use the Tree Model to manipulate JSON data without a POJO, we can apply obfuscation without any custom configuration.
Please consider the following example.
Here I serialize and deserialize a JSON formatted string two different ways: one using the Jackson Tree Model without a backing POJO, the other using Data Binding to store JSON data as a POJO.
Below is expected output:
After protecting the jar file, note the Tree Model example runs properly, but the Data Bound example throws an exception:
If, as the error suggests, I allow empty bean values by adding the @JsonInclude(Include.NON_NULL) annotation to my POJO in source, I still end up with null results in the output, which is also not expected behavior.
In order to prevent this, I will exclude the get and set methods of the Car class from Renaming.
After doing so, the protected output runs properly.
Finally, just a quick note about the Removal transform. My default project settings allow Removal on non-public members. The get and set methods of the Car POJO are public in scope. If Removal had been enabled for all members, I would need to configure a similar rule to preserve get and set methods from Removal.
The full example associated with this article can be downloaded here.
If you have any feedback on this topic, or other topics you would like us to discuss in the Support Corner, please feel free to contact our Support Department.