Hi,
I noticed that if I made a class such as
class Bar {
private final int val;
public Bar(int val) {this.val = val;}
}
I could create a Resource like this:
post("/foo").body(Bar.class).handle(this::createFoo),
with
void createFoo(Bar b) {
}
Now, I can make a post that will be accepted with the data:
This works as expected.
However, if I do the following:
I will get a Bar with a val == 0. I would expect the resource handler to automatically throw a 404, since the data does not conform to the expected requirements (my class cannot be constructed with the data presented).
I see there is a provision for adding mappers, which I assume solves this problem, but this default case is not safe; the client code cannot determine if the value was actually "0", and in fact my ctor for Bar is never called, due to how gson is implemented.
Leaving the methods without mappers the use, in my opinion, is presenting an unsafe interface, given how gson works by default via "unsafe" object construction. So, in other terms, this default behaviour by-passes the invariance rules in my value objects. I question whether it is useful the developer to expose these interfaces as-is, since it is not evident this problem can arise.
https://medium.com/@programmerr47/gson-unsafe-problem-d1ff29d4696f