The default String deserializer does not enforce coercion configs · Issue #3240 · FasterXML/jackson-databind (original) (raw)

The default String deserializer does not enforce coercion configs (or feature ALLOW_COERCION_OF_SCALARS).

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.cfg.CoercionAction;
import com.fasterxml.jackson.databind.cfg.CoercionInputShape;
import com.fasterxml.jackson.databind.json.JsonMapper;

ObjectMapper objectMapper = JsonMapper.builder().build();
objectMapper.coercionConfigDefaults()
    .setCoercion(CoercionInputShape.Boolean, CoercionAction.Fail)
    .setCoercion(CoercionInputShape.Integer, CoercionAction.Fail)
    .setCoercion(CoercionInputShape.Float, CoercionAction.Fail)
    .setCoercion(CoercionInputShape.String, CoercionAction.Fail)
    .setCoercion(CoercionInputShape.Array, CoercionAction.Fail)
    .setCoercion(CoercionInputShape.Object, CoercionAction.Fail);

objectMapper.readValue("true", String.class); // should throw MismatchedInputException but doesn't
objectMapper.readValue("1", String.class); // should throw MismatchedInputException but doesn't
objectMapper.readValue("1.0", String.class); // should throw MismatchedInputException but doesn't
objectMapper.readValue("[]", String.class); // throws MismatchedInputException
objectMapper.readValue("{}", String.class); // throws MismatchedInputException

When the source is a scalar value, coercion configs seem to be ignored
https://github.com/FasterXML/jackson-databind/blob/2.13/src/main/java/com/fasterxml/jackson/databind/deser/std/StringDeserializer.java.