Deserializing into jakarta.json.JsonObject accepts non-object JSON valuesΒ #672
Description
Describe the bug
Jsonb.fromJson(v.toString(), JsonObject.class) works for v of type jakarta.json.JsonValue, regardless of whether it represents a JSON object or not.
To Reproduce
final JsonValue jsonString = Json.createValue("test");
final JsonValue jsonNumber = Json.createValue(1);
Jsonb jsonb = JsonbBuilder.create();
for (JsonValue v : List.of(jsonString, jsonNumber, JsonValue.TRUE, JsonValue.EMPTY_JSON_ARRAY)) {
// Non-object JSON input is "mapped" to JsonObject
JsonValue o = jsonb.fromJson(v.toString(), JsonObject.class);
/*
"test" (class org.eclipse.parsson.JsonStringImpl)
1 (class org.eclipse.parsson.JsonNumberImpl$JsonIntNumber)
true (class jakarta.json.JsonValueImpl)
[] (class org.eclipse.parsson.JsonArrayBuilderImpl$JsonArrayImpl)
*/
System.out.printf("%s (%s)\n", o, o.getClass());
// JSON Processing equivalent fails as expected
Assert.assertThrows(JsonParsingException.class,
() -> Json.createReader(new StringReader(v.toString())).readObject());
}
Expected behavior
Deserializing into JsonObject should be possible only for object input. As per specification, the result should be the same as what is obtained with jakarta.json.JsonReader.
System information:
- OS: Linux
- Java Version: 17
- Wildfly Version: 36.0.1
- Yasson Version: 3.0.4
Additional context
Since the runtime type of the deserialized object represents arbitrary JSON, ClassCastExceptions can occur, e.g. if the deserialized result is assigned to a variable of type jakarta.json.JsonObject.