support jackson 2.17 (#1072)

more changes

Create PR1072.backwards.excludes

Update JsonConfig.scala

Update JacksonJson.scala

Update build.sbt

Update build.sbt

support overriding max string length

Author: pjfanning

build.sbt

@@ -21,12 +21,12 @@ def specs2(scalaVersion: String) =
     ("org.specs2" %% s"specs2-$n" % "4.21.0") % Test
   }
 
-val jacksonDatabindVersion = "2.14.3"
+val jacksonDatabindVersion = "2.19.1"
 val jacksonDatabind        = Seq(
   "com.fasterxml.jackson.core" % "jackson-databind" % jacksonDatabindVersion
 )
 
-val jacksonVersion = "2.14.3"
+val jacksonVersion = jacksonDatabindVersion
 val jacksons       = Seq(
   "com.fasterxml.jackson.core"     % "jackson-core",
   "com.fasterxml.jackson.core"     % "jackson-annotations",

play-json/jvm/src/main/mima-filters/3.1.x.backwards.excludes/PR1072.backwards.excludes

@@ -0,0 +1,2 @@
+# private final class JsonConfigImpl has changed
+ProblemFilters.exclude[MissingTypesProblem]("play.api.libs.json.JsonConfigImpl$")

play-json/jvm/src/main/scala/play/api/libs/json/JsonConfig.scala

@@ -4,6 +4,8 @@
 
 package play.api.libs.json
 
+import com.fasterxml.jackson.core.StreamReadConstraints
+
 import play.api.libs.json.JsonConfig.defaultMaxPlain
 import play.api.libs.json.JsonConfig.defaultMinPlain
 import play.api.libs.json.JsonConfig.defaultDigitsLimit
@@ -103,6 +105,7 @@ private final case class DecimalSerializerSettingsImpl(
 sealed trait JsonConfig {
   def bigDecimalParseConfig: BigDecimalParseConfig
   def bigDecimalSerializerConfig: BigDecimalSerializerConfig
+  def streamReadConstraints: StreamReadConstraints
 }
 
 object JsonConfig {
@@ -168,6 +171,17 @@ object JsonConfig {
    */
   val maxPlainProperty: String = "play.json.serializer.maxPlain"
 
+  /**
+   * The system property to override the max nesting depth for JSON parsing.
+   */
+  val maxNestingDepth: String = "play.json.parser.maxNestingDepth"
+
+  /**
+   * The system property to override the max string length for JSON parsing.
+   * This is used to limit the length of individual strings in JSON documents.
+   */
+  val maxStringLength: String = "play.json.parser.maxStringLength"
+
   /**
    * The system property to override whether zero decimals (e.g. .0 or .00) are written by default. These are dropped by default.
    */
@@ -183,15 +197,30 @@ object JsonConfig {
 
   private[json] def loadMaxPlain: BigDecimal = prop(maxPlainProperty, defaultMaxPlain)(BigDecimal.exact)
 
+  private[json] def loadMaxNestingDepth: Int =
+    prop(maxNestingDepth, StreamReadConstraints.DEFAULT_MAX_DEPTH)(Integer.parseInt)
+
+  private[json] def loadMaxStringLength: Int =
+    prop(maxStringLength, StreamReadConstraints.DEFAULT_MAX_STRING_LEN)(Integer.parseInt)
+
   private[json] def loadPreserveZeroDecimal: Boolean =
     prop(preserveZeroDecimalProperty, defaultPreserveZeroDecimal)(_.toBoolean)
 
+  private[json] val defaultStreamReadConstraints: StreamReadConstraints =
+    StreamReadConstraints
+      .builder()
+      .maxNestingDepth(loadMaxNestingDepth)
+      .maxStringLength(loadMaxStringLength)
+      .maxNumberLength(Int.MaxValue) // play-json has its own support for limiting number length
+      .build()
+
   // Default settings, which can be controlled with system properties.
   // To override, call JacksonJson.setConfig()
   val settings: JsonConfig =
     JsonConfig(
       BigDecimalParseConfig(loadMathContext, loadScaleLimit, loadDigitsLimit),
-      BigDecimalSerializerConfig(loadMinPlain, loadMaxPlain, loadPreserveZeroDecimal)
+      BigDecimalSerializerConfig(loadMinPlain, loadMaxPlain, loadPreserveZeroDecimal),
+      defaultStreamReadConstraints
     )
 
   def apply(): JsonConfig = apply(BigDecimalParseConfig(), BigDecimalSerializerConfig())
@@ -200,7 +229,14 @@ object JsonConfig {
       bigDecimalParseConfig: BigDecimalParseConfig,
       bigDecimalSerializerConfig: BigDecimalSerializerConfig
   ): JsonConfig =
-    JsonConfigImpl(bigDecimalParseConfig, bigDecimalSerializerConfig)
+    JsonConfigImpl(bigDecimalParseConfig, bigDecimalSerializerConfig, defaultStreamReadConstraints)
+
+  def apply(
+      bigDecimalParseConfig: BigDecimalParseConfig,
+      bigDecimalSerializerConfig: BigDecimalSerializerConfig,
+      streamReadConstraints: StreamReadConstraints
+  ): JsonConfig =
+    JsonConfigImpl(bigDecimalParseConfig, bigDecimalSerializerConfig, streamReadConstraints)
 
   private[json] def parseMathContext(key: String): MathContext = sys.props.get(key).map(_.toLowerCase) match {
     case Some("decimal128") => MathContext.DECIMAL128
@@ -220,7 +256,8 @@ object JsonConfig {
 
 private final case class JsonConfigImpl(
     bigDecimalParseConfig: BigDecimalParseConfig,
-    bigDecimalSerializerConfig: BigDecimalSerializerConfig
+    bigDecimalSerializerConfig: BigDecimalSerializerConfig,
+    streamReadConstraints: StreamReadConstraints
 ) extends JsonConfig
 
 @deprecated("Use BigDecimalParseConfig instead", "2.9.4")
@@ -241,7 +278,8 @@ final case class BigDecimalSerializerSettings(
 @deprecated("Use JsonConfig instead", "2.9.4")
 final case class JsonParserSettings(
     bigDecimalParseSettings: BigDecimalParseSettings,
-    bigDecimalSerializerSettings: BigDecimalSerializerSettings
+    bigDecimalSerializerSettings: BigDecimalSerializerSettings,
+    streamReadConstraints: StreamReadConstraints = JsonConfig.defaultStreamReadConstraints
 ) extends JsonConfig {
   override def bigDecimalParseConfig: BigDecimalParseConfig = bigDecimalParseSettings
 

play-json/jvm/src/main/scala/play/api/libs/json/jackson/JacksonJson.scala

@@ -13,7 +13,7 @@ import scala.collection.mutable
 import scala.collection.mutable.ArrayBuffer
 import scala.collection.mutable.ListBuffer
 
-import com.fasterxml.jackson.core.JsonFactory
+import com.fasterxml.jackson.core.JsonFactoryBuilder
 import com.fasterxml.jackson.core.JsonGenerator
 import com.fasterxml.jackson.core.JsonParser
 import com.fasterxml.jackson.core.JsonTokenId
@@ -25,6 +25,7 @@ import com.fasterxml.jackson.databind.Module.SetupContext
 import com.fasterxml.jackson.databind._
 import com.fasterxml.jackson.databind.`type`.TypeFactory
 import com.fasterxml.jackson.databind.deser.Deserializers
+import com.fasterxml.jackson.databind.json.JsonMapper
 import com.fasterxml.jackson.databind.module.SimpleModule
 import com.fasterxml.jackson.databind.ser.Serializers
 
@@ -219,7 +220,7 @@ private[jackson] class JsValueDeserializer(factory: TypeFactory, klass: Class[?]
 
       case JsonTokenId.ID_FIELD_NAME =>
         parserContext match {
-          case (c: ReadingMap) :: stack => (None, c.setField(jp.getCurrentName) +: stack)
+          case (c: ReadingMap) :: stack => (None, c.setField(jp.currentName()) +: stack)
           case _                        => throw new RuntimeException("We should be reading map, something got wrong")
         }
 
@@ -282,9 +283,13 @@ private[json] object JacksonJson {
 }
 
 private[json] case class JacksonJson(jsonConfig: JsonConfig) {
-  private val mapper = (new ObjectMapper).registerModule(new PlayJsonMapperModule(jsonConfig))
-
-  private val jsonFactory = new JsonFactory(mapper)
+  private val jsonFactory = new JsonFactoryBuilder()
+    .streamReadConstraints(jsonConfig.streamReadConstraints)
+    .build()
+  private val mapper = JsonMapper
+    .builder(jsonFactory)
+    .addModule(new PlayJsonMapperModule(jsonConfig))
+    .build()
 
   private def stringJsonGenerator(out: java.io.StringWriter) =
     jsonFactory.createGenerator(out)