(this example is in Kotlin but should be the same in Java)
I have Spring Boot Post Route like this:
@PostMapping("/data", consumes = [MediaType.APPLICATION_XML_VALUE])
fun pushMasterData(@RequestBody data: Data): Data {
return data
}
My Data dto looks like this:
data class Data(
val item: String
)
I do a POST request to /data
with this body:
<items>
<item>foo</item>
<trash>This should not be allowed!</trash>
</items>
The server accepts that without complaining... Why? And how to fix?
CodePudding user response:
If it's actually Jackson that's deserializing your request bodies, it should be enough to put
spring.jackson.deserialization.fail-on-unknown-properties=true
in your application.properties. (I generally know this, but I additionally looked it up here.)
Also see this question, where someone had the same issue and this solution did not work. There are some other suggestions there. (I found that question by searching for "spring jackson fail on unknown properties", looking for a duplicate. Somewhat surprisingly, there doesn't seem to be one.)