Remove javaxb dependency from HMACValidator#1802
Conversation
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
- removed unused coveralls plugin - moved plugin and dep versions to properties - grouped depdencies (and versions) per scope - remove redundant maven dependency scope
jeandersonbc
force-pushed
the
fix-hmacvalidator-javaxb
branch
from
4fa1058 to
deea412
Compare
|
|
||
| <!-- Dependency Versions --> | ||
| <!-- Compile --> | ||
| <com.fasterxml.jackson-version>2.21.0</com.fasterxml.jackson-version> |
There was a problem hiding this comment.
just noticing this, but why do we have gson and jackson in the same project?
There was a problem hiding this comment.
GSON only used by the TerminalAPI
There was a problem hiding this comment.
Yeah, I'm also curious about this. We do use it for serialization and deserialization in a few places (.toJson/.fromJson):
- See TerminalCloudAPI
- There is a TerminalAPIGsonBuilder that relies on javax.xml.bind to do this configuration.
I think as part of the bigger migration, we want to stick with a single JSON library.
There was a problem hiding this comment.
Answered my own question 😅
This library uses both serialization stacks for historical and compatibility reasons:
• Jackson is used broadly by the generated API models (com.adyen.model.*.JSON classes with ObjectMapper).
• Gson is still used in specific flows, especially Terminal API and webhook notification helpers (for example TerminalCloudAPI and NotificationRequest#fromJson/toJson).
Edit: forgot to refresh 😆
gcatanese
left a comment
gcatanese
left a comment
There was a problem hiding this comment.
Good work. Some minor suggestions.
Could update the PR title: jaxb dependency is not removed as part of the PR
Run Spotless plugin to format the new test code
Hex.decodeHex(key); throws DecoderException (when there is an error), it is a good idea to explicitly wrap it as IllegalArgumentException instead.
Currently, a bad hex key would throw SignatureException, while IllegalArgumentException is the right one in this error scenario.
jeandersonbc
force-pushed
the
fix-hmacvalidator-javaxb
branch
from
deea412 to
091335d
Compare
This is needed to remove the dependency from javax.xml.bind
jeandersonbc
force-pushed
the
fix-hmacvalidator-javaxb
branch
from
091335d to
429e98a
Compare
| } catch (DecoderException e) { | ||
| throw new IllegalArgumentException("Invalid Hex HMAC key: " + key); |
3 participants
Description
Instead of using javaxb dependency, we can rely on the existing commons-codec for Hex operations.
This is needed for the removal of the javaxb dependency.
The changes are just a patch to the existing code.
In addition, the pom.xml was cleaned:
Tested scenarios