Security Fix

Introduce a centralized ObjectMapper for Resteasy and Clamp code
so that the automatic Ser/deserialization of all classes is disabled.

Issue-ID: CLAMP-135
Change-Id: I1fb11c8fc8e7a53ef832774fa8c06af1c70d3dad
Signed-off-by: Determe, Sebastien (sd378r) <sd378r@intl.att.com>
diff --git a/pom.xml b/pom.xml
index 86461c5..4b19b80 100644
--- a/pom.xml
+++ b/pom.xml
@@ -42,7 +42,7 @@
            By Default "mvn clean install" command will execute also the unit tests
            and the integration tests. The integration tests require a docker engine running.
 
-           If you want to skip the intergation test you can by doing:
+           If you want to skip the integration test you can by doing:
            "mvn clean install -DskipITs=true"
 
            For Spring it's possible to specify the application.properties location
@@ -472,26 +472,6 @@
 					<artifactId>jboss-jaxrs-api_2.0_spec</artifactId>
 					<version>1.0.1.Final</version>
 				</dependency>
-				<dependency>
-						<artifactId>jackson-databind</artifactId>
-						<groupId>com.fasterxml.jackson.core</groupId>
-						<version>2.9.4</version>
-				</dependency>
-				<dependency>
-						<groupId>com.fasterxml.jackson.core</groupId>
-						<artifactId>jackson-annotations</artifactId>
-						<version>2.9.4</version>
-				</dependency>
-				<dependency>
-						<groupId>com.fasterxml.jackson.core</groupId>
-						<artifactId>jackson-core</artifactId>
-						<version>2.9.4</version>
-				</dependency>
-				<dependency>
-						<groupId>com.fasterxml.jackson.dataformat</groupId>
-						<artifactId>jackson-dataformat-yaml</artifactId>
-						<version>2.9.4</version>
-				</dependency>
 				<!-- Remove the MYSQL connector and replace it by Mariadb -->
 				<dependency>
 						<groupId>org.mariadb.jdbc</groupId>
diff --git a/src/main/java/org/onap/clamp/clds/client/DcaeDispatcherServices.java b/src/main/java/org/onap/clamp/clds/client/DcaeDispatcherServices.java
index 9226604..f20668e 100644
--- a/src/main/java/org/onap/clamp/clds/client/DcaeDispatcherServices.java
+++ b/src/main/java/org/onap/clamp/clds/client/DcaeDispatcherServices.java
@@ -152,6 +152,8 @@
      *            The deployment ID

      * @param serviceTypeId

      *            Service type ID

+     * @param blueprintInput

+     *            The value for each blueprint parameters in a flat JSON

      * @return The status URL

      */

     public String createNewDeployment(String deploymentId, String serviceTypeId) {

diff --git a/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java b/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java
index d501504..ffc9b8e 100644
--- a/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java
+++ b/src/main/java/org/onap/clamp/clds/client/DcaeInventoryServices.java
@@ -26,7 +26,6 @@
 import com.att.eelf.configuration.EELFLogger;

 import com.att.eelf.configuration.EELFManager;

 import com.fasterxml.jackson.core.JsonProcessingException;

-import com.fasterxml.jackson.databind.ObjectMapper;

 import com.fasterxml.jackson.databind.node.ObjectNode;

 

 import java.io.IOException;

@@ -47,6 +46,7 @@
 import org.onap.clamp.clds.model.dcae.DcaeInventoryResponse;

 import org.onap.clamp.clds.model.properties.Global;

 import org.onap.clamp.clds.model.properties.ModelProperties;

+import org.onap.clamp.clds.util.JacksonUtils;

 import org.onap.clamp.clds.util.LoggingUtils;

 import org.springframework.beans.factory.annotation.Autowired;

 import org.springframework.stereotype.Component;

@@ -182,7 +182,7 @@
         LoggingUtils.setResponseContext("0", "Get Dcae Information success", this.getClass().getName());

         LoggingUtils.setTimeContext(startTime, new Date());

         metricsLogger.info("getDcaeInformation complete: number services returned=" + numServices);

-        return new ObjectMapper().readValue(dcaeInventoryResponse, DcaeInventoryResponse.class);

+        return JacksonUtils.getObjectMapperInstance().readValue(dcaeInventoryResponse, DcaeInventoryResponse.class);

     }

 

     /**

@@ -210,8 +210,7 @@
         LoggingUtils.setTargetContext("DCAE", "createDCAEServiceType");

         String typeId = null;

         try {

-            ObjectMapper mapper = new ObjectMapper();

-            ObjectNode dcaeServiceTypeRequest = mapper.createObjectNode();

+            ObjectNode dcaeServiceTypeRequest = JacksonUtils.getObjectMapperInstance().createObjectNode();

             dcaeServiceTypeRequest.put("blueprintTemplate", blueprintTemplate);

             dcaeServiceTypeRequest.put("owner", owner);

             dcaeServiceTypeRequest.put("typeName", typeName);

diff --git a/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcCatalogServices.java b/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcCatalogServices.java
index fd7d096..ce3c8ba 100644
--- a/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcCatalogServices.java
+++ b/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcCatalogServices.java
@@ -74,6 +74,7 @@
 import org.onap.clamp.clds.model.sdc.SdcServiceInfo;

 import org.onap.clamp.clds.service.CldsService;

 import org.onap.clamp.clds.util.CryptoUtils;

+import org.onap.clamp.clds.util.JacksonUtils;

 import org.onap.clamp.clds.util.LoggingUtils;

 import org.springframework.beans.factory.annotation.Autowired;

 import org.springframework.stereotype.Component;

@@ -284,13 +285,12 @@
      *         an empty list

      */

     private List<SdcServiceInfo> getCldsSdcServicesListFromJson(String jsonStr) {

-        ObjectMapper objectMapper = new ObjectMapper();

         if (StringUtils.isBlank(jsonStr)) {

             return new ArrayList<>();

         }

         try {

-            return objectMapper.readValue(jsonStr,

-                    objectMapper.getTypeFactory().constructCollectionType(List.class, SdcServiceInfo.class));

+            return JacksonUtils.getObjectMapperInstance().readValue(jsonStr, JacksonUtils.getObjectMapperInstance()

+                    .getTypeFactory().constructCollectionType(List.class, SdcServiceInfo.class));

         } catch (IOException e) {

             logger.error("Error when attempting to decode the JSON containing CldsSdcServiceInfo", e);

             return new ArrayList<>();

@@ -306,13 +306,12 @@
      *         issues

      */

     private List<SdcResourceBasicInfo> getAllSdcResourcesListFromJson(String jsonStr) {

-        ObjectMapper objectMapper = new ObjectMapper();

         if (StringUtils.isBlank(jsonStr)) {

             return new ArrayList<>();

         }

         try {

-            return objectMapper.readValue(jsonStr,

-                    objectMapper.getTypeFactory().constructCollectionType(List.class, SdcResourceBasicInfo.class));

+            return JacksonUtils.getObjectMapperInstance().readValue(jsonStr, JacksonUtils.getObjectMapperInstance()

+                    .getTypeFactory().constructCollectionType(List.class, SdcResourceBasicInfo.class));

         } catch (IOException e) {

             logger.error("Exception occurred when attempting to decode the list of CldsSdcResourceBasicInfo JSON", e);

             return new ArrayList<>();

@@ -326,9 +325,8 @@
      * @return

      */

     public SdcServiceDetail decodeCldsSdcServiceDetailFromJson(String jsonStr) {

-        ObjectMapper objectMapper = new ObjectMapper();

         try {

-            return objectMapper.readValue(jsonStr, SdcServiceDetail.class);

+            return JacksonUtils.getObjectMapperInstance().readValue(jsonStr, SdcServiceDetail.class);

         } catch (IOException e) {

             logger.error("Exception when attempting to decode the CldsSdcServiceDetail JSON", e);

             return null;

@@ -470,12 +468,12 @@
         String serviceUuid = getServiceUuidFromServiceInvariantId(invariantServiceUuid);

         String serviceDetailUrl = url + "/" + serviceUuid + SDC_METADATA_URL_PREFIX;

         String responseStr = getCldsServicesOrResourcesBasedOnURL(serviceDetailUrl);

-        ObjectMapper objectMapper = new ObjectMapper();

         CldsServiceData cldsServiceData = new CldsServiceData();

         if (responseStr != null) {

             SdcServiceDetail cldsSdcServiceDetail;

             try {

-                cldsSdcServiceDetail = objectMapper.readValue(responseStr, SdcServiceDetail.class);

+                cldsSdcServiceDetail = JacksonUtils.getObjectMapperInstance().readValue(responseStr,

+                        SdcServiceDetail.class);

             } catch (IOException e) {

                 logger.error("Exception when decoding the CldsServiceData JSON from SDC", e);

                 throw new SdcCommunicationException("Exception when decoding the CldsServiceData JSON from SDC", e);

@@ -568,11 +566,10 @@
         }

     }

 

-    private List<CldsVfcData> getVfcDataListFromVfResponse(String vfResponse) throws GeneralSecurityException {

-        ObjectMapper mapper = new ObjectMapper();

+    private List<CldsVfcData> getVfcDataListFromVfResponse(String vfResponse) {

         ObjectNode vfResponseNode;

         try {

-            vfResponseNode = (ObjectNode) mapper.readTree(vfResponse);

+            vfResponseNode = (ObjectNode) JacksonUtils.getObjectMapperInstance().readTree(vfResponse);

         } catch (IOException e) {

             logger.error("Exception when decoding the JSON list of CldsVfcData", e);

             return new ArrayList<>();

@@ -614,8 +611,7 @@
             String vfcResourceUUIDUrl = catalogUrl + RESOURCE_URL_PREFIX + "/" + resourceUUID + SDC_METADATA_URL_PREFIX;

             try {

                 String vfcResponse = getCldsServicesOrResourcesBasedOnURL(vfcResourceUUIDUrl);

-                ObjectMapper mapper = new ObjectMapper();

-                ObjectNode vfResponseNode = (ObjectNode) mapper.readTree(vfcResponse);

+                ObjectNode vfResponseNode = (ObjectNode) JacksonUtils.getObjectMapperInstance().readTree(vfcResponse);

                 ArrayNode vfcArrayNode = (ArrayNode) vfResponseNode.get("resources");

                 if (vfcArrayNode != null) {

                     for (JsonNode vfcjsonNode : vfcArrayNode) {

@@ -639,10 +635,9 @@
 

     private List<CldsAlarmCondition> getAlarmCondtionsFromVfc(String vfcResponse) throws GeneralSecurityException {

         List<CldsAlarmCondition> cldsAlarmConditionList = new ArrayList<>();

-        ObjectMapper mapper = new ObjectMapper();

         ObjectNode vfcResponseNode;

         try {

-            vfcResponseNode = (ObjectNode) mapper.readTree(vfcResponse);

+            vfcResponseNode = (ObjectNode) JacksonUtils.getObjectMapperInstance().readTree(vfcResponse);

         } catch (IOException e) {

             logger.error("Exception when decoding the JSON list of CldsAlarmCondition", e);

             return cldsAlarmConditionList;

@@ -684,10 +679,9 @@
     // Method to get the artifact for any particular VF

     private List<CldsVfKPIData> getFieldPathFromVF(String vfResponse) throws GeneralSecurityException {

         List<CldsVfKPIData> cldsVfKPIDataList = new ArrayList<>();

-        ObjectMapper mapper = new ObjectMapper();

         ObjectNode vfResponseNode;

         try {

-            vfResponseNode = (ObjectNode) mapper.readTree(vfResponse);

+            vfResponseNode = (ObjectNode) JacksonUtils.getObjectMapperInstance().readTree(vfResponse);

         } catch (IOException e) {

             logger.error("Exception when decoding the JSON list of CldsVfKPIData", e);

             return cldsVfKPIDataList;

@@ -846,24 +840,23 @@
      */

     public String createPropertiesObjectByUUID(CldsServiceData cldsServiceData) throws IOException {

         String totalPropsStr;

-        ObjectMapper mapper = new ObjectMapper();

+        ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();

         ObjectNode globalPropsJson = (ObjectNode) refProp.getJsonTemplate(CldsService.GLOBAL_PROPERTIES_KEY);

         if (cldsServiceData != null && cldsServiceData.getServiceUUID() != null) {

             // Objectnode to save all byservice, byvf , byvfc and byalarm nodes

             ObjectNode byIdObjectNode = mapper.createObjectNode();

             // To create vf ResourceUUID node with serviceInvariantUUID

-            ObjectNode invariantUuidObjectNodeWithVf = createVfObjectNodeByServiceInvariantUuid(mapper,

-                    cldsServiceData);

+            ObjectNode invariantUuidObjectNodeWithVf = createVfObjectNodeByServiceInvariantUuid(cldsServiceData);

             byIdObjectNode.putPOJO("byService", invariantUuidObjectNodeWithVf);

             // To create byVf and vfcResourceNode with vfResourceUUID

-            ObjectNode vfcObjectNodeByVfUuid = createVfcObjectNodeByVfUuid(mapper, cldsServiceData.getCldsVfs());

+            ObjectNode vfcObjectNodeByVfUuid = createVfcObjectNodeByVfUuid(cldsServiceData.getCldsVfs());

             byIdObjectNode.putPOJO("byVf", vfcObjectNodeByVfUuid);

             // To create byKpi

             ObjectNode kpiObjectNode = mapper.createObjectNode();

             if (cldsServiceData.getCldsVfs() != null && !cldsServiceData.getCldsVfs().isEmpty()) {

                 for (CldsVfData currCldsVfData : cldsServiceData.getCldsVfs()) {

                     if (currCldsVfData != null) {

-                        createKpiObjectNodeByVfUuid(mapper, kpiObjectNode, currCldsVfData.getCldsKPIList());

+                        createKpiObjectNodeByVfUuid(kpiObjectNode, currCldsVfData.getCldsKPIList());

                     }

                 }

             }

@@ -873,8 +866,7 @@
             if (cldsServiceData.getCldsVfs() != null && !cldsServiceData.getCldsVfs().isEmpty()) {

                 for (CldsVfData currCldsVfData : cldsServiceData.getCldsVfs()) {

                     if (currCldsVfData != null) {

-                        createAlarmCondObjectNodeByVfcUuid(mapper, vfcResourceUuidObjectNode,

-                                currCldsVfData.getCldsVfcs());

+                        createAlarmCondObjectNodeByVfcUuid(vfcResourceUuidObjectNode, currCldsVfData.getCldsVfcs());

                     }

                 }

             }

@@ -882,12 +874,12 @@
             // To create byAlarmCondition with alarmConditionKey

             List<CldsAlarmCondition> allAlarmConditions = getAllAlarmConditionsFromCldsServiceData(cldsServiceData,

                     "alarmCondition");

-            ObjectNode alarmCondObjectNodeByAlarmKey = createAlarmCondObjectNodeByAlarmKey(mapper, allAlarmConditions);

+            ObjectNode alarmCondObjectNodeByAlarmKey = createAlarmCondObjectNodeByAlarmKey(allAlarmConditions);

             byIdObjectNode.putPOJO("byAlarmCondition", alarmCondObjectNodeByAlarmKey);

             // To create byAlertDescription with AlertDescription

             List<CldsAlarmCondition> allAlertDescriptions = getAllAlarmConditionsFromCldsServiceData(cldsServiceData,

                     "alertDescription");

-            ObjectNode alertDescObjectNodeByAlert = createAlarmCondObjectNodeByAlarmKey(mapper, allAlertDescriptions);

+            ObjectNode alertDescObjectNodeByAlert = createAlarmCondObjectNodeByAlarmKey(allAlertDescriptions);

             byIdObjectNode.putPOJO("byAlertDescription", alertDescObjectNodeByAlert);

             globalPropsJson.putPOJO("shared", byIdObjectNode);

             logger.info("Global properties JSON created with SDC info:" + globalPropsJson);

@@ -963,8 +955,8 @@
         return alarmCondList;

     }

 

-    private ObjectNode createAlarmCondObjectNodeByAlarmKey(ObjectMapper mapper,

-            List<CldsAlarmCondition> cldsAlarmCondList) {

+    private ObjectNode createAlarmCondObjectNodeByAlarmKey(List<CldsAlarmCondition> cldsAlarmCondList) {

+        ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();

         ObjectNode alarmCondKeyNode = mapper.createObjectNode();

         if (cldsAlarmCondList != null && !cldsAlarmCondList.isEmpty()) {

             for (CldsAlarmCondition currCldsAlarmCondition : cldsAlarmCondList) {

@@ -984,7 +976,8 @@
         return alarmCondKeyNode;

     }

 

-    private ObjectNode createVfObjectNodeByServiceInvariantUuid(ObjectMapper mapper, CldsServiceData cldsServiceData) {

+    private ObjectNode createVfObjectNodeByServiceInvariantUuid(CldsServiceData cldsServiceData) {

+        ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();

         ObjectNode invariantUuidObjectNode = mapper.createObjectNode();

         ObjectNode vfObjectNode = mapper.createObjectNode();

         ObjectNode vfUuidNode = mapper.createObjectNode();

@@ -1003,8 +996,9 @@
         return invariantUuidObjectNode;

     }

 

-    private void createKpiObjectNodeByVfUuid(ObjectMapper mapper, ObjectNode vfResourceUuidObjectNode,

+    private void createKpiObjectNodeByVfUuid(ObjectNode vfResourceUuidObjectNode,

             List<CldsVfKPIData> cldsVfKpiDataList) {

+        ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();

         if (cldsVfKpiDataList != null && !cldsVfKpiDataList.isEmpty()) {

             for (CldsVfKPIData currCldsVfKpiData : cldsVfKpiDataList) {

                 if (currCldsVfKpiData != null) {

@@ -1022,8 +1016,9 @@
         }

     }

 

-    private void createAlarmCondObjectNodeByVfcUuid(ObjectMapper mapper, ObjectNode vfcResourceUuidObjectNode,

+    private void createAlarmCondObjectNodeByVfcUuid(ObjectNode vfcResourceUuidObjectNode,

             List<CldsVfcData> cldsVfcDataList) {

+        ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();

         ObjectNode vfcObjectNode = mapper.createObjectNode();

         ObjectNode alarmCondNode = mapper.createObjectNode();

         ObjectNode alertDescNode = mapper.createObjectNode();

@@ -1063,7 +1058,8 @@
      * @param cldsVfDataList

      * @return

      */

-    private ObjectNode createVfcObjectNodeByVfUuid(ObjectMapper mapper, List<CldsVfData> cldsVfDataList) {

+    private ObjectNode createVfcObjectNodeByVfUuid(List<CldsVfData> cldsVfDataList) {

+        ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();

         ObjectNode vfUuidObjectNode = mapper.createObjectNode();

         if (cldsVfDataList != null && !cldsVfDataList.isEmpty()) {

             for (CldsVfData currCldsVfData : cldsVfDataList) {

diff --git a/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcRequests.java b/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcRequests.java
index e34b7e9..c76607a 100644
--- a/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcRequests.java
+++ b/src/main/java/org/onap/clamp/clds/client/req/sdc/SdcRequests.java
@@ -47,6 +47,7 @@
 import org.onap.clamp.clds.model.properties.Tca;
 import org.onap.clamp.clds.model.sdc.SdcResource;
 import org.onap.clamp.clds.model.sdc.SdcServiceDetail;
+import org.onap.clamp.clds.util.JacksonUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -95,7 +96,7 @@
      * @return SDC Locations request in the JSON Format
      */
     public String formatSdcLocationsReq(ModelProperties prop, String artifactName) {
-        ObjectMapper objectMapper = new ObjectMapper();
+        ObjectMapper objectMapper = JacksonUtils.getObjectMapperInstance();
         Global global = prop.getGlobal();
         List<String> locationsList = global.getLocation();
         ArrayNode locationsArrayNode = objectMapper.createArrayNode();
@@ -203,9 +204,8 @@
      *             In case of issues with the Json parser
      */
     protected String getYamlvalue(String jsonGlobal) throws IOException {
-        ObjectMapper objectMapper = new ObjectMapper();
         String yamlFileValue = "";
-        ObjectNode root = objectMapper.readValue(jsonGlobal, ObjectNode.class);
+        ObjectNode root = JacksonUtils.getObjectMapperInstance().readValue(jsonGlobal, ObjectNode.class);
         Iterator<Entry<String, JsonNode>> entryItr = root.fields();
         while (entryItr.hasNext()) {
             Entry<String, JsonNode> entry = entryItr.next();
diff --git a/src/main/java/org/onap/clamp/clds/config/ClampProperties.java b/src/main/java/org/onap/clamp/clds/config/ClampProperties.java
index 66f35ac..1c1bd7f 100644
--- a/src/main/java/org/onap/clamp/clds/config/ClampProperties.java
+++ b/src/main/java/org/onap/clamp/clds/config/ClampProperties.java
@@ -24,13 +24,13 @@
 package org.onap.clamp.clds.config;
 
 import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
 
 import java.io.IOException;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
 
 import org.apache.commons.io.IOUtils;
+import org.onap.clamp.clds.util.JacksonUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.core.env.Environment;
@@ -88,9 +88,10 @@
      *             In case of issues with the JSON parser
      */
     public JsonNode getJsonTemplate(String key) throws IOException {
-        ObjectMapper objectMapper = new ObjectMapper();
         String fileReference = getStringValue(key);
-        return (fileReference != null) ? objectMapper.readValue(getFileContentFromPath(fileReference), JsonNode.class)
+        return (fileReference != null)
+                ? JacksonUtils.getObjectMapperInstance().readValue(getFileContentFromPath(fileReference),
+                        JsonNode.class)
                 : null;
     }
 
@@ -108,9 +109,10 @@
      *             In case of issues with the JSON parser
      */
     public JsonNode getJsonTemplate(String key1, String key2) throws IOException {
-        ObjectMapper objectMapper = new ObjectMapper();
         String fileReference = getStringValue(key1, key2);
-        return (fileReference != null) ? objectMapper.readValue(getFileContentFromPath(fileReference), JsonNode.class)
+        return (fileReference != null)
+                ? JacksonUtils.getObjectMapperInstance().readValue(getFileContentFromPath(fileReference),
+                        JsonNode.class)
                 : null;
     }
 
diff --git a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java
index bb1b9d1..28f9e94 100644
--- a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java
+++ b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * ONAP CLAMP
  * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
  *                             reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License"); 
@@ -23,8 +23,6 @@
 
 package org.onap.clamp.clds.config;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
-
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
@@ -32,6 +30,7 @@
 import org.apache.commons.io.IOUtils;
 import org.onap.clamp.clds.exception.CldsUsersException;
 import org.onap.clamp.clds.service.CldsUser;
+import org.onap.clamp.clds.util.JacksonUtils;
 
 public class CldsUserJsonDecoder {
 
@@ -56,7 +55,7 @@
         try {
             // the ObjectMapper readValue method closes the stream no need to do
             // it
-            return new ObjectMapper().readValue(cldsUsersString, CldsUser[].class);
+            return JacksonUtils.getObjectMapperInstance().readValue(cldsUsersString, CldsUser[].class);
         } catch (IOException e) {
             throw new CldsUsersException("Exception occurred during the decoding of the clds-users.json", e);
         }
diff --git a/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java b/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java
index a78e895..9274f82 100644
--- a/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java
+++ b/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java
@@ -24,12 +24,13 @@
 package org.onap.clamp.clds.config.sdc;
 
 import com.fasterxml.jackson.core.type.TypeReference;
-import com.fasterxml.jackson.databind.ObjectMapper;
 
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.List;
 
+import org.onap.clamp.clds.util.JacksonUtils;
+
 /**
  * This class is used to decode the configuration found in
  * application.properties, this is related to the blueprint mapping
@@ -65,6 +66,6 @@
     public static List<BlueprintParserMappingConfiguration> createFromJson(InputStream json) throws IOException {
         TypeReference<List<BlueprintParserMappingConfiguration>> mapType = new TypeReference<List<BlueprintParserMappingConfiguration>>() {
         };
-        return new ObjectMapper().readValue(json, mapType);
+        return JacksonUtils.getObjectMapperInstance().readValue(json, mapType);
     }
 }
diff --git a/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java b/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java
index f5c658c..fdc0074 100644
--- a/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java
+++ b/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java
@@ -26,7 +26,6 @@
 import com.att.eelf.configuration.EELFLogger;
 import com.att.eelf.configuration.EELFManager;
 import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
 
 import java.io.IOException;
 import java.util.HashMap;
@@ -35,6 +34,7 @@
 import javax.annotation.PostConstruct;
 
 import org.onap.clamp.clds.exception.sdc.controller.SdcParametersException;
+import org.onap.clamp.clds.util.JacksonUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.ApplicationContext;
@@ -65,7 +65,7 @@
     public void loadConfiguration() throws IOException {
         Resource resource = appContext.getResource(sdcControllerFile);
         // Try to load json tree
-        jsonRootNode = new ObjectMapper().readValue(resource.getInputStream(), JsonNode.class);
+        jsonRootNode = JacksonUtils.getObjectMapperInstance().readValue(resource.getInputStream(), JsonNode.class);
     }
 
     public SdcSingleControllerConfiguration getSdcSingleControllerConfiguration(String controllerName) {
diff --git a/src/main/java/org/onap/clamp/clds/model/CldsModel.java b/src/main/java/org/onap/clamp/clds/model/CldsModel.java
index 34876bb..a2c8f72 100644
--- a/src/main/java/org/onap/clamp/clds/model/CldsModel.java
+++ b/src/main/java/org/onap/clamp/clds/model/CldsModel.java
@@ -26,7 +26,6 @@
 import com.att.eelf.configuration.EELFLogger;
 import com.att.eelf.configuration.EELFManager;
 import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
 
 import java.io.IOException;
 import java.util.ArrayList;
@@ -37,6 +36,7 @@
 import javax.ws.rs.NotFoundException;
 
 import org.onap.clamp.clds.dao.CldsDao;
+import org.onap.clamp.clds.util.JacksonUtils;
 
 /**
  * Represent a CLDS Model.
@@ -239,7 +239,7 @@
         boolean result = false;
         try {
             if (propText != null) {
-                JsonNode modelJson = new ObjectMapper().readTree(propText);
+                JsonNode modelJson = JacksonUtils.getObjectMapperInstance().readTree(propText);
                 JsonNode simpleModelJson = modelJson.get("simpleModel");
                 if (simpleModelJson != null && simpleModelJson.asBoolean()) {
                     result = true;
diff --git a/src/main/java/org/onap/clamp/clds/model/properties/ModelBpmn.java b/src/main/java/org/onap/clamp/clds/model/properties/ModelBpmn.java
index 2b86b3f..89883c4 100644
--- a/src/main/java/org/onap/clamp/clds/model/properties/ModelBpmn.java
+++ b/src/main/java/org/onap/clamp/clds/model/properties/ModelBpmn.java
@@ -26,7 +26,6 @@
 import com.att.eelf.configuration.EELFLogger;
 import com.att.eelf.configuration.EELFManager;
 import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ArrayNode;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 
@@ -40,6 +39,7 @@
 
 import org.onap.clamp.clds.exception.ModelBpmnException;
 import org.onap.clamp.clds.service.CldsService;
+import org.onap.clamp.clds.util.JacksonUtils;
 
 /**
  * Parse Model BPMN properties.
@@ -47,15 +47,15 @@
  * Example json: {"policy" :[{"id":"Policy_0oxeocn", "from":"StartEvent_1"}]}
  */
 public class ModelBpmn {
-    protected static final EELFLogger               logger        = EELFManager.getInstance()
-            .getLogger(CldsService.class);
-    protected static final EELFLogger               auditLogger   = EELFManager.getInstance().getAuditLogger();
+
+    protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsService.class);
+    protected static final EELFLogger auditLogger = EELFManager.getInstance().getAuditLogger();
     // for each type, an array of entries
     private final Map<String, List<ModelBpmnEntry>> entriesByType = new HashMap<>();
     // for each id, an array of entries
-    private final Map<String, List<ModelBpmnEntry>> entriesById   = new HashMap<>();
+    private final Map<String, List<ModelBpmnEntry>> entriesById = new HashMap<>();
     // List of all elementIds
-    private List<String>                            bpmnElementIds;
+    private List<String> bpmnElementIds;
 
     /**
      * Create ModelBpmn and populate maps from json
@@ -66,8 +66,7 @@
     public static ModelBpmn create(String modelBpmnPropText) {
         try {
             ModelBpmn modelBpmn = new ModelBpmn();
-            ObjectMapper objectMapper = new ObjectMapper();
-            ObjectNode root = objectMapper.readValue(modelBpmnPropText, ObjectNode.class);
+            ObjectNode root = JacksonUtils.getObjectMapperInstance().readValue(modelBpmnPropText, ObjectNode.class);
             // iterate over each entry like:
             // "Policy":[{"id":"Policy","from":"StartEvent_1"}]
             Iterator<Entry<String, JsonNode>> entryItr = root.fields();
diff --git a/src/main/java/org/onap/clamp/clds/model/properties/ModelProperties.java b/src/main/java/org/onap/clamp/clds/model/properties/ModelProperties.java
index f9b1c25..cc6f02d 100644
--- a/src/main/java/org/onap/clamp/clds/model/properties/ModelProperties.java
+++ b/src/main/java/org/onap/clamp/clds/model/properties/ModelProperties.java
@@ -26,7 +26,6 @@
 import com.att.eelf.configuration.EELFLogger;
 import com.att.eelf.configuration.EELFManager;
 import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
 
 import java.io.IOException;
 import java.lang.reflect.InvocationTargetException;
@@ -41,6 +40,7 @@
 import org.onap.clamp.clds.model.CldsEvent;
 import org.onap.clamp.clds.model.CldsModel;
 import org.onap.clamp.clds.service.CldsService;
+import org.onap.clamp.clds.util.JacksonUtils;
 
 /**
  * Parse model properties.
@@ -96,7 +96,7 @@
             this.actionCd = actionCd;
             this.testOnly = isATest;
             modelBpmn = ModelBpmn.create(modelBpmnText);
-            modelJson = new ObjectMapper().readTree(modelPropText);
+            modelJson = JacksonUtils.getObjectMapperInstance().readTree(modelPropText);
             instantiateMissingModelElements();
         } catch (IOException e) {
             throw new ModelBpmnException("Exception occurred when trying to decode the BPMN Properties JSON", e);
@@ -141,8 +141,7 @@
     public static String getVf(CldsModel model) {
         List<String> vfs = null;
         try {
-            ObjectMapper mapper = new ObjectMapper();
-            JsonNode modelJson = mapper.readTree(model.getPropText());
+            JsonNode modelJson = JacksonUtils.getObjectMapperInstance().readTree(model.getPropText());
             Global global = new Global(modelJson);
             vfs = global.getResourceVf();
         } catch (IOException e) {
diff --git a/src/main/java/org/onap/clamp/clds/service/CldsService.java b/src/main/java/org/onap/clamp/clds/service/CldsService.java
index c23d2ec..e828f84 100644
--- a/src/main/java/org/onap/clamp/clds/service/CldsService.java
+++ b/src/main/java/org/onap/clamp/clds/service/CldsService.java
@@ -85,6 +85,7 @@
 import org.onap.clamp.clds.model.sdc.SdcServiceDetail;
 import org.onap.clamp.clds.model.sdc.SdcServiceInfo;
 import org.onap.clamp.clds.transform.XslTransformer;
+import org.onap.clamp.clds.util.JacksonUtils;
 import org.onap.clamp.clds.util.LoggingUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
@@ -426,7 +427,8 @@
                 if (template != null) {
                     model.setTemplateId(template.getId());
                     model.setDocText(template.getPropText());
-                    // This is to provide the Bpmn XML when Template part in UI is
+                    // This is to provide the Bpmn XML when Template part in UI
+                    // is
                     // disabled
                     model.setBpmnText(template.getBpmnText());
                 }
@@ -441,7 +443,8 @@
             String controlName = model.getControlName();
             String bpmnJson = cldsBpmnTransformer.doXslTransformToString(bpmn);
             logger.info("PUT bpmnJson={}", bpmnJson);
-            // Flag indicates whether it is triggered by Validation Test button from
+            // Flag indicates whether it is triggered by Validation Test button
+            // from
             // UI
             boolean isTest = false;
             if (test != null && test.equalsIgnoreCase("true")) {
@@ -466,8 +469,8 @@
             logger.info("modelProp - " + prop);
             logger.info("docText - " + docText);
             try {
-                String result = camelProxy.submit(actionCd, prop, bpmnJson, modelName, controlName, docText, isTest, userId,
-                        isInsertTestEvent);
+                String result = camelProxy.submit(actionCd, prop, bpmnJson, modelName, controlName, docText, isTest,
+                        userId, isInsertTestEvent);
                 logger.info("Starting Camel flow on request, result is: ", result);
             } catch (SdcCommunicationException | PolicyClientException | BadRequestException e) {
                 errorCase = true;
@@ -478,7 +481,8 @@
             if (!isTest && (actionCd.equalsIgnoreCase(CldsEvent.ACTION_SUBMIT)
                     || actionCd.equalsIgnoreCase(CldsEvent.ACTION_RESUBMIT)
                     || actionCd.equalsIgnoreCase(CldsEvent.ACTION_SUBMITDCAE))) {
-                // To verify inventory status and modify model status to distribute
+                // To verify inventory status and modify model status to
+                // distribute
                 dcaeInventoryServices.setEventInventory(retrievedModel, getUserId());
                 retrievedModel.save(cldsDao, getUserId());
             }
@@ -490,7 +494,6 @@
             errorCase = true;
             logger.error("Exception occured during putModelAndProcessAction", e);
         }
-
         if (errorCase) {
             return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(retrievedModel).build();
         }
@@ -675,7 +678,7 @@
         if (StringUtils.isBlank(responseStr)) {
             return "";
         }
-        ObjectMapper objectMapper = new ObjectMapper();
+        ObjectMapper objectMapper = JacksonUtils.getObjectMapperInstance();
         List<SdcServiceInfo> rawList = objectMapper.readValue(responseStr,
                 objectMapper.getTypeFactory().constructCollectionType(List.class, SdcServiceInfo.class));
         ObjectNode invariantIdServiceNode = objectMapper.createObjectNode();
@@ -695,26 +698,26 @@
     }
 
     private String createPropertiesObjectByUUID(String cldsResponseStr) throws IOException {
-        ObjectMapper mapper = new ObjectMapper();
+        ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
         SdcServiceDetail cldsSdcServiceDetail = mapper.readValue(cldsResponseStr, SdcServiceDetail.class);
         ObjectNode globalPropsJson = (ObjectNode) refProp.getJsonTemplate(GLOBAL_PROPERTIES_KEY);
         if (cldsSdcServiceDetail != null && cldsSdcServiceDetail.getUuid() != null) {
             /**
              * to create json with vf, alarm and locations
              */
-            ObjectNode serviceObjectNode = createEmptyVfAlarmObject(mapper);
+            ObjectNode serviceObjectNode = createEmptyVfAlarmObject();
             ObjectNode vfObjectNode = mapper.createObjectNode();
             /**
              * to create json with vf and vfresourceId
              */
-            createVfObjectNode(vfObjectNode, mapper, cldsSdcServiceDetail.getResources());
+            createVfObjectNode(vfObjectNode, cldsSdcServiceDetail.getResources());
             serviceObjectNode.putPOJO(cldsSdcServiceDetail.getInvariantUUID(), vfObjectNode);
             ObjectNode byServiceBasicObjetNode = mapper.createObjectNode();
             byServiceBasicObjetNode.putPOJO("byService", serviceObjectNode);
             /**
              * to create json with VFC Node
              */
-            ObjectNode emptyvfcobjectNode = createByVFCObjectNode(mapper, cldsSdcServiceDetail.getResources());
+            ObjectNode emptyvfcobjectNode = createByVFCObjectNode(cldsSdcServiceDetail.getResources());
             byServiceBasicObjetNode.putPOJO("byVf", emptyvfcobjectNode);
             globalPropsJson.putPOJO("shared", byServiceBasicObjetNode);
             logger.info("valuie of objNode: {}", globalPropsJson);
@@ -722,7 +725,8 @@
         return globalPropsJson.toString();
     }
 
-    private ObjectNode createEmptyVfAlarmObject(ObjectMapper mapper) {
+    private ObjectNode createEmptyVfAlarmObject() {
+        ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
         ObjectNode emptyObjectNode = mapper.createObjectNode();
         emptyObjectNode.put("", "");
         ObjectNode vfObjectNode = mapper.createObjectNode();
@@ -734,8 +738,8 @@
         return emptyServiceObjectNode;
     }
 
-    private void createVfObjectNode(ObjectNode vfObjectNode2, ObjectMapper mapper,
-            List<SdcResource> rawCldsSdcResourceList) {
+    private void createVfObjectNode(ObjectNode vfObjectNode2, List<SdcResource> rawCldsSdcResourceList) {
+        ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
         ObjectNode vfNode = mapper.createObjectNode();
         vfNode.put("", "");
         // To remove repeated resource instance name from
@@ -782,7 +786,8 @@
         vfObjectNode2.putPOJO("alarmCondition", alarmStringJsonNode);
     }
 
-    private ObjectNode createByVFCObjectNode(ObjectMapper mapper, List<SdcResource> cldsSdcResourceList) {
+    private ObjectNode createByVFCObjectNode(List<SdcResource> cldsSdcResourceList) {
+        ObjectMapper mapper = JacksonUtils.getObjectMapperInstance();
         ObjectNode emptyObjectNode = mapper.createObjectNode();
         ObjectNode emptyvfcobjectNode = mapper.createObjectNode();
         ObjectNode vfCObjectNode = mapper.createObjectNode();
@@ -804,8 +809,7 @@
     @Path("/deploy/{modelName}")
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
-    public Response deployModel(@PathParam("modelName") String modelName,
-            CldsModel model) {
+    public Response deployModel(@PathParam("modelName") String modelName, CldsModel model) {
         Date startTime = new Date();
         LoggingUtils.setRequestContext("CldsService: Deploy model", getPrincipalName());
         Boolean errorCase = false;
@@ -861,7 +865,6 @@
             errorCase = true;
             logger.error("Exception occured during deployModel", e);
         }
-
         if (errorCase) {
             return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(model).build();
         }
@@ -872,11 +875,9 @@
     @Path("/undeploy/{modelName}")
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
-    public Response unDeployModel(@PathParam("modelName") String modelName,
-            CldsModel model) {
+    public Response unDeployModel(@PathParam("modelName") String modelName, CldsModel model) {
         Date startTime = new Date();
         LoggingUtils.setRequestContext("CldsService: Undeploy model", getPrincipalName());
-
         Boolean errorCase = false;
         try {
             String operationStatusUndeployUrl = dcaeDispatcherServices.deleteExistingDeployment(model.getDeploymentId(),
@@ -916,7 +917,6 @@
             errorCase = true;
             logger.error("Exception occured during unDeployModel", e);
         }
-
         if (errorCase) {
             return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(model).build();
         }
@@ -924,15 +924,13 @@
     }
 
     private void checkForDuplicateServiceVf(String modelName, String modelPropText) throws IOException {
-        JsonNode modelJson = new ObjectMapper().readTree(modelPropText);
-        JsonNode globalNode = modelJson.get("global");
+        JsonNode globalNode = JacksonUtils.getObjectMapperInstance().readTree(modelPropText).get("global");
         String service = AbstractModelElement.getValueByName(globalNode, "service");
         List<String> resourceVf = AbstractModelElement.getValuesByName(globalNode, "vf");
         if (service != null && resourceVf != null && !resourceVf.isEmpty()) {
             List<CldsModelProp> cldsModelPropList = cldsDao.getDeployedModelProperties();
             for (CldsModelProp cldsModelProp : cldsModelPropList) {
-                JsonNode currentJson = new ObjectMapper().readTree(cldsModelProp.getPropText());
-                JsonNode currentNode = currentJson.get("global");
+                JsonNode currentNode = JacksonUtils.getObjectMapperInstance().readTree(cldsModelProp.getPropText()).get("global");
                 String currentService = AbstractModelElement.getValueByName(currentNode, "service");
                 List<String> currentVf = AbstractModelElement.getValuesByName(currentNode, "vf");
                 if (currentVf != null && !currentVf.isEmpty()) {
diff --git a/src/main/java/org/onap/clamp/clds/service/JacksonObjectMapperProvider.java b/src/main/java/org/onap/clamp/clds/service/JacksonObjectMapperProvider.java
new file mode 100644
index 0000000..87f8273
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/service/JacksonObjectMapperProvider.java
@@ -0,0 +1,51 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.service;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import javax.ws.rs.ext.ContextResolver;
+
+import org.onap.clamp.clds.util.JacksonUtils;
+
+/**
+ * This class is to restrcit the class type that can be de-serialized.
+ */
+public class JacksonObjectMapperProvider implements ContextResolver<ObjectMapper> {
+
+    private final ObjectMapper defaultObjectMapper;
+
+    public JacksonObjectMapperProvider() {
+        defaultObjectMapper = createDefaultMapper();
+    }
+
+    @Override
+    public ObjectMapper getContext(Class<?> type) {
+        return defaultObjectMapper;
+    }
+
+    private static ObjectMapper createDefaultMapper() {
+        return JacksonUtils.getObjectMapperInstance();
+    }
+}
diff --git a/src/main/java/org/onap/clamp/clds/service/JaxrsApplication.java b/src/main/java/org/onap/clamp/clds/service/JaxrsApplication.java
index 702e064..d3c212c 100644
--- a/src/main/java/org/onap/clamp/clds/service/JaxrsApplication.java
+++ b/src/main/java/org/onap/clamp/clds/service/JaxrsApplication.java
@@ -32,6 +32,7 @@
 import java.util.Set;
 import java.util.function.Function;
 import java.util.stream.Collectors;
+
 import javax.ws.rs.ApplicationPath;
 import javax.ws.rs.core.Application;
 
@@ -45,7 +46,6 @@
 public class JaxrsApplication extends Application {
 
     private static final EELFLogger logger = EELFManager.getInstance().getLogger(JaxrsApplication.class);
-
     private Function<BeanDefinition, Optional<Class<?>>> beanDefinitionToClass = b -> {
         try {
             return Optional.of(Class.forName(b.getBeanClassName()));
@@ -58,6 +58,7 @@
     @Override
     public Set<Class<?>> getClasses() {
         Set<Class<?>> resources = new HashSet<>();
+        resources.add(JacksonObjectMapperProvider.class);
         resources.add(io.swagger.v3.jaxrs2.integration.resources.OpenApiResource.class);
         resources.addAll(scan());
         return resources;
@@ -66,11 +67,7 @@
     private List<Class<?>> scan() {
         ClassPathScanningCandidateComponentProvider scanner = new ClassPathScanningCandidateComponentProvider(false);
         scanner.addIncludeFilter(new AnnotationTypeFilter(javax.ws.rs.Path.class));
-        return scanner.findCandidateComponents("org.onap.clamp.clds").stream()
-                .map(beanDefinitionToClass)
-                .filter(Optional::isPresent)
-                .map(Optional::get)
-                .collect(Collectors.toList());
+        return scanner.findCandidateComponents("org.onap.clamp.clds").stream().map(beanDefinitionToClass)
+                .filter(Optional::isPresent).map(Optional::get).collect(Collectors.toList());
     }
-
 }
\ No newline at end of file
diff --git a/src/main/java/org/onap/clamp/clds/util/JacksonUtils.java b/src/main/java/org/onap/clamp/clds/util/JacksonUtils.java
new file mode 100644
index 0000000..9d743f2
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/util/JacksonUtils.java
@@ -0,0 +1,53 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License"); 
+ * you may not use this file except in compliance with the License. 
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software 
+ * distributed under the License is distributed on an "AS IS" BASIS, 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+ * See the License for the specific language governing permissions and 
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.util;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+/**
+ * This class is used to access the jackson with restricted type access.
+ */
+public class JacksonUtils {
+
+    private static ObjectMapper objectMapper;
+
+    private JacksonUtils() {
+    }
+
+    /**
+     * Call this method to retrieve a secure ObjectMapper.
+     * 
+     * @return an ObjectMapper instance (same for clamp)
+     */
+    public static synchronized ObjectMapper getObjectMapperInstance() {
+        if (objectMapper == null) {
+            objectMapper = new ObjectMapper();
+            // This is to disable the security hole that could be opened for
+            // json deserialization, if needed do this
+            // objectMapper.enableDefaultTyping(DefaultTyping.NON_FINAL);
+            objectMapper.disableDefaultTyping();
+        }
+        return objectMapper;
+    }
+}
diff --git a/src/test/java/org/onap/clamp/clds/util/JacksonUtilsTest.java b/src/test/java/org/onap/clamp/clds/util/JacksonUtilsTest.java
new file mode 100644
index 0000000..d8774af
--- /dev/null
+++ b/src/test/java/org/onap/clamp/clds/util/JacksonUtilsTest.java
@@ -0,0 +1,95 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License"); 
+ * you may not use this file except in compliance with the License. 
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software 
+ * distributed under the License is distributed on an "AS IS" BASIS, 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+ * See the License for the specific language governing permissions and 
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.util;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.databind.JsonMappingException;
+
+import java.io.IOException;
+
+import org.junit.Test;
+
+public class JacksonUtilsTest {
+
+    public static class TestClass extends TestObject {
+
+        String test2;
+        TestObject2 object2;
+
+        public TestClass(String value1, String value2) {
+            super(value1);
+            test2 = value2;
+        }
+
+        public TestClass() {
+        }
+
+        public String getTest2() {
+            return test2;
+        }
+
+        public void setTest2(String test2) {
+            this.test2 = test2;
+        }
+
+        public TestObject2 getObject2() {
+            return object2;
+        }
+
+        public void setObject2(TestObject2 object2) {
+            this.object2 = object2;
+        }
+    }
+
+    @Test
+    public void testGetObjectMapperInstance() {
+        assertNotNull(JacksonUtils.getObjectMapperInstance());
+    }
+
+    /**
+     * This method test that the security hole in Jackson is not enabled in the
+     * default ObjectMapper.
+     * 
+     * @throws JsonParseException
+     *             In case of issues
+     * @throws JsonMappingException
+     *             In case of issues
+     * @throws IOException
+     *             In case of issues
+     */
+    @Test
+    public void testCreateBeanDeserializer() throws JsonParseException, JsonMappingException, IOException {
+        TestClass test = new TestClass("value1", "value2");
+        test.setObject2(new TestObject2("test3"));
+        Object testObject = JacksonUtils.getObjectMapperInstance().readValue(
+                "[\"org.onap.clamp.clds.util.JacksonUtilsTest$TestClass\",{\"test\":\"value1\",\"test2\":\"value2\",\"object2\":[\"org.onap.clamp.clds.util.TestObject2\",{\"test3\":\"test3\"}]}]",
+                Object.class);
+        assertNotNull(testObject);
+        assertFalse(testObject instanceof TestObject);
+        assertFalse(testObject instanceof TestClass);
+    }
+}
diff --git a/src/test/java/org/onap/clamp/clds/util/TestObject.java b/src/test/java/org/onap/clamp/clds/util/TestObject.java
new file mode 100644
index 0000000..cf8d302
--- /dev/null
+++ b/src/test/java/org/onap/clamp/clds/util/TestObject.java
@@ -0,0 +1,45 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License"); 
+ * you may not use this file except in compliance with the License. 
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software 
+ * distributed under the License is distributed on an "AS IS" BASIS, 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+ * See the License for the specific language governing permissions and 
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.util;
+
+public class TestObject {
+
+    private String test;
+
+    public String getTest() {
+        return test;
+    }
+
+    public void setTest(String test) {
+        this.test = test;
+    }
+
+    // @JsonProperty("test"), @JsonCreator
+    public TestObject(String theString) {
+        this.setTest(theString);
+    }
+
+    public TestObject() {
+    }
+}
diff --git a/src/test/java/org/onap/clamp/clds/util/TestObject2.java b/src/test/java/org/onap/clamp/clds/util/TestObject2.java
new file mode 100644
index 0000000..d8d2d01
--- /dev/null
+++ b/src/test/java/org/onap/clamp/clds/util/TestObject2.java
@@ -0,0 +1,44 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License"); 
+ * you may not use this file except in compliance with the License. 
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software 
+ * distributed under the License is distributed on an "AS IS" BASIS, 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+ * See the License for the specific language governing permissions and 
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.util;
+
+public class TestObject2 {
+
+    private String test3;
+
+    public String getTest3() {
+        return test3;
+    }
+
+    public void setTest3(String test) {
+        this.test3 = test;
+    }
+
+    public TestObject2(String theString) {
+        this.setTest3(theString);
+    }
+
+    public TestObject2() {
+    }
+}