Protects JSON-RPC endpoints by validating request structure, controlling batch usage, applying ordered allow/deny rules to method names, and optionally validating request parameters and responses against JSON Schema documents.
Method rules are evaluated in the configured order. The first matching rule decides whether a method is allowed or denied.
Schema validation is configured under schemaValidation. Per-method params and response schemas can use either location for external JSON Schema files or schema for inline schema definitions.
Example Configuration
- jsonRPCProtection:
batch:
enabled: true
maxSize: 50
methods:
- allow: "^rpc\\.(health|echo)$"
- deny: ".*"
schemaValidation:
error:
location: classpath:/json/rpc/error.schema.json
methods:
"rpc.echo":
params:
location: classpath:/json/rpc/echo-params.schema.json
response:
schema:
type: object
required: [message]
properties:
message:
type: string
- jsonRPCProtection:
batch:
enabled: true
maxSize: 50
methods:
- allow: "^rpc\\.(health|echo)$"
- deny: ".*"
schemaValidation:
error:
location: classpath:/json/rpc/error.schema.json
methods:
"rpc.echo":
params:
location: classpath:/json/rpc/echo-params.schema.json
response:
schema:
type: object
required: [message]
properties:
message:
type: string
Syntax
jsonRPCProtection:
batch: {}
methods:
- <methods>
schemaValidation: {}
jsonRPCProtection:
batch: {}
methods:
- <methods>
schemaValidation: {}
Child Structure
| Element | Cardinality | Description |
|---|---|---|
| batch | 0..1 | Configures whether JSON-RPC batch requests are allowed and how many request objects one batch may contain. |
| methods | 0..* | Configures ordered allow/deny rules for JSON-RPC method names. |
| schemaValidation | 0..1 | Configures JSON Schema validation for params, responses, and error objects. |