Deserialize details field in UsernamePasswordAuthenticationToken

Before this commit, the details field was set to a JsonNode, but now it is deserialized correctly. Fixes gh-7482
2019-11-20 14:55:18 +08:00 · 2019-11-20 14:55:18 +08:00 · 156fc294bf
parent af415948b1
commit 156fc294bf
1 changed files with 2 additions and 1 deletions
--- a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
@ -87,7 +87,8 @@ class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<U
 		if (detailsNode.isNull() || detailsNode.isMissingNode()) {
 			token.setDetails(null);
 		} else {
-			token.setDetails(detailsNode);
+			Object details = mapper.readValue(detailsNode.toString(), new TypeReference<Object>() {});
+			token.setDetails(details);
 		}
 		return token;
 	}