From 156fc294bf4240822cd4c090a59b6fa2a86c0796 Mon Sep 17 00:00:00 2001
From: Tao Sun <buzzerrookie@hotmail.com>
Date: Wed, 20 Nov 2019 14:55:18 +0800
Subject: [PATCH] Deserialize details field in
 UsernamePasswordAuthenticationToken

Before this commit, the details field was set to a JsonNode, but now it is deserialized correctly.

Fixes gh-7482
---
 .../UsernamePasswordAuthenticationTokenDeserializer.java       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
index 96ad469f4b..64a5b4a7b0 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
@@ -87,7 +87,8 @@ class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<U
 		if (detailsNode.isNull() || detailsNode.isMissingNode()) {
 			token.setDetails(null);
 		} else {
-			token.setDetails(detailsNode);
+			Object details = mapper.readValue(detailsNode.toString(), new TypeReference<Object>() {});
+			token.setDetails(details);
 		}
 		return token;
 	}