From 22ea8356437c878ffdd51d074705ad22b82f36ae Mon Sep 17 00:00:00 2001 From: Frank Pavageau Date: Fri, 17 Mar 2017 16:50:15 +0100 Subject: [PATCH] Map values directly from the JSON nodes Not only is it more efficient without converting to an intermediate String, using JsonNode.toString() may not even produce valid JSON according to its Javadoc (ObjectMapper.writeValueAsString() should be used). --- .../security/jackson2/UnmodifiableSetDeserializer.java | 4 ++-- .../UsernamePasswordAuthenticationTokenDeserializer.java | 4 ++-- .../PreAuthenticatedAuthenticationTokenDeserializer.java | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java index 73cba239f7..97256a8de0 100644 --- a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java +++ b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java @@ -50,10 +50,10 @@ class UnmodifiableSetDeserializer extends JsonDeserializer { Iterator nodeIterator = arrayNode.iterator(); while (nodeIterator.hasNext()) { JsonNode elementNode = nodeIterator.next(); - resultSet.add(mapper.readValue(elementNode.toString(), Object.class)); + resultSet.add(mapper.readValue(elementNode.traverse(mapper), Object.class)); } } else { - resultSet.add(mapper.readValue(node.toString(), Object.class)); + resultSet.add(mapper.readValue(node.traverse(mapper), Object.class)); } } return Collections.unmodifiableSet(resultSet); diff --git a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java index 450149e9bb..4c86d5a83d 100644 --- a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java +++ b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java @@ -62,13 +62,13 @@ class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer() {}); + principal = mapper.readValue(principalNode.traverse(mapper), new TypeReference() {}); } else { principal = principalNode.asText(); } Object credentials = readJsonNode(jsonNode, "credentials").asText(); List authorities = mapper.readValue( - readJsonNode(jsonNode, "authorities").toString(), new TypeReference>() { + readJsonNode(jsonNode, "authorities").traverse(mapper), new TypeReference>() { }); if (authenticated) { token = new UsernamePasswordAuthenticationToken(principal, credentials, authorities); diff --git a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java index 48f1914436..0a8c0df921 100644 --- a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java +++ b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java @@ -63,13 +63,13 @@ class PreAuthenticatedAuthenticationTokenDeserializer extends JsonDeserializer

() {}); + principal = mapper.readValue(principalNode.traverse(mapper), new TypeReference() {}); } else { principal = principalNode.asText(); } Object credentials = readJsonNode(jsonNode, "credentials").asText(); List authorities = mapper.readValue( - readJsonNode(jsonNode, "authorities").toString(), new TypeReference>() { + readJsonNode(jsonNode, "authorities").traverse(mapper), new TypeReference>() { }); if (authenticated) { token = new PreAuthenticatedAuthenticationToken(principal, credentials, authorities);