From 3a84894bf495d2c932fc7b7ac263f59d4e044368 Mon Sep 17 00:00:00 2001 From: Josh Cummings <3627351+jzheaux@users.noreply.github.com> Date: Mon, 27 Oct 2025 17:30:44 -0600 Subject: [PATCH] Revert "Add AuthorizationProxyMixin" This reverts commit 743817fc151cc0daf6dafb28733d77ff98ce1930. --- .../jackson/AuthorizationProxyMixin.java | 33 ------------------- .../security/jackson/CoreJacksonModule.java | 2 -- ...AuthorizationAdvisorProxyFactoryTests.java | 8 +++-- 3 files changed, 5 insertions(+), 38 deletions(-) delete mode 100644 core/src/main/java/org/springframework/security/jackson/AuthorizationProxyMixin.java diff --git a/core/src/main/java/org/springframework/security/jackson/AuthorizationProxyMixin.java b/core/src/main/java/org/springframework/security/jackson/AuthorizationProxyMixin.java deleted file mode 100644 index 85e3d34493..0000000000 --- a/core/src/main/java/org/springframework/security/jackson/AuthorizationProxyMixin.java +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright 2004-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.jackson; - -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; - -import org.springframework.security.authorization.method.AuthorizationProxy; - -/** - * Jackson configurations for objects that extend {@link AuthorizationProxy} - * - * @author Josh Cummings - * @since 7.0 - * @see org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory - */ -@JsonIgnoreProperties("callbacks") -class AuthorizationProxyMixin { - -} diff --git a/core/src/main/java/org/springframework/security/jackson/CoreJacksonModule.java b/core/src/main/java/org/springframework/security/jackson/CoreJacksonModule.java index abedef607e..0d633f4c2d 100644 --- a/core/src/main/java/org/springframework/security/jackson/CoreJacksonModule.java +++ b/core/src/main/java/org/springframework/security/jackson/CoreJacksonModule.java @@ -29,7 +29,6 @@ import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.RememberMeAuthenticationToken; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.authorization.method.AuthorizationProxy; import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextImpl; @@ -109,7 +108,6 @@ public class CoreJacksonModule extends SecurityJacksonModule { context.setMixIn(UsernamePasswordAuthenticationToken.class, UsernamePasswordAuthenticationTokenMixin.class); context.setMixIn(TestingAuthenticationToken.class, TestingAuthenticationTokenMixin.class); context.setMixIn(BadCredentialsException.class, BadCredentialsExceptionMixin.class); - context.setMixIn(AuthorizationProxy.class, AuthorizationProxyMixin.class); } } diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java index d0ca0796aa..eef00d19d4 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java @@ -34,6 +34,7 @@ import java.util.TreeSet; import java.util.function.Supplier; import java.util.stream.Stream; +import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import tools.jackson.databind.json.JsonMapper; @@ -49,7 +50,6 @@ import org.springframework.security.authorization.method.AuthorizationAdvisorPro import org.springframework.security.authorization.method.AuthorizationProxy; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.jackson.CoreJacksonModule; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; @@ -340,13 +340,15 @@ public class AuthorizationAdvisorProxyFactoryTests { assertThat(factory.proxy(35)).isEqualTo(35); } + // TODO Find why callbacks property is serialized with Jackson 3, not with Jackson 2 + // FIXME: https://github.com/spring-projects/spring-security/issues/18077 + @Disabled("callbacks property is serialized with Jackson 3, not with Jackson 2") @Test public void serializeWhenAuthorizationProxyObjectThenOnlyIncludesProxiedProperties() { SecurityContextHolder.getContext().setAuthentication(this.admin); AuthorizationAdvisorProxyFactory factory = AuthorizationAdvisorProxyFactory.withDefaults(); User user = proxy(factory, this.alan); - // gh-18077 - JsonMapper mapper = JsonMapper.builder().addModule(new CoreJacksonModule()).build(); + JsonMapper mapper = new JsonMapper(); String serialized = mapper.writeValueAsString(user); Map properties = mapper.readValue(serialized, Map.class); assertThat(properties).hasSize(3).containsKeys("id", "firstName", "lastName");