Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-11-10 19:48:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Add AuthorizationProxyMixin"

Browse Source 
This reverts commit 743817fc151cc0daf6dafb28733d77ff98ce1930.
This commit is contained in:
Josh Cummings 2025-10-27 17:30:44 -06:00
parent 90855aa128
commit 3a84894bf4
3 changed files with 5 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
core/src/main/java/org/springframework/security/jackson/AuthorizationProxyMixin.java
View File

@ -1,33 +0,0 @@
/*
* Copyright 2004-present the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import org.springframework.security.authorization.method.AuthorizationProxy;
/**
* Jackson configurations for objects that extend {@link AuthorizationProxy}
*
* @author Josh Cummings
* @since 7.0
* @see org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
*/
@JsonIgnoreProperties("callbacks")
class AuthorizationProxyMixin {
}

2
core/src/main/java/org/springframework/security/jackson/CoreJacksonModule.java
View File

@ -29,7 +29,6 @@ import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.RememberMeAuthenticationToken; import org.springframework.security.authentication.RememberMeAuthenticationToken;
import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authorization.method.AuthorizationProxy;
import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.authority.FactorGrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextImpl; import org.springframework.security.core.context.SecurityContextImpl;
@ -109,7 +108,6 @@ public class CoreJacksonModule extends SecurityJacksonModule {
context.setMixIn(UsernamePasswordAuthenticationToken.class, UsernamePasswordAuthenticationTokenMixin.class); context.setMixIn(UsernamePasswordAuthenticationToken.class, UsernamePasswordAuthenticationTokenMixin.class);
context.setMixIn(TestingAuthenticationToken.class, TestingAuthenticationTokenMixin.class); context.setMixIn(TestingAuthenticationToken.class, TestingAuthenticationTokenMixin.class);
context.setMixIn(BadCredentialsException.class, BadCredentialsExceptionMixin.class); context.setMixIn(BadCredentialsException.class, BadCredentialsExceptionMixin.class);
context.setMixIn(AuthorizationProxy.class, AuthorizationProxyMixin.class);
} }
} }

8
core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java
View File

@ -34,6 +34,7 @@ import java.util.TreeSet;
import java.util.function.Supplier; import java.util.function.Supplier;
import java.util.stream.Stream; import java.util.stream.Stream;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import tools.jackson.databind.json.JsonMapper; import tools.jackson.databind.json.JsonMapper;
@ -49,7 +50,6 @@ import org.springframework.security.authorization.method.AuthorizationAdvisorPro
import org.springframework.security.authorization.method.AuthorizationProxy; import org.springframework.security.authorization.method.AuthorizationProxy;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.jackson.CoreJacksonModule;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType; import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@ -340,13 +340,15 @@ public class AuthorizationAdvisorProxyFactoryTests {
assertThat(factory.proxy(35)).isEqualTo(35); assertThat(factory.proxy(35)).isEqualTo(35);
} }
// TODO Find why callbacks property is serialized with Jackson 3, not with Jackson 2
// FIXME: https://github.com/spring-projects/spring-security/issues/18077
@Disabled("callbacks property is serialized with Jackson 3, not with Jackson 2")
@Test @Test
public void serializeWhenAuthorizationProxyObjectThenOnlyIncludesProxiedProperties() { public void serializeWhenAuthorizationProxyObjectThenOnlyIncludesProxiedProperties() {
SecurityContextHolder.getContext().setAuthentication(this.admin); SecurityContextHolder.getContext().setAuthentication(this.admin);
AuthorizationAdvisorProxyFactory factory = AuthorizationAdvisorProxyFactory.withDefaults(); AuthorizationAdvisorProxyFactory factory = AuthorizationAdvisorProxyFactory.withDefaults();
User user = proxy(factory, this.alan); User user = proxy(factory, this.alan);
// gh-18077 JsonMapper mapper = new JsonMapper();
JsonMapper mapper = JsonMapper.builder().addModule(new CoreJacksonModule()).build();
String serialized = mapper.writeValueAsString(user); String serialized = mapper.writeValueAsString(user);
Map<String, Object> properties = mapper.readValue(serialized, Map.class); Map<String, Object> properties = mapper.readValue(serialized, Map.class);
assertThat(properties).hasSize(3).containsKeys("id", "firstName", "lastName"); assertThat(properties).hasSize(3).containsKeys("id", "firstName", "lastName");