Revert "Add AuthorizationProxyMixin"

This reverts commit 743817fc151cc0daf6dafb28733d77ff98ce1930.
2025-11-10 11:39:02 +00:00 · 2025-10-27 17:30:44 -06:00 · 2025-10-27 17:30:44 -06:00 · 3a84894bf4
commit 3a84894bf4
parent 90855aa128
3 changed files with 5 additions and 38 deletions
--- a/core/src/main/java/org/springframework/security/jackson/AuthorizationProxyMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson/AuthorizationProxyMixin.java
@ -1,33 +0,0 @@
-/*
- * Copyright 2004-present the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.jackson;
-
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-
-import org.springframework.security.authorization.method.AuthorizationProxy;
-
-/**
- * Jackson configurations for objects that extend {@link AuthorizationProxy}
- *
- * @author Josh Cummings
- * @since 7.0
- * @see org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
- */
-@JsonIgnoreProperties("callbacks")
-class AuthorizationProxyMixin {
-
-}
--- a/core/src/main/java/org/springframework/security/jackson/CoreJacksonModule.java
+++ b/core/src/main/java/org/springframework/security/jackson/CoreJacksonModule.java
@ -29,7 +29,6 @@ import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.RememberMeAuthenticationToken;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.authorization.method.AuthorizationProxy;
 import org.springframework.security.core.authority.FactorGrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextImpl;
@ -109,7 +108,6 @@ public class CoreJacksonModule extends SecurityJacksonModule {
 		context.setMixIn(UsernamePasswordAuthenticationToken.class, UsernamePasswordAuthenticationTokenMixin.class);
 		context.setMixIn(TestingAuthenticationToken.class, TestingAuthenticationTokenMixin.class);
 		context.setMixIn(BadCredentialsException.class, BadCredentialsExceptionMixin.class);
-		context.setMixIn(AuthorizationProxy.class, AuthorizationProxyMixin.class);
 	}

 }
--- a/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java
@ -34,6 +34,7 @@ import java.util.TreeSet;
 import java.util.function.Supplier;
 import java.util.stream.Stream;

+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 import tools.jackson.databind.json.JsonMapper;

@ -49,7 +50,6 @@ import org.springframework.security.authorization.method.AuthorizationAdvisorPro
 import org.springframework.security.authorization.method.AuthorizationProxy;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.jackson.CoreJacksonModule;

 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@ -340,13 +340,15 @@ public class AuthorizationAdvisorProxyFactoryTests {
 		assertThat(factory.proxy(35)).isEqualTo(35);
 	}

+	// TODO Find why callbacks property is serialized with Jackson 3, not with Jackson 2
+	// FIXME: https://github.com/spring-projects/spring-security/issues/18077
+	@Disabled("callbacks property is serialized with Jackson 3, not with Jackson 2")
 	@Test
 	public void serializeWhenAuthorizationProxyObjectThenOnlyIncludesProxiedProperties() {
 		SecurityContextHolder.getContext().setAuthentication(this.admin);
 		AuthorizationAdvisorProxyFactory factory = AuthorizationAdvisorProxyFactory.withDefaults();
 		User user = proxy(factory, this.alan);
-		// gh-18077
-		JsonMapper mapper = JsonMapper.builder().addModule(new CoreJacksonModule()).build();
+		JsonMapper mapper = new JsonMapper();
 		String serialized = mapper.writeValueAsString(user);
 		Map<String, Object> properties = mapper.readValue(serialized, Map.class);
 		assertThat(properties).hasSize(3).containsKeys("id", "firstName", "lastName");