Update to jackson-databind-2.8.11.1

Fixes: gh-5101
2025-07-14 06:13:30 +00:00 · 2018-01-30 11:16:02 -06:00 · 2018-01-30 11:16:02 -06:00 · 5dedbb6283
commit 5dedbb6283
parent 4cad151b57
8 changed files with 124 additions and 7 deletions
--- a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java
@ -55,7 +55,7 @@ public class CasAuthenticationTokenMixinTests {

 	public static final String AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", [" + AUTHORITY_JSON + "]]";

-	public static final String AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.ArrayList\", [" + AUTHORITY_JSON + "]]";
+	public static final String AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.Collections$UnmodifiableRandomAccessList\", [" + AUTHORITY_JSON + "]]";

 	// @formatter:off
 	public static final String USER_JSON = "{"
@ -84,14 +84,14 @@ public class CasAuthenticationTokenMixinTests {
 			+ "\"principal\": {"
 				+ "\"@class\": \"org.jasig.cas.client.authentication.AttributePrincipalImpl\", "
 				+ "\"name\": \"assertName\", "
-				+ "\"attributes\": {\"@class\": \"java.util.Collections$EmptyMap\"}, "
+				+ "\"attributes\": {\"@class\": \"java.util.HashMap\"}, "
 				+ "\"proxyGrantingTicket\": null, "
 				+ "\"proxyRetriever\": null"
 			+ "}, "
 			+ "\"validFromDate\": [\"java.util.Date\", " + START_DATE.getTime() + "], "
 			+ "\"validUntilDate\": [\"java.util.Date\", " + END_DATE.getTime() + "],"
 			+ "\"authenticationDate\": [\"java.util.Date\", " + START_DATE.getTime() + "], "
-			+ "\"attributes\": {\"@class\": \"java.util.Collections$EmptyMap\"}" +
+			+ "\"attributes\": {\"@class\": \"java.util.HashMap\"}" +
 		"}"
 	+ "}";

--- a/core/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java
+++ b/core/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java
@ -58,6 +58,7 @@ public class CoreJackson2Module extends SimpleModule {
 		context.setMixInAnnotations(RememberMeAuthenticationToken.class, RememberMeAuthenticationTokenMixin.class);
 		context.setMixInAnnotations(SimpleGrantedAuthority.class, SimpleGrantedAuthorityMixin.class);
 		context.setMixInAnnotations(Collections.<Object>unmodifiableSet(Collections.emptySet()).getClass(), UnmodifiableSetMixin.class);
+		context.setMixInAnnotations(Collections.<Object>unmodifiableList(Collections.emptyList()).getClass(), UnmodifiableListMixin.class);
 		context.setMixInAnnotations(User.class, UserMixin.class);
 		context.setMixInAnnotations(UsernamePasswordAuthenticationToken.class, UsernamePasswordAuthenticationTokenMixin.class);
 	}
--- a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
+++ b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
@ -143,6 +143,7 @@ public final class SecurityJackson2Modules {
 		private static final Set<String> WHITELIST_CLASS_NAMES = Collections.unmodifiableSet(new HashSet(Arrays.asList(
 			"java.util.ArrayList",
 			"java.util.Collections$EmptyMap",
+			"java.util.Collections$UnmodifiableRandomAccessList",
 			"java.util.Date",
 			"java.util.TreeMap",
 			"java.util.HashMap",
--- a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java
@ -0,0 +1,63 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.jackson2;
+
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.JsonDeserializer;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * Custom deserializer for {@link UnmodifiableListMixin}.
+ *
+ * @author Rob Winch
+ * @see UnmodifiableSetMixin
+ * @since 4.2
+ */
+class UnmodifiableListDeserializer extends JsonDeserializer<List> {
+
+	@Override
+	public List deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException {
+		ObjectMapper mapper = (ObjectMapper) jp.getCodec();
+		JsonNode node = mapper.readTree(jp);
+		List<Object> result = new ArrayList<Object>();
+		if (node != null) {
+			if (node instanceof ArrayNode) {
+				ArrayNode arrayNode = (ArrayNode) node;
+				Iterator<JsonNode> nodeIterator = arrayNode.iterator();
+				while (nodeIterator.hasNext()) {
+					JsonNode elementNode = nodeIterator.next();
+					result.add(mapper.readValue(elementNode.traverse(mapper), Object.class));
+				}
+			} else {
+				result.add(mapper.readValue(node.traverse(mapper), Object.class));
+			}
+		}
+		return Collections.unmodifiableList(result);
+	}
+}
--- a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableListMixin.java
@ -0,0 +1,50 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.jackson2;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
+import java.util.Set;
+
+/**
+ * This mixin class used to deserialize java.util.Collections$UnmodifiableRandomAccessList
+ * and used with various AuthenticationToken implementation's mixin classes.
+ *
+ * <pre>
+ *     ObjectMapper mapper = new ObjectMapper();
+ *     mapper.registerModule(new CoreJackson2Module());
+ * </pre>
+ *
+ * @author Rob Winch
+ * @see UnmodifiableListDeserializer
+ * @see CoreJackson2Module
+ * @see SecurityJackson2Modules
+ * @since 4.2
+ */
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
+@JsonDeserialize(using = UnmodifiableListDeserializer.class)
+class UnmodifiableListMixin {
+
+	/**
+	 * Mixin Constructor
+	 * @param s the Set
+	 */
+	@JsonCreator
+	UnmodifiableListMixin(Set<?> s) {}
+}
--- a/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixinTests.java
@ -36,11 +36,13 @@ public class SimpleGrantedAuthorityMixinTests extends AbstractMixinTests {
 	// @formatter:off
 	public static final String AUTHORITY_JSON = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"authority\": \"ROLE_USER\"}";

-	public static final String AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.ArrayList\", [" + AUTHORITY_JSON + "]]";
+	public static final String AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.Collections$UnmodifiableRandomAccessList\", [" + AUTHORITY_JSON + "]]";

 	public static final String AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", [" + AUTHORITY_JSON + "]]";

-	public static final String NO_AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.ArrayList\", []]";
+	public static final String NO_AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.Collections$UnmodifiableRandomAccessList\", []]";
+
+	public static final String EMPTY_AUTHORITIES_ARRAYLIST_JSON = "[\"java.util.ArrayList\", []]";

 	public static final String NO_AUTHORITIES_SET_JSON = "[\"java.util.Collections$UnmodifiableSet\", []]";
 	// @formatter:on
--- a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
@ -70,7 +70,7 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 	// @formatter:off
 	private static final String UNAUTHENTICATED_STRINGPRINCIPAL_JSON = AUTHENTICATED_STRINGPRINCIPAL_JSON
 		.replace("\"authenticated\": true, ", "\"authenticated\": false, ")
-		.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON, SimpleGrantedAuthorityMixinTests.NO_AUTHORITIES_ARRAYLIST_JSON);
+		.replace(SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON, SimpleGrantedAuthorityMixinTests.EMPTY_AUTHORITIES_ARRAYLIST_JSON);
 	// @formatter:on

 	@Test
--- a/gradle/javaprojects.gradle
+++ b/gradle/javaprojects.gradle
@ -21,7 +21,7 @@ ext.groovyVersion = '2.4.4'
 ext.hsqlVersion = '2.3.2'
 ext.hibernateVersion = '5.0.12.Final'
 ext.hibernateValidatorVersion = '5.3.6.Final'
-ext.jacksonDatabindVersion = '2.8.10'
+ext.jacksonDatabindVersion = '2.8.11.1'
 ext.javaPersistenceVersion = '2.1.1'
 ext.jettyVersion = '6.1.26'
 ext.jstlVersion = '1.2.1'