diff --git a/core/src/main/java/org/springframework/security/jackson/AuthorizationProxyMixin.java b/core/src/main/java/org/springframework/security/jackson/AuthorizationProxyMixin.java new file mode 100644 index 0000000000..85e3d34493 --- /dev/null +++ b/core/src/main/java/org/springframework/security/jackson/AuthorizationProxyMixin.java @@ -0,0 +1,33 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.jackson; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; + +import org.springframework.security.authorization.method.AuthorizationProxy; + +/** + * Jackson configurations for objects that extend {@link AuthorizationProxy} + * + * @author Josh Cummings + * @since 7.0 + * @see org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory + */ +@JsonIgnoreProperties("callbacks") +class AuthorizationProxyMixin { + +} diff --git a/core/src/main/java/org/springframework/security/jackson/CoreJacksonModule.java b/core/src/main/java/org/springframework/security/jackson/CoreJacksonModule.java index 0d633f4c2d..abedef607e 100644 --- a/core/src/main/java/org/springframework/security/jackson/CoreJacksonModule.java +++ b/core/src/main/java/org/springframework/security/jackson/CoreJacksonModule.java @@ -29,6 +29,7 @@ import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.RememberMeAuthenticationToken; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.authorization.method.AuthorizationProxy; import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextImpl; @@ -108,6 +109,7 @@ public class CoreJacksonModule extends SecurityJacksonModule { context.setMixIn(UsernamePasswordAuthenticationToken.class, UsernamePasswordAuthenticationTokenMixin.class); context.setMixIn(TestingAuthenticationToken.class, TestingAuthenticationTokenMixin.class); context.setMixIn(BadCredentialsException.class, BadCredentialsExceptionMixin.class); + context.setMixIn(AuthorizationProxy.class, AuthorizationProxyMixin.class); } } diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java index eef00d19d4..d0ca0796aa 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java @@ -34,7 +34,6 @@ import java.util.TreeSet; import java.util.function.Supplier; import java.util.stream.Stream; -import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import tools.jackson.databind.json.JsonMapper; @@ -50,6 +49,7 @@ import org.springframework.security.authorization.method.AuthorizationAdvisorPro import org.springframework.security.authorization.method.AuthorizationProxy; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.jackson.CoreJacksonModule; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; @@ -340,15 +340,13 @@ public class AuthorizationAdvisorProxyFactoryTests { assertThat(factory.proxy(35)).isEqualTo(35); } - // TODO Find why callbacks property is serialized with Jackson 3, not with Jackson 2 - // FIXME: https://github.com/spring-projects/spring-security/issues/18077 - @Disabled("callbacks property is serialized with Jackson 3, not with Jackson 2") @Test public void serializeWhenAuthorizationProxyObjectThenOnlyIncludesProxiedProperties() { SecurityContextHolder.getContext().setAuthentication(this.admin); AuthorizationAdvisorProxyFactory factory = AuthorizationAdvisorProxyFactory.withDefaults(); User user = proxy(factory, this.alan); - JsonMapper mapper = new JsonMapper(); + // gh-18077 + JsonMapper mapper = JsonMapper.builder().addModule(new CoreJacksonModule()).build(); String serialized = mapper.writeValueAsString(user); Map properties = mapper.readValue(serialized, Map.class); assertThat(properties).hasSize(3).containsKeys("id", "firstName", "lastName");