Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 21:12:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix UsernamePasswordAuthenticationTokenDeserializer to handle customized object mapper inclusion settings

Browse Source 
Resolves #4698
This commit is contained in:
Onur Kagan Ozcan 2018-12-24 23:14:41 +03:00 committed by Rob Winch
parent 8bc0ef86da
commit a145653030
2 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
View File

@ -41,6 +41,7 @@ import org.springframework.security.core.GrantedAuthority;
*
* @author Jitendra Singh
* @author Greg Turnquist
* @author Onur Kagan Ozcan
* @see UsernamePasswordAuthenticationTokenMixin
* @since 4.2
*/
@ -69,7 +70,7 @@ class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<U
}
JsonNode credentialsNode = readJsonNode(jsonNode, "credentials");
Object credentials;
if (credentialsNode.isNull()) {
if (credentialsNode.isNull() || credentialsNode.isMissingNode()) {
credentials = null;
} else {
credentials = credentialsNode.asText();
@ -83,7 +84,7 @@ class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<U
token = new UsernamePasswordAuthenticationToken(principal, credentials);
}
JsonNode detailsNode = readJsonNode(jsonNode, "details");
if (detailsNode.isNull()) {
if (detailsNode.isNull() || detailsNode.isMissingNode()) {
token.setDetails(null);
} else {
token.setDetails(detailsNode);

21
core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
View File

@ -29,11 +29,16 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import static org.assertj.core.api.Assertions.*;
import static com.fasterxml.jackson.annotation.JsonInclude.Include.ALWAYS;
import static com.fasterxml.jackson.annotation.JsonInclude.Include.NON_ABSENT;
import static com.fasterxml.jackson.annotation.JsonInclude.Include.NON_NULL;
import static com.fasterxml.jackson.annotation.JsonInclude.Value.construct;
import static org.assertj.core.api.Assertions.assertThat;
/**
* @author Jitendra Singh
* @author Greg Turnquist
* @author Onur Kagan Ozcan
* @since 4.2
*/
public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixinTests {
@ -163,6 +168,20 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
assertThat(deserialized).isEqualTo(original);
}
@Test
public void serializingThenDeserializingWithConfiguredObjectMapperShouldWork() throws IOException {
// given
this.mapper.setDefaultPropertyInclusion(construct(ALWAYS, NON_NULL)).setSerializationInclusion(NON_ABSENT);
UsernamePasswordAuthenticationToken original = new UsernamePasswordAuthenticationToken("Frodo", null);
// when
String serialized = this.mapper.writeValueAsString(original);
UsernamePasswordAuthenticationToken deserialized =
this.mapper.readValue(serialized, UsernamePasswordAuthenticationToken.class);
// then
assertThat(deserialized).isEqualTo(original);
}
private UsernamePasswordAuthenticationToken createToken() {
User user = createDefaultUser();