From bd345fb2a8e6f9269583c5a278a8d8f4c27ff3ee Mon Sep 17 00:00:00 2001
From: Steve Riesenberg <5248162+sjohnr@users.noreply.github.com>
Date: Thu, 29 Feb 2024 12:15:30 -0600
Subject: [PATCH] Polish gh-11758

---
 .../SwitchUserGrantedAuthorityMixIn.java        | 10 +++++-----
 .../web/jackson2/WebServletJackson2Module.java  | 14 +++++++-------
 ...> SwitchUserGrantedAuthorityMixInTests.java} | 17 ++++++++---------
 3 files changed, 20 insertions(+), 21 deletions(-)
 rename web/src/test/java/org/springframework/security/web/jackson2/{SwitchUserGrantedAuthorityMixInTest.java => SwitchUserGrantedAuthorityMixInTests.java} (83%)

diff --git a/web/src/main/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixIn.java b/web/src/main/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixIn.java
index 463995af93..4fff7ffdc4 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixIn.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixIn.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,15 +29,15 @@ import org.springframework.security.web.authentication.switchuser.SwitchUserGran
  * Jackson mixin class to serialize/deserialize {@link SwitchUserGrantedAuthority}.
  *
  * @author Markus Heiden
- * @since 5.8
+ * @since 6.3
  * @see WebServletJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
  */
-@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
-@JsonIgnoreProperties(ignoreUnknown = true)
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
-public abstract class SwitchUserGrantedAuthorityMixIn {
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class SwitchUserGrantedAuthorityMixIn {
 
 	@JsonCreator
 	SwitchUserGrantedAuthorityMixIn(@JsonProperty("role") String role, @JsonProperty("source") Authentication source) {
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java b/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
index f2c9d46f76..70b098e4fe 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2016 the original author or authors.
+ * Copyright 2015-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,12 +27,12 @@ import org.springframework.security.web.savedrequest.DefaultSavedRequest;
 import org.springframework.security.web.savedrequest.SavedCookie;
 
 /**
- * Jackson module for spring-security-web related to servlet. This module register
- * {@link CookieMixin}, {@link SavedCookieMixin}, {@link DefaultSavedRequestMixin} and
- * {@link WebAuthenticationDetailsMixin}. If no default typing enabled by default then
- * it'll enable it because typing info is needed to properly serialize/deserialize
- * objects. In order to use this module just add this module into your ObjectMapper
- * configuration.
+ * Jackson module for spring-security-web related to servlet. This module registers
+ * {@link CookieMixin}, {@link SavedCookieMixin}, {@link DefaultSavedRequestMixin},
+ * {@link WebAuthenticationDetailsMixin}, and {@link SwitchUserGrantedAuthorityMixIn}. If
+ * no default typing is enabled by default then it will be enabled, because typing info is
+ * needed to properly serialize/deserialize objects. In order to use this module just add
+ * this module into your ObjectMapper configuration.
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixInTest.java b/web/src/test/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixInTests.java
similarity index 83%
rename from web/src/test/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixInTest.java
rename to web/src/test/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixInTests.java
index 2969471731..703811658c 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixInTest.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixInTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,9 +31,9 @@ import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Markus Heiden
- * @since 5.8
+ * @since 6.3
  */
-public class SwitchUserGrantedAuthorityMixInTest extends AbstractMixinTests {
+public class SwitchUserGrantedAuthorityMixInTests extends AbstractMixinTests {
 
 	// language=JSON
 	private static final String SWITCH_JSON = """
@@ -50,25 +50,24 @@ public class SwitchUserGrantedAuthorityMixInTest extends AbstractMixinTests {
 				}
 			}
 			""".formatted(SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON);
-	SwitchUserGrantedAuthority expected;
 
-	Authentication source;
+	private Authentication source;
 
 	@BeforeEach
-	public void setupExpected() {
+	public void setUp() {
 		this.source = new UsernamePasswordAuthenticationToken("principal", "credentials",
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
-		this.expected = new SwitchUserGrantedAuthority("switched", this.source);
 	}
 
 	@Test
 	public void serializeWhenPrincipalCredentialsAuthoritiesThenSuccess() throws Exception {
-		String serializedJson = this.mapper.writeValueAsString(this.expected);
+		SwitchUserGrantedAuthority expected = new SwitchUserGrantedAuthority("switched", this.source);
+		String serializedJson = this.mapper.writeValueAsString(expected);
 		JSONAssert.assertEquals(SWITCH_JSON, serializedJson, true);
 	}
 
 	@Test
-	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws Exception {
+	public void deserializeWhenSourceIsUsernamePasswordAuthenticationTokenThenSuccess() throws Exception {
 		SwitchUserGrantedAuthority deserialized = this.mapper.readValue(SWITCH_JSON, SwitchUserGrantedAuthority.class);
 		assertThat(deserialized).isNotNull();
 		assertThat(deserialized.getAuthority()).isEqualTo("switched");