Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Upgrade Jackson JSON library to 2.10.0

This commit is contained in:
Filip Hanik 2019-09-26 12:09:09 -07:00
parent aecebeac69
commit f832d08814
3 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
View File

@ -24,7 +24,9 @@ import com.fasterxml.jackson.databind.JavaType;
import com.fasterxml.jackson.databind.Module;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.cfg.MapperConfig;
import com.fasterxml.jackson.databind.jsontype.BasicPolymorphicTypeValidator;
import com.fasterxml.jackson.databind.jsontype.NamedType;
import com.fasterxml.jackson.databind.jsontype.PolymorphicTypeValidator;
import com.fasterxml.jackson.databind.jsontype.TypeIdResolver;
import com.fasterxml.jackson.databind.jsontype.TypeResolverBuilder;
import org.apache.commons.logging.Log;
@ -146,19 +148,29 @@ public final class SecurityJackson2Modules {
}
/**
* An implementation of {@link ObjectMapper.DefaultTypeResolverBuilder} that overrides the {@link TypeIdResolver}
* with {@link WhitelistTypeIdResolver}.
* An implementation of {@link ObjectMapper.DefaultTypeResolverBuilder}
* that inserts an {@code allow all} {@link PolymorphicTypeValidator}
* and overrides the {@code TypeIdResolver}
* @author Rob Winch
*/
static class WhitelistTypeResolverBuilder extends ObjectMapper.DefaultTypeResolverBuilder {
WhitelistTypeResolverBuilder(ObjectMapper.DefaultTyping defaultTyping) {
super(defaultTyping);
super(
defaultTyping,
//we do explicit validation in the TypeIdResolver
BasicPolymorphicTypeValidator.builder()
.allowIfSubType(Object.class)
.build()
);
}
@Override
protected TypeIdResolver idResolver(MapperConfig<?> config,
JavaType baseType, Collection<NamedType> subtypes, boolean forSer, boolean forDeser) {
TypeIdResolver result = super.idResolver(config, baseType, subtypes, forSer, forDeser);
JavaType baseType,
PolymorphicTypeValidator subtypeValidator,
Collection<NamedType> subtypes, boolean forSer, boolean forDeser) {
TypeIdResolver result = super.idResolver(config, baseType, subtypeValidator, subtypes, forSer, forDeser);
return new WhitelistTypeIdResolver(result);
}
}

7
core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java
View File

@ -56,8 +56,11 @@ class UserDeserializer extends JsonDeserializer<User> {
public User deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) jp.getCodec();
JsonNode jsonNode = mapper.readTree(jp);
Set<GrantedAuthority> authorities = mapper.convertValue(jsonNode.get("authorities"), new TypeReference<Set<SimpleGrantedAuthority>>() {
});
Set<? extends GrantedAuthority> authorities =
mapper.convertValue(
jsonNode.get("authorities"),
new TypeReference<Set<SimpleGrantedAuthority>>() {}
);
JsonNode password = readJsonNode(jsonNode, "password");
User result = new User(
readJsonNode(jsonNode, "username").asText(), password.asText(""),

6
gradle/dependency-management.gradle
View File

@ -42,9 +42,9 @@ dependencyManagement {
dependency 'asm:asm:3.1'
dependency 'ch.qos.logback:logback-classic:1.2.3'
dependency 'ch.qos.logback:logback-core:1.2.3'
dependency 'com.fasterxml.jackson.core:jackson-annotations:2.9.10'
dependency 'com.fasterxml.jackson.core:jackson-core:2.9.10'
dependency 'com.fasterxml.jackson.core:jackson-databind:2.9.10'
dependency 'com.fasterxml.jackson.core:jackson-annotations:2.10.0'
dependency 'com.fasterxml.jackson.core:jackson-core:2.10.0'
dependency 'com.fasterxml.jackson.core:jackson-databind:2.10.0'
dependency 'com.fasterxml:classmate:1.3.4'
dependency 'com.github.stephenc.jcip:jcip-annotations:1.0-1'
dependency 'com.google.appengine:appengine-api-1.0-sdk:1.9.76'