mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-10-24 11:18:45 +00:00
8f8a25533a
This commit refines the documentation by: - Updating Jackson documentation for Jackson 3 - Removing the outdated documentation in servlet - Adding migration guidelines Closes gh-17832 Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>
93 lines
3.0 KiB
Plaintext
93 lines
3.0 KiB
Plaintext
[[jackson]]
|
|
= Jackson Support
|
|
|
|
Spring Security provides Jackson 3 support for persisting Spring Security related classes.
|
|
This can improve the performance of serializing Spring Security related classes when working with distributed sessions (i.e. session replication, Spring Session, etc).
|
|
|
|
[NOTE]
|
|
====
|
|
Jackson 2 support is still available but deprecated for removal, so you are encouraged to migrate to Jackson 3.
|
|
====
|
|
|
|
To use it, register `SecurityJacksonModules.getModules(ClassLoader)` with `JsonMapper.Builder` (https://github.com/FasterXML/jackson-databind[jackson-databind]):
|
|
|
|
[tabs]
|
|
======
|
|
Java::
|
|
+
|
|
[source,java,role="primary"]
|
|
----
|
|
ClassLoader loader = getClass().getClassLoader();
|
|
JsonMapper mapper = JsonMapper.builder()
|
|
.addModules(SecurityJacksonModules.getModules(loader))
|
|
.build();
|
|
|
|
// ... use JsonMapper as normally ...
|
|
SecurityContext context = new SecurityContextImpl();
|
|
// ...
|
|
String json = mapper.writeValueAsString(context);
|
|
----
|
|
|
|
Kotlin::
|
|
+
|
|
[source,kotlin,role="secondary"]
|
|
----
|
|
val loader = javaClass.classLoader
|
|
val mapper = JsonMapper.builder()
|
|
.addModules(SecurityJacksonModules.getModules(loader))
|
|
.build()
|
|
|
|
// ... use JsonMapper as normally ...
|
|
val context: SecurityContext = SecurityContextImpl()
|
|
// ...
|
|
val json: String = mapper.writeValueAsString(context)
|
|
----
|
|
======
|
|
|
|
[NOTE]
|
|
====
|
|
Using `SecurityJacksonModules` as above enables automatic inclusion of type information and configure a
|
|
`PolymorphicTypeValidator` that handles the validation of class names.
|
|
====
|
|
|
|
If needed, you can add custom classes to the validation handling.
|
|
|
|
[tabs]
|
|
======
|
|
Java::
|
|
+
|
|
[source,java,role="primary"]
|
|
----
|
|
ClassLoader loader = getClass().getClassLoader();
|
|
BasicPolymorphicTypeValidator.Builder builder = BasicPolymorphicTypeValidator.builder()
|
|
.allowIfSubType(MyCustomType.class);
|
|
JsonMapper mapper = JsonMapper.builder()
|
|
.addModules(SecurityJacksonModules.getModules(loader, builder))
|
|
.build();
|
|
----
|
|
|
|
Kotlin::
|
|
+
|
|
[source,kotlin,role="secondary"]
|
|
----
|
|
val loader = javaClass.classLoader
|
|
val builder = BasicPolymorphicTypeValidator.builder()
|
|
.allowIfSubType(MyCustomType::class)
|
|
val mapper = JsonMapper.builder()
|
|
.addModules(SecurityJacksonModules.getModules(loader, builder))
|
|
.build()
|
|
----
|
|
======
|
|
|
|
[NOTE]
|
|
====
|
|
The following Spring Security modules provide Jackson support:
|
|
|
|
- spring-security-core (javadoc:org.springframework.security.jackson.CoreJacksonModule[])
|
|
- spring-security-web (javadoc:org.springframework.security.web.jackson.WebJacksonModule[], javadoc:org.springframework.security.web.jackson.WebServletJacksonModule[], javadoc:org.springframework.security.web.server.jackson.WebServerJacksonModule[])
|
|
- spring-security-oauth2-client (javadoc:org.springframework.security.oauth2.client.jackson.OAuth2ClientJacksonModule[])
|
|
- spring-security-cas (javadoc:org.springframework.security.cas.jackson.CasJacksonModule[])
|
|
- spring-security-ldap (javadoc:org.springframework.security.ldap.jackson.LdapJacksonModule[])
|
|
- spring-security-saml2 (javadoc:org.springframework.security.saml2.jackson.Saml2JacksonModule[])
|
|
====
|