mirror of https://github.com/jwtk/jjwt.git
Fix split package issue in extensions/jackson and extensions/orgjson (#488)
* Fix split package issue in extensions/jackson and extensions/orgjson This moves the implementation specific classes: - `io.jsonwebtoken.io.Jackson*` to `io.jsonwebtoken.jackson.io.Jackson*` - `io.jsonwebtoken.io.OrgJson*` to `io.jsonwebtoken.orgjson.io.OrgJson*` * Add Backwards Compatibility Warning to CHANGELOG * Add `jjwt-jackson:deprecated` and `jjwt-orgjson:deprecated` modules to retain backward-compatible versions of the Jackson and OrgJson Serializers (this is built with the shade plugin and binary compatibility validated with japicmp) Fixes: #399
This commit is contained in:
parent
b5958202c0
commit
6e74be0b8d
35
CHANGELOG.md
35
CHANGELOG.md
|
@ -3,7 +3,40 @@
|
|||
### 0.11.0
|
||||
|
||||
* Updates the Jackson dependency version to [2.9.10](https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9#patches)
|
||||
to address three security vulnerabilities in Jackson:
|
||||
to address three security vulnerabilities in Jackson.
|
||||
* Moves JSON Serializer/Deserializer implementations to a different package name.
|
||||
- `io.jsonwebtoken.io.JacksonSerializer` -> `io.jsonwebtoken.jackson.io.JacksonSerializer`
|
||||
- `io.jsonwebtoken.io.JacksonDeserializer` -> `io.jsonwebtoken.jackson.io.JacksonDeserializer`
|
||||
- `io.jsonwebtoken.io.OrgJsonSerializer` -> `io.jsonwebtoken.orgjson.io.OrgJsonSerializer`
|
||||
- `io.jsonwebtoken.io.OrgJsonDeserializer` -> `io.jsonwebtoken.orgjson.io.OrgJsonDeserializer`
|
||||
|
||||
A backward compatibility modules has been created using the `deprecated` classifier (`io.jsonwebtoken:jjwt-jackson:0.11.0:deprecated` and `io.jsonwebtoken:jjwt-orjson:0.11.0:deprecated`), if you are compiling against these classes directly, otherwise you will be unaffected.
|
||||
|
||||
#### Backwards Compatibility Warning
|
||||
|
||||
Due to this package move, if you are currently using one of the above four existing (pre 0.11.0) classes with `compile` scope, you must either:
|
||||
1. change your code to use the newer package classes (recommended), or
|
||||
1. change your build/dependency configuration to use the `deprecated` dependency classifier to use the existing classes, as follows:
|
||||
|
||||
**Maven**
|
||||
|
||||
```xml
|
||||
<dependency>
|
||||
<groupId>io.jsonwebtoken</groupId>
|
||||
<artifactId>jjwt-jackson</artifactId>
|
||||
<version>0.11.0</version>
|
||||
<classifier>deprecated</classifier>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
```
|
||||
|
||||
**Gradle**
|
||||
|
||||
```groovy
|
||||
compile 'io.jsonwebtoken:jjwt-jackson:0.11.0:deprecated'
|
||||
```
|
||||
|
||||
**Note:** that the first option is recommended since the second option will not be available starting with the 1.0 release.
|
||||
|
||||
### 0.10.7
|
||||
|
||||
|
|
|
@ -44,4 +44,37 @@
|
|||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<!-- The following plugin section is used in jjwt-jackson and jjwt-orgjson, to repackage (and verify)
|
||||
binary compatibility with previous versions. In v0.11.0 the implementations changed packages to
|
||||
avoid split package issues with Java 9+ see: https://github.com/jwtk/jjwt/issues/399 -->
|
||||
<!-- TODO: remove these deprecated packages and this config before v1.0 -->
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-shade-plugin</artifactId>
|
||||
<configuration>
|
||||
<relocations>
|
||||
<relocation>
|
||||
<pattern>io.jsonwebtoken.jackson.io</pattern>
|
||||
<shadedPattern>io.jsonwebtoken.io</shadedPattern>
|
||||
<includes>io.jsonwebtoken.jackson.io.*</includes>
|
||||
</relocation>
|
||||
</relocations>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>com.github.siom79.japicmp</groupId>
|
||||
<artifactId>japicmp-maven-plugin</artifactId>
|
||||
<configuration>
|
||||
<newVersion>
|
||||
<file>
|
||||
<!-- compare the previous version with the new 'deprecated' package -->
|
||||
<path>${project.build.directory}/${project.artifactId}-${project.version}-deprecated.${project.packaging}</path>
|
||||
</file>
|
||||
</newVersion>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
|
@ -13,9 +13,11 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package io.jsonwebtoken.io;
|
||||
package io.jsonwebtoken.jackson.io;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import io.jsonwebtoken.io.DeserializationException;
|
||||
import io.jsonwebtoken.io.Deserializer;
|
||||
import io.jsonwebtoken.lang.Assert;
|
||||
|
||||
import java.io.IOException;
|
|
@ -13,10 +13,12 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package io.jsonwebtoken.io;
|
||||
package io.jsonwebtoken.jackson.io;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import io.jsonwebtoken.io.SerializationException;
|
||||
import io.jsonwebtoken.io.Serializer;
|
||||
import io.jsonwebtoken.lang.Assert;
|
||||
|
||||
/**
|
|
@ -13,9 +13,11 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package io.jsonwebtoken.io
|
||||
package io.jsonwebtoken.jackson.io
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper
|
||||
import io.jsonwebtoken.io.DeserializationException
|
||||
import io.jsonwebtoken.jackson.io.JacksonDeserializer
|
||||
import io.jsonwebtoken.lang.Strings
|
||||
import org.junit.Test
|
||||
|
|
@ -13,10 +13,12 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package io.jsonwebtoken.io
|
||||
package io.jsonwebtoken.jackson.io
|
||||
|
||||
import com.fasterxml.jackson.core.JsonProcessingException
|
||||
import com.fasterxml.jackson.databind.ObjectMapper
|
||||
import io.jsonwebtoken.io.SerializationException
|
||||
import io.jsonwebtoken.jackson.io.JacksonSerializer
|
||||
import io.jsonwebtoken.lang.Strings
|
||||
import org.junit.Test
|
||||
|
|
@ -44,4 +44,37 @@
|
|||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<!-- The following plugin section is used in jjwt-jackson and jjwt-orgjson, to repackage (and verify)
|
||||
binary compatibility with previous versions. In v0.11.0 the implementations changed packages to
|
||||
avoid split package issues with Java 9+ see: https://github.com/jwtk/jjwt/issues/399 -->
|
||||
<!-- TODO: remove these deprecated packages and this config before v1.0 -->
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-shade-plugin</artifactId>
|
||||
<configuration>
|
||||
<relocations>
|
||||
<relocation>
|
||||
<pattern>io.jsonwebtoken.orgjson.io</pattern>
|
||||
<shadedPattern>io.jsonwebtoken.io</shadedPattern>
|
||||
<includes>io.jsonwebtoken.orgjson.io.*</includes>
|
||||
</relocation>
|
||||
</relocations>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>com.github.siom79.japicmp</groupId>
|
||||
<artifactId>japicmp-maven-plugin</artifactId>
|
||||
<configuration>
|
||||
<newVersion>
|
||||
<file>
|
||||
<!-- compare the previous version with the new 'deprecated' package -->
|
||||
<path>${project.build.directory}/${project.artifactId}-${project.version}-deprecated.${project.packaging}</path>
|
||||
</file>
|
||||
</newVersion>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
|
@ -13,8 +13,10 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package io.jsonwebtoken.io;
|
||||
package io.jsonwebtoken.orgjson.io;
|
||||
|
||||
import io.jsonwebtoken.io.DeserializationException;
|
||||
import io.jsonwebtoken.io.Deserializer;
|
||||
import io.jsonwebtoken.lang.Assert;
|
||||
import io.jsonwebtoken.lang.Strings;
|
||||
import org.json.JSONArray;
|
|
@ -13,8 +13,11 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package io.jsonwebtoken.io;
|
||||
package io.jsonwebtoken.orgjson.io;
|
||||
|
||||
import io.jsonwebtoken.io.Encoders;
|
||||
import io.jsonwebtoken.io.SerializationException;
|
||||
import io.jsonwebtoken.io.Serializer;
|
||||
import io.jsonwebtoken.lang.Classes;
|
||||
import io.jsonwebtoken.lang.Collections;
|
||||
import io.jsonwebtoken.lang.DateFormats;
|
|
@ -13,9 +13,10 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package io.jsonwebtoken.io
|
||||
package io.jsonwebtoken.orgjson.io
|
||||
|
||||
import io.jsonwebtoken.lang.Classes
|
||||
import io.jsonwebtoken.orgjson.io.OrgJsonSerializer
|
||||
import org.junit.Test
|
||||
import org.junit.runner.RunWith
|
||||
import org.powermock.core.classloader.annotations.PrepareForTest
|
|
@ -13,9 +13,11 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package io.jsonwebtoken.io
|
||||
package io.jsonwebtoken.orgjson.io
|
||||
|
||||
import io.jsonwebtoken.io.DeserializationException
|
||||
import io.jsonwebtoken.lang.Strings
|
||||
import io.jsonwebtoken.orgjson.io.OrgJsonDeserializer
|
||||
import org.junit.Test
|
||||
import static org.junit.Assert.*
|
||||
|
|
@ -13,11 +13,13 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package io.jsonwebtoken.io
|
||||
package io.jsonwebtoken.orgjson.io
|
||||
|
||||
import io.jsonwebtoken.SignatureAlgorithm
|
||||
import io.jsonwebtoken.io.SerializationException
|
||||
import io.jsonwebtoken.lang.DateFormats
|
||||
import io.jsonwebtoken.lang.Strings
|
||||
import io.jsonwebtoken.orgjson.io.OrgJsonSerializer
|
||||
import org.json.JSONObject
|
||||
import org.json.JSONString
|
||||
import org.junit.Before
|
|
@ -38,5 +38,4 @@
|
|||
<module>orgjson</module>
|
||||
<module>gson</module>
|
||||
</modules>
|
||||
|
||||
</project>
|
|
@ -45,10 +45,10 @@ public class RuntimeClasspathDeserializerLocator<T> implements InstanceLocator<D
|
|||
|
||||
@SuppressWarnings("WeakerAccess") //to allow testing override
|
||||
protected Deserializer<T> locate() {
|
||||
if (isAvailable("io.jsonwebtoken.io.JacksonDeserializer")) {
|
||||
return Classes.newInstance("io.jsonwebtoken.io.JacksonDeserializer");
|
||||
} else if (isAvailable("io.jsonwebtoken.io.OrgJsonDeserializer")) {
|
||||
return Classes.newInstance("io.jsonwebtoken.io.OrgJsonDeserializer");
|
||||
if (isAvailable("io.jsonwebtoken.jackson.io.JacksonDeserializer")) {
|
||||
return Classes.newInstance("io.jsonwebtoken.jackson.io.JacksonDeserializer");
|
||||
} else if (isAvailable("io.jsonwebtoken.orgjson.io.OrgJsonDeserializer")) {
|
||||
return Classes.newInstance("io.jsonwebtoken.orgjson.io.OrgJsonDeserializer");
|
||||
} else if (isAvailable("io.jsonwebtoken.gson.io.GsonDeserializer")) {
|
||||
return Classes.newInstance("io.jsonwebtoken.gson.io.GsonDeserializer");
|
||||
} else {
|
||||
|
|
|
@ -45,10 +45,10 @@ public class RuntimeClasspathSerializerLocator implements InstanceLocator<Serial
|
|||
|
||||
@SuppressWarnings("WeakerAccess") //to allow testing override
|
||||
protected Serializer<Object> locate() {
|
||||
if (isAvailable("io.jsonwebtoken.io.JacksonSerializer")) {
|
||||
return Classes.newInstance("io.jsonwebtoken.io.JacksonSerializer");
|
||||
} else if (isAvailable("io.jsonwebtoken.io.OrgJsonSerializer")) {
|
||||
return Classes.newInstance("io.jsonwebtoken.io.OrgJsonSerializer");
|
||||
if (isAvailable("io.jsonwebtoken.jackson.io.JacksonSerializer")) {
|
||||
return Classes.newInstance("io.jsonwebtoken.jackson.io.JacksonSerializer");
|
||||
} else if (isAvailable("io.jsonwebtoken.orgjson.io.OrgJsonSerializer")) {
|
||||
return Classes.newInstance("io.jsonwebtoken.orgjson.io.OrgJsonSerializer");
|
||||
} else if (isAvailable("io.jsonwebtoken.gson.io.GsonSerializer")) {
|
||||
return Classes.newInstance("io.jsonwebtoken.gson.io.GsonSerializer");
|
||||
} else {
|
||||
|
|
|
@ -15,10 +15,10 @@
|
|||
*/
|
||||
package io.jsonwebtoken.impl.io
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper
|
||||
|
||||
import io.jsonwebtoken.io.Deserializer
|
||||
import io.jsonwebtoken.io.JacksonDeserializer
|
||||
import io.jsonwebtoken.io.OrgJsonDeserializer
|
||||
import io.jsonwebtoken.jackson.io.JacksonDeserializer
|
||||
import io.jsonwebtoken.orgjson.io.OrgJsonDeserializer
|
||||
import io.jsonwebtoken.gson.io.GsonDeserializer
|
||||
import org.junit.After
|
||||
import org.junit.Before
|
||||
|
|
|
@ -16,8 +16,8 @@
|
|||
package io.jsonwebtoken.impl.io
|
||||
|
||||
import io.jsonwebtoken.io.Serializer
|
||||
import io.jsonwebtoken.io.JacksonSerializer
|
||||
import io.jsonwebtoken.io.OrgJsonSerializer
|
||||
import io.jsonwebtoken.jackson.io.JacksonSerializer
|
||||
import io.jsonwebtoken.orgjson.io.OrgJsonSerializer
|
||||
import io.jsonwebtoken.gson.io.GsonSerializer
|
||||
import org.junit.After
|
||||
import org.junit.Before
|
||||
|
|
68
pom.xml
68
pom.xml
|
@ -86,6 +86,7 @@
|
|||
<properties>
|
||||
|
||||
<jjwt.root>${basedir}</jjwt.root>
|
||||
<jjwt.previousVersion>0.10.7</jjwt.previousVersion>
|
||||
|
||||
<maven.jar.version>3.0.2</maven.jar.version>
|
||||
<maven.compiler.version>3.6.1</maven.compiler.version>
|
||||
|
@ -269,6 +270,73 @@
|
|||
<source>${jdk.version}</source>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<!-- japicmp will scan code for binary breaking changes, Open api/target/japicmp/japicmp.html
|
||||
for a report of the changes since ${jjwt.previousVersion} -->
|
||||
<groupId>com.github.siom79.japicmp</groupId>
|
||||
<artifactId>japicmp-maven-plugin</artifactId>
|
||||
<version>0.13.0</version>
|
||||
<configuration>
|
||||
<oldVersion>
|
||||
<dependency>
|
||||
<groupId>${project.groupId}</groupId>
|
||||
<artifactId>${project.artifactId}</artifactId>
|
||||
<version>${jjwt.previousVersion}</version>
|
||||
<type>jar</type>
|
||||
</dependency>
|
||||
</oldVersion>
|
||||
<parameter>
|
||||
<onlyModified>true</onlyModified>
|
||||
<breakBuildOnBinaryIncompatibleModifications>true</breakBuildOnBinaryIncompatibleModifications>
|
||||
<!-- TODO: enable after 1.0 -->
|
||||
<!-- <breakBuildBasedOnSemanticVersioning>true</breakBuildBasedOnSemanticVersioning>-->
|
||||
</parameter>
|
||||
</configuration>
|
||||
</plugin>
|
||||
|
||||
<!-- The following plugin section is used in jjwt-jackson and jjwt-orgjson, to repackage (and verify)
|
||||
binary compatibility with previous versions. In v0.11.0 the implementations changed packages to
|
||||
avoid split package issues with Java 9+ see: https://github.com/jwtk/jjwt/issues/399 -->
|
||||
<!-- TODO: remove these deprecated packages and this config before v1.0 -->
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-shade-plugin</artifactId>
|
||||
<version>3.2.1</version>
|
||||
<configuration>
|
||||
<shadedClassifierName>deprecated</shadedClassifierName>
|
||||
<shadedArtifactAttached>true</shadedArtifactAttached>
|
||||
<createDependencyReducedPom>false</createDependencyReducedPom>
|
||||
<artifactSet>
|
||||
<includes>
|
||||
<include>${project.groupId}:${project.artifactId}</include>
|
||||
</includes>
|
||||
</artifactSet>
|
||||
<transformers>
|
||||
<transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"/>
|
||||
</transformers>
|
||||
</configuration>
|
||||
<executions>
|
||||
<execution>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>shade</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>com.github.siom79.japicmp</groupId>
|
||||
<artifactId>japicmp-maven-plugin</artifactId>
|
||||
<version>0.13.1</version>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>japicmp</id>
|
||||
<goals>
|
||||
<goal>cmp</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</pluginManagement>
|
||||
<plugins>
|
||||
|
|
Loading…
Reference in New Issue