honeymoose
/
jjwt
mirror of https://github.com/jwtk/jjwt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix split package issue in extensions/jackson and extensions/orgjson (#488) 

* Fix split package issue in extensions/jackson and extensions/orgjson

This moves the implementation specific classes:
- `io.jsonwebtoken.io.Jackson*` to `io.jsonwebtoken.jackson.io.Jackson*`
- `io.jsonwebtoken.io.OrgJson*` to `io.jsonwebtoken.orgjson.io.OrgJson*`

* Add Backwards Compatibility Warning to CHANGELOG
* Add `jjwt-jackson:deprecated` and `jjwt-orgjson:deprecated` modules to retain backward-compatible versions of the Jackson and OrgJson Serializers (this is built with the shade plugin and binary compatibility validated with japicmp)

Fixes: #399
This commit is contained in:
Brian Demers 2019-09-27 17:11:19 -04:00 committed by GitHub
parent b5958202c0
commit 6e74be0b8d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 208 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
CHANGELOG.md
View File

@ -3,7 +3,40 @@
### 0.11.0 ### 0.11.0
* Updates the Jackson dependency version to [2.9.10](https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9#patches) * Updates the Jackson dependency version to [2.9.10](https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9#patches)
to address three security vulnerabilities in Jackson: to address three security vulnerabilities in Jackson.
* Moves JSON Serializer/Deserializer implementations to a different package name.
- `io.jsonwebtoken.io.JacksonSerializer` -> `io.jsonwebtoken.jackson.io.JacksonSerializer`
- `io.jsonwebtoken.io.JacksonDeserializer` -> `io.jsonwebtoken.jackson.io.JacksonDeserializer`
- `io.jsonwebtoken.io.OrgJsonSerializer` -> `io.jsonwebtoken.orgjson.io.OrgJsonSerializer`
- `io.jsonwebtoken.io.OrgJsonDeserializer` -> `io.jsonwebtoken.orgjson.io.OrgJsonDeserializer`
A backward compatibility modules has been created using the `deprecated` classifier (`io.jsonwebtoken:jjwt-jackson:0.11.0:deprecated` and `io.jsonwebtoken:jjwt-orjson:0.11.0:deprecated`), if you are compiling against these classes directly, otherwise you will be unaffected.
#### Backwards Compatibility Warning
Due to this package move, if you are currently using one of the above four existing (pre 0.11.0) classes with `compile` scope, you must either:
1. change your code to use the newer package classes (recommended), or
1. change your build/dependency configuration to use the `deprecated` dependency classifier to use the existing classes, as follows:
**Maven**
```xml
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.11.0</version>
<classifier>deprecated</classifier>
<scope>compile</scope>
</dependency>
```
**Gradle**
```groovy
compile 'io.jsonwebtoken:jjwt-jackson:0.11.0:deprecated'
```
**Note:** that the first option is recommended since the second option will not be available starting with the 1.0 release.
### 0.10.7 ### 0.10.7

33
extensions/jackson/pom.xml
View File

@ -44,4 +44,37 @@
</dependency> </dependency>
</dependencies> </dependencies>
<build>
<plugins>
<!-- The following plugin section is used in jjwt-jackson and jjwt-orgjson, to repackage (and verify)
binary compatibility with previous versions. In v0.11.0 the implementations changed packages to
avoid split package issues with Java 9+ see: https://github.com/jwtk/jjwt/issues/399 -->
<!-- TODO: remove these deprecated packages and this config before v1.0 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<configuration>
<relocations>
<relocation>
<pattern>io.jsonwebtoken.jackson.io</pattern>
<shadedPattern>io.jsonwebtoken.io</shadedPattern>
<includes>io.jsonwebtoken.jackson.io.*</includes>
</relocation>
</relocations>
</configuration>
</plugin>
<plugin>
<groupId>com.github.siom79.japicmp</groupId>
<artifactId>japicmp-maven-plugin</artifactId>
<configuration>
<newVersion>
<file>
<!-- compare the previous version with the new 'deprecated' package -->
<path>${project.build.directory}/${project.artifactId}-${project.version}-deprecated.${project.packaging}</path>
</file>
</newVersion>
</configuration>
</plugin>
</plugins>
</build>
</project> </project>

4
extensions/jackson/src/main/java/io/jsonwebtoken/io/JacksonDeserializer.java → extensions/jackson/src/main/java/io/jsonwebtoken/jackson/io/JacksonDeserializer.java
View File

@ -13,9 +13,11 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package io.jsonwebtoken.io; package io.jsonwebtoken.jackson.io;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import io.jsonwebtoken.io.DeserializationException;
import io.jsonwebtoken.io.Deserializer;
import io.jsonwebtoken.lang.Assert; import io.jsonwebtoken.lang.Assert;
import java.io.IOException; import java.io.IOException;

4
extensions/jackson/src/main/java/io/jsonwebtoken/io/JacksonSerializer.java → extensions/jackson/src/main/java/io/jsonwebtoken/jackson/io/JacksonSerializer.java
View File

@ -13,10 +13,12 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package io.jsonwebtoken.io; package io.jsonwebtoken.jackson.io;
import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import io.jsonwebtoken.io.SerializationException;
import io.jsonwebtoken.io.Serializer;
import io.jsonwebtoken.lang.Assert; import io.jsonwebtoken.lang.Assert;
/** /**

4
extensions/jackson/src/test/groovy/io/jsonwebtoken/io/JacksonDeserializerTest.groovy → extensions/jackson/src/test/groovy/io/jsonwebtoken/jackson/io/JacksonDeserializerTest.groovy
View File

@ -13,9 +13,11 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package io.jsonwebtoken.io package io.jsonwebtoken.jackson.io
import com.fasterxml.jackson.databind.ObjectMapper import com.fasterxml.jackson.databind.ObjectMapper
import io.jsonwebtoken.io.DeserializationException
import io.jsonwebtoken.jackson.io.JacksonDeserializer
import io.jsonwebtoken.lang.Strings import io.jsonwebtoken.lang.Strings
import org.junit.Test import org.junit.Test

4
extensions/jackson/src/test/groovy/io/jsonwebtoken/io/JacksonSerializerTest.groovy → extensions/jackson/src/test/groovy/io/jsonwebtoken/jackson/io/JacksonSerializerTest.groovy
View File

@ -13,10 +13,12 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package io.jsonwebtoken.io package io.jsonwebtoken.jackson.io
import com.fasterxml.jackson.core.JsonProcessingException import com.fasterxml.jackson.core.JsonProcessingException
import com.fasterxml.jackson.databind.ObjectMapper import com.fasterxml.jackson.databind.ObjectMapper
import io.jsonwebtoken.io.SerializationException
import io.jsonwebtoken.jackson.io.JacksonSerializer
import io.jsonwebtoken.lang.Strings import io.jsonwebtoken.lang.Strings
import org.junit.Test import org.junit.Test

33
extensions/orgjson/pom.xml
View File

@ -44,4 +44,37 @@
</dependency> </dependency>
</dependencies> </dependencies>
<build>
<plugins>
<!-- The following plugin section is used in jjwt-jackson and jjwt-orgjson, to repackage (and verify)
binary compatibility with previous versions. In v0.11.0 the implementations changed packages to
avoid split package issues with Java 9+ see: https://github.com/jwtk/jjwt/issues/399 -->
<!-- TODO: remove these deprecated packages and this config before v1.0 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<configuration>
<relocations>
<relocation>
<pattern>io.jsonwebtoken.orgjson.io</pattern>
<shadedPattern>io.jsonwebtoken.io</shadedPattern>
<includes>io.jsonwebtoken.orgjson.io.*</includes>
</relocation>
</relocations>
</configuration>
</plugin>
<plugin>
<groupId>com.github.siom79.japicmp</groupId>
<artifactId>japicmp-maven-plugin</artifactId>
<configuration>
<newVersion>
<file>
<!-- compare the previous version with the new 'deprecated' package -->
<path>${project.build.directory}/${project.artifactId}-${project.version}-deprecated.${project.packaging}</path>
</file>
</newVersion>
</configuration>
</plugin>
</plugins>
</build>
</project> </project>

4
extensions/orgjson/src/main/java/io/jsonwebtoken/io/OrgJsonDeserializer.java → extensions/orgjson/src/main/java/io/jsonwebtoken/orgjson/io/OrgJsonDeserializer.java
View File

@ -13,8 +13,10 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package io.jsonwebtoken.io; package io.jsonwebtoken.orgjson.io;
import io.jsonwebtoken.io.DeserializationException;
import io.jsonwebtoken.io.Deserializer;
import io.jsonwebtoken.lang.Assert; import io.jsonwebtoken.lang.Assert;
import io.jsonwebtoken.lang.Strings; import io.jsonwebtoken.lang.Strings;
import org.json.JSONArray; import org.json.JSONArray;

5
extensions/orgjson/src/main/java/io/jsonwebtoken/io/OrgJsonSerializer.java → extensions/orgjson/src/main/java/io/jsonwebtoken/orgjson/io/OrgJsonSerializer.java
View File

@ -13,8 +13,11 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package io.jsonwebtoken.io; package io.jsonwebtoken.orgjson.io;
import io.jsonwebtoken.io.Encoders;
import io.jsonwebtoken.io.SerializationException;
import io.jsonwebtoken.io.Serializer;
import io.jsonwebtoken.lang.Classes; import io.jsonwebtoken.lang.Classes;
import io.jsonwebtoken.lang.Collections; import io.jsonwebtoken.lang.Collections;
import io.jsonwebtoken.lang.DateFormats; import io.jsonwebtoken.lang.DateFormats;

3
extensions/orgjson/src/test/groovy/io/jsonwebtoken/io/AndroidOrgJsonSerializerTest.groovy → extensions/orgjson/src/test/groovy/io/jsonwebtoken/orgjson/io/AndroidOrgJsonSerializerTest.groovy
View File

@ -13,9 +13,10 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package io.jsonwebtoken.io package io.jsonwebtoken.orgjson.io
import io.jsonwebtoken.lang.Classes import io.jsonwebtoken.lang.Classes
import io.jsonwebtoken.orgjson.io.OrgJsonSerializer
import org.junit.Test import org.junit.Test
import org.junit.runner.RunWith import org.junit.runner.RunWith
import org.powermock.core.classloader.annotations.PrepareForTest import org.powermock.core.classloader.annotations.PrepareForTest

4
extensions/orgjson/src/test/groovy/io/jsonwebtoken/io/OrgJsonDeserializerTest.groovy → extensions/orgjson/src/test/groovy/io/jsonwebtoken/orgjson/io/OrgJsonDeserializerTest.groovy
View File

@ -13,9 +13,11 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package io.jsonwebtoken.io package io.jsonwebtoken.orgjson.io
import io.jsonwebtoken.io.DeserializationException
import io.jsonwebtoken.lang.Strings import io.jsonwebtoken.lang.Strings
import io.jsonwebtoken.orgjson.io.OrgJsonDeserializer
import org.junit.Test import org.junit.Test
import static org.junit.Assert.* import static org.junit.Assert.*

4
extensions/orgjson/src/test/groovy/io/jsonwebtoken/io/OrgJsonSerializerTest.groovy → extensions/orgjson/src/test/groovy/io/jsonwebtoken/orgjson/io/OrgJsonSerializerTest.groovy
View File

@ -13,11 +13,13 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package io.jsonwebtoken.io package io.jsonwebtoken.orgjson.io
import io.jsonwebtoken.SignatureAlgorithm import io.jsonwebtoken.SignatureAlgorithm
import io.jsonwebtoken.io.SerializationException
import io.jsonwebtoken.lang.DateFormats import io.jsonwebtoken.lang.DateFormats
import io.jsonwebtoken.lang.Strings import io.jsonwebtoken.lang.Strings
import io.jsonwebtoken.orgjson.io.OrgJsonSerializer
import org.json.JSONObject import org.json.JSONObject
import org.json.JSONString import org.json.JSONString
import org.junit.Before import org.junit.Before

1
extensions/pom.xml
View File

@ -38,5 +38,4 @@
<module>orgjson</module> <module>orgjson</module>
<module>gson</module> <module>gson</module>
</modules> </modules>
</project> </project>

8
impl/src/main/java/io/jsonwebtoken/impl/io/RuntimeClasspathDeserializerLocator.java
View File

@ -45,10 +45,10 @@ public class RuntimeClasspathDeserializerLocator<T> implements InstanceLocator<D
@SuppressWarnings("WeakerAccess") //to allow testing override @SuppressWarnings("WeakerAccess") //to allow testing override
protected Deserializer<T> locate() { protected Deserializer<T> locate() {
if (isAvailable("io.jsonwebtoken.io.JacksonDeserializer")) { if (isAvailable("io.jsonwebtoken.jackson.io.JacksonDeserializer")) {
return Classes.newInstance("io.jsonwebtoken.io.JacksonDeserializer"); return Classes.newInstance("io.jsonwebtoken.jackson.io.JacksonDeserializer");
} else if (isAvailable("io.jsonwebtoken.io.OrgJsonDeserializer")) { } else if (isAvailable("io.jsonwebtoken.orgjson.io.OrgJsonDeserializer")) {
return Classes.newInstance("io.jsonwebtoken.io.OrgJsonDeserializer"); return Classes.newInstance("io.jsonwebtoken.orgjson.io.OrgJsonDeserializer");
} else if (isAvailable("io.jsonwebtoken.gson.io.GsonDeserializer")) { } else if (isAvailable("io.jsonwebtoken.gson.io.GsonDeserializer")) {
return Classes.newInstance("io.jsonwebtoken.gson.io.GsonDeserializer"); return Classes.newInstance("io.jsonwebtoken.gson.io.GsonDeserializer");
} else { } else {

8
impl/src/main/java/io/jsonwebtoken/impl/io/RuntimeClasspathSerializerLocator.java
View File

@ -45,10 +45,10 @@ public class RuntimeClasspathSerializerLocator implements InstanceLocator<Serial
@SuppressWarnings("WeakerAccess") //to allow testing override @SuppressWarnings("WeakerAccess") //to allow testing override
protected Serializer<Object> locate() { protected Serializer<Object> locate() {
if (isAvailable("io.jsonwebtoken.io.JacksonSerializer")) { if (isAvailable("io.jsonwebtoken.jackson.io.JacksonSerializer")) {
return Classes.newInstance("io.jsonwebtoken.io.JacksonSerializer"); return Classes.newInstance("io.jsonwebtoken.jackson.io.JacksonSerializer");
} else if (isAvailable("io.jsonwebtoken.io.OrgJsonSerializer")) { } else if (isAvailable("io.jsonwebtoken.orgjson.io.OrgJsonSerializer")) {
return Classes.newInstance("io.jsonwebtoken.io.OrgJsonSerializer"); return Classes.newInstance("io.jsonwebtoken.orgjson.io.OrgJsonSerializer");
} else if (isAvailable("io.jsonwebtoken.gson.io.GsonSerializer")) { } else if (isAvailable("io.jsonwebtoken.gson.io.GsonSerializer")) {
return Classes.newInstance("io.jsonwebtoken.gson.io.GsonSerializer"); return Classes.newInstance("io.jsonwebtoken.gson.io.GsonSerializer");
} else { } else {

6
impl/src/test/groovy/io/jsonwebtoken/impl/io/RuntimeClasspathDeserializerLocatorTest.groovy
View File

@ -15,10 +15,10 @@
*/ */
package io.jsonwebtoken.impl.io package io.jsonwebtoken.impl.io
import com.fasterxml.jackson.databind.ObjectMapper
import io.jsonwebtoken.io.Deserializer import io.jsonwebtoken.io.Deserializer
import io.jsonwebtoken.io.JacksonDeserializer import io.jsonwebtoken.jackson.io.JacksonDeserializer
import io.jsonwebtoken.io.OrgJsonDeserializer import io.jsonwebtoken.orgjson.io.OrgJsonDeserializer
import io.jsonwebtoken.gson.io.GsonDeserializer import io.jsonwebtoken.gson.io.GsonDeserializer
import org.junit.After import org.junit.After
import org.junit.Before import org.junit.Before

4
impl/src/test/groovy/io/jsonwebtoken/impl/io/RuntimeClasspathSerializerLocatorTest.groovy
View File

@ -16,8 +16,8 @@
package io.jsonwebtoken.impl.io package io.jsonwebtoken.impl.io
import io.jsonwebtoken.io.Serializer import io.jsonwebtoken.io.Serializer
import io.jsonwebtoken.io.JacksonSerializer import io.jsonwebtoken.jackson.io.JacksonSerializer
import io.jsonwebtoken.io.OrgJsonSerializer import io.jsonwebtoken.orgjson.io.OrgJsonSerializer
import io.jsonwebtoken.gson.io.GsonSerializer import io.jsonwebtoken.gson.io.GsonSerializer
import org.junit.After import org.junit.After
import org.junit.Before import org.junit.Before

68
pom.xml
View File

@ -86,6 +86,7 @@
<properties> <properties>
<jjwt.root>${basedir}</jjwt.root> <jjwt.root>${basedir}</jjwt.root>
<jjwt.previousVersion>0.10.7</jjwt.previousVersion>
<maven.jar.version>3.0.2</maven.jar.version> <maven.jar.version>3.0.2</maven.jar.version>
<maven.compiler.version>3.6.1</maven.compiler.version> <maven.compiler.version>3.6.1</maven.compiler.version>
@ -269,6 +270,73 @@
<source>${jdk.version}</source> <source>${jdk.version}</source>
</configuration> </configuration>
</plugin> </plugin>
<plugin>
<!-- japicmp will scan code for binary breaking changes, Open api/target/japicmp/japicmp.html
for a report of the changes since ${jjwt.previousVersion} -->
<groupId>com.github.siom79.japicmp</groupId>
<artifactId>japicmp-maven-plugin</artifactId>
<version>0.13.0</version>
<configuration>
<oldVersion>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${project.artifactId}</artifactId>
<version>${jjwt.previousVersion}</version>
<type>jar</type>
</dependency>
</oldVersion>
<parameter>
<onlyModified>true</onlyModified>
<breakBuildOnBinaryIncompatibleModifications>true</breakBuildOnBinaryIncompatibleModifications>
<!-- TODO: enable after 1.0 -->
<!-- <breakBuildBasedOnSemanticVersioning>true</breakBuildBasedOnSemanticVersioning>-->
</parameter>
</configuration>
</plugin>
<!-- The following plugin section is used in jjwt-jackson and jjwt-orgjson, to repackage (and verify)
binary compatibility with previous versions. In v0.11.0 the implementations changed packages to
avoid split package issues with Java 9+ see: https://github.com/jwtk/jjwt/issues/399 -->
<!-- TODO: remove these deprecated packages and this config before v1.0 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>3.2.1</version>
<configuration>
<shadedClassifierName>deprecated</shadedClassifierName>
<shadedArtifactAttached>true</shadedArtifactAttached>
<createDependencyReducedPom>false</createDependencyReducedPom>
<artifactSet>
<includes>
<include>${project.groupId}:${project.artifactId}</include>
</includes>
</artifactSet>
<transformers>
<transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"/>
</transformers>
</configuration>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>shade</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>com.github.siom79.japicmp</groupId>
<artifactId>japicmp-maven-plugin</artifactId>
<version>0.13.1</version>
<executions>
<execution>
<id>japicmp</id>
<goals>
<goal>cmp</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins> </plugins>
</pluginManagement> </pluginManagement>
<plugins> <plugins>