diff --git a/.github/stale.yml b/.github/stale.yml
new file mode 100644
index 00000000..07729841
--- /dev/null
+++ b/.github/stale.yml
@@ -0,0 +1,64 @@
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 60
+
+# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
+# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
+daysUntilClose: 7
+
+# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
+onlyLabels: []
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+ - pinned
+ - security
+ - help-wanted
+ - bug
+ - rfc-compliance
+ - "[Status] Maybe Later"
+
+# Set to true to ignore issues in a project (defaults to false)
+exemptProjects: false
+
+# Set to true to ignore issues in a milestone (defaults to false)
+exemptMilestones: true
+
+# Set to true to ignore issues with an assignee (defaults to false)
+exemptAssignees: false
+
+# Label to use when marking as stale
+staleLabel: stale
+
+# Comment to post when marking as stale. Set to `false` to disable
+markComment: >
+ This issue has been automatically marked as stale due to inactivity for 60 or more days.
+ It will be closed in 7 days if no further activity occurs.
+
+# Comment to post when removing the stale label.
+# unmarkComment: >
+# Your comment here.
+
+# Comment to post when closing a stale Issue or Pull Request.
+closeComment: >
+ Closed due to inactivity.
+
+# Limit the number of actions per hour, from 1-30. Default is 30
+limitPerRun: 30
+
+# Limit to only `issues` or `pulls`
+only: issues
+
+# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
+# pulls:
+# daysUntilStale: 30
+# markComment: >
+# This pull request has been automatically marked as stale because it has not had
+# recent activity. It will be closed if no further activity occurs. Thank you
+# for your contributions.
+
+# issues:
+# exemptLabels:
+# - confirmed
+
diff --git a/.travis.yml b/.travis.yml
index 0ffe5742..da542f19 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -3,21 +3,37 @@
#sudo: required
language: java
jdk:
- - oraclejdk7
+ - openjdk7 # not really openjdk7 - we're just using this travis placeholder for our own Oracle JDK 7 installation
- oraclejdk8
- oraclejdk9
- - oraclejdk10
- openjdk10
before_install:
- - if [ "${TRAVIS_JDK_VERSION}" == "oraclejdk7" ]; then export MAVEN_OPTS="-Dhttps.protocols=TLSv1.2 -Xmx512m -XX:MaxPermSize=128m"; fi
- - if [ "${TRAVIS_JDK_VERSION}" == "oraclejdk7" ]; then export JAVA_HOME="/usr/lib/jvm/java-7-oracle"; export PATH="${JAVA_HOME}/bin:${PATH}"; fi
- - if [ "${TRAVIS_JDK_VERSION}" == "oraclejdk7" ]; then test ! -d "${JAVA_HOME}" && (curl http://ftp.osuosl.org/pub/funtoo/distfiles/oracle-java/jdk-7u80-linux-x64.tar.gz | sudo tar xz -C /usr/lib/jvm; sudo mv /usr/lib/jvm/jdk1.7.0_80 "${JAVA_HOME}"); fi
+ - echo "TRAVIS_JDK_VERSION is ${TRAVIS_JDK_VERSION}"
+ - |
+ if [[ "${TRAVIS_JDK_VERSION}" == "openjdk7" ]]; then
+
+ export MAVEN_OPTS="-Dhttps.protocols=TLSv1.2 -Xmx512m -XX:MaxPermSize=128m"
+ export JAVA_HOME="/usr/lib/jvm/java-7-oracle" # Set JAVA_HOME to where we want to install Oracle JDK 7
+ export PATH="${JAVA_HOME}/bin:${PATH}"
+
+ if [[ ! -d "${JAVA_HOME}" ]]; then
+ # Download and install Oracle JDK 7:
+ wget https://s3.amazonaws.com/d2fbee19-5fe2-425f-ae11-cd25b35dc99a/jdk-7u80-linux-x64.tar.gz -O /tmp/jdk-7u80-linux-x64.tar.gz
+ tar xvfz /tmp/jdk-7u80-linux-x64.tar.gz -C /tmp
+ sudo mv /tmp/jdk1.7.0_80 "${JAVA_HOME}"
+ fi
+
+ # Download and install JCE Unlimited Strength Crypto policies for Oracle JDK 7:
+ curl -q -L -C - https://238dj3282as03k369.s3-us-west-1.amazonaws.com/UnlimitedJCEPolicyJDK7.zip -o /tmp/UnlimitedJCEPolicyJDK7.zip
+ sudo unzip -oj -d "$JAVA_HOME/jre/lib/security" /tmp/UnlimitedJCEPolicyJDK7.zip \*/\*.jar
+ rm /tmp/UnlimitedJCEPolicyJDK7.zip
+ fi
+ # If on JDK 8, ensure build coverage assertions are run (we only need to run this on one JDK to reduce overall build times):
- export BUILD_COVERAGE="$([ $TRAVIS_JDK_VERSION == 'oraclejdk8' ] && echo 'true')"
install: true
-script: mvn install
-
-after_success:
+script:
+ - mvn install
- test -z "$BUILD_COVERAGE" || { mvn clean clover:setup test && mvn -pl . clover:clover clover:check coveralls:report; }
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9b73faed..2b6574df 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,26 @@
## Release Notes
+### 0.10.7
+
+This patch release:
+
+* Adds a new [Community section](https://github.com/jwtk/jjwt#community) in the documentation discussing asking
+ questions, using Slack and Gittr, and opening new issues and pull requests.
+* Fixes a [memory leak](https://github.com/jwtk/jjwt/issues/392) found in the DEFLATE compression
+codec implementation.
+* Updates the Jackson dependency version to [2.9.9.1](https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9#patches)
+to address three security vulnerabilities in Jackson:
+[CVE-2019-12086](https://nvd.nist.gov/vuln/detail/CVE-2019-12086),
+[CVE-2019-12384](https://nvd.nist.gov/vuln/detail/CVE-2019-12384), and
+[CVE-2019-12814](https://nvd.nist.gov/vuln/detail/CVE-2019-12814).
+* Fixes a [bug](https://github.com/jwtk/jjwt/issues/397) when Jackson is in the classpath but the `jjwt-jackson` .jar is not.
+* Fixes various documentation and typo fixes.
+
+### 0.10.6
+
+This patch release updates the jackson-databind version to 2.9.8 to address a critical security vulnerability in that
+library.
+
### 0.10.5
This patch release fixed an Android `org.json` library compatibility [issue](https://github.com/jwtk/jjwt/issues/388).
diff --git a/README.md b/README.md
index c9957e8b..779c2508 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,6 @@
[](https://travis-ci.org/jwtk/jjwt)
[](https://coveralls.io/github/jwtk/jjwt?branch=master)
+[](https://gitter.im/jwtk/jjwt?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
## Java JWT: JSON Web Token for Java and Android
@@ -17,13 +18,20 @@ and is supported and maintained by a [community](https://github.com/jwtk/jjwt/gr
[Okta](https://developer.okta.com/) is a complete authentication and user management API for developers.
-We've also added some convenience extensions that are not part of the specification, such as JWT compression and claim
+We've also added some convenience extensions that are not part of the specification, such as JWS compression and claim
enforcement.
## Table of Contents
* [Features](#features)
* [Currently Unsupported Features](#features-unsupported)
+* [Community](#community)
+ * [Getting Help](#help)
+ * [Questions](#help-questions)
+ * [Bugs and Feature Requests](#help-issues)
+ * [Contributing](#contributing)
+ * [Pull Requests](#contributing-pull-requests)
+ * [Help Wanted](#contributing-help-wanted)
* [What is a JSON Web Token?](#overview)
* [Installation](#install)
* [JDK Projects](#install-jdk)
@@ -110,6 +118,79 @@ enforcement.
These features will be implemented in a future release. Community contributions are welcome!
+
+## Community
+
+
+### Getting Help
+
+If you have trouble using JJWT, please first read the documentation on this page before asking questions. We try
+very hard to ensure JJWT's documentation is robust, categorized with a table of contents, and up to date for each release.
+
+
+#### Questions
+
+If the documentation or the API JavaDoc isn't sufficient, and you either have usability questions or are confused
+about something, please [ask your question here](https://stackoverflow.com/questions/ask?tags=jjwt&guided=false).
+
+After asking your question, you may wish to join our [Slack](https://jwtk.slack.com/messages/CBNACTN3A) or
+[Gittr](https://gitter.im/jwtk/jjwt) chat rooms, but note that they may not always be attended. You will usually
+have a better chance of having your question answered by
+[asking your question here](https://stackoverflow.com/questions/ask?tags=jjwt&guided=false).
+
+If you believe you have found a bug or would like to suggest a feature enhancement, please create a new GitHub issue,
+however:
+
+**Please do not create a GitHub issue to ask a question.**
+
+We use GitHub Issues to track actionable work that requires changes to JJWT's design and/or codebase. If you have a
+usability question, instead please
+[ask your question here](https://stackoverflow.com/questions/ask?tags=jjwt&guided=false), or try Slack or Gittr as
+described above.
+
+**If a GitHub Issue is created that does not represent actionable work for JJWT's codebase, it will be promptly closed.**
+
+
+#### Bugs and Feature Requests
+
+If you do not have a usability question and believe you have a legitimate bug or feature request,
+please do [create a new JJWT issue](https://github.com/jwtk/jjwt/issues/new).
+
+If you feel like you'd like to help fix a bug or implement the new feature yourself, please read the Contributing
+section next before starting any work.
+
+
+### Contributing
+
+
+#### Pull Requests
+
+Simple Pull Requests that fix anything other than JJWT core code (documentation, JavaDoc, typos, test cases, etc) are
+always appreciated and have a high likelihood of being merged quickly. Please send them!
+
+However, if you want or feel the need to change JJWT's functionality or core code, please do not issue a pull request
+without [creating a new JJWT issue](https://github.com/jwtk/jjwt/issues/new) and discussing your desired
+changes **first**, _before you start working on it_.
+
+It would be a shame to reject your earnest and genuinely appreciated pull request if it might not not align with the
+project's goals, design expectations or planned functionality. We've sadly had to reject large PRs in the past because
+they were out of sync with project or design expectations - all because the PR author didn't first check in with
+the team first before working on a solution.
+
+So, please [create a new JJWT issue](https://github.com/jwtk/jjwt/issues/new) first to discuss, and then we can see if
+(or how) a PR is warranted. Thank you!
+
+
+#### Help Wanted
+
+If you would like to help, but don't know where to start, please visit the
+[Help Wanted Issues](https://github.com/jwtk/jjwt/labels/help%20wanted) page and pick any of the
+ones there, and we'll be happy to discuss and answer questions in the issue comments.
+
+If any of those don't appeal to you, no worries! Any help you would like to offer would be
+appreciated based on the above caveats concerning [contributing pull reqeuests](#contributing-pull-requests). Feel free
+to discuss or ask questions first if you're not sure. :)
+
## What is a JSON Web Token?
@@ -179,18 +260,18 @@ If you're building a (non-Android) JDK project, you will want to define the foll
io.jsonwebtoken
jjwt-api
- 0.10.5
+ 0.10.7
io.jsonwebtoken
jjwt-impl
- 0.10.5
+ 0.10.7
runtime
io.jsonwebtoken
jjwt-jackson
- 0.10.5
+ 0.10.7
runtime
```
@@ -1201,7 +1282,7 @@ scope which is the typical JJWT default). That is:
```groovy
dependencies {
- compile 'io.jsonwebtoken:jjwt-jackson:0.10.5'
+ compile 'io.jsonwebtoken:jjwt-jackson:0.10.7'
}
```
diff --git a/api/pom.xml b/api/pom.xml
index 00007e65..82e916c7 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -21,7 +21,7 @@
io.jsonwebtoken
jjwt-root
- 0.11.0-SNAPSHOT
+ 0.10.8-SNAPSHOT
../pom.xml
diff --git a/extensions/jackson/pom.xml b/extensions/jackson/pom.xml
index 6757654d..c4ac14c3 100644
--- a/extensions/jackson/pom.xml
+++ b/extensions/jackson/pom.xml
@@ -21,7 +21,7 @@
io.jsonwebtoken
jjwt-root
- 0.11.0-SNAPSHOT
+ 0.10.8-SNAPSHOT
../../pom.xml
diff --git a/extensions/orgjson/pom.xml b/extensions/orgjson/pom.xml
index 72a20c14..d391563d 100644
--- a/extensions/orgjson/pom.xml
+++ b/extensions/orgjson/pom.xml
@@ -21,7 +21,7 @@
io.jsonwebtoken
jjwt-root
- 0.11.0-SNAPSHOT
+ 0.10.8-SNAPSHOT
../../pom.xml
diff --git a/extensions/pom.xml b/extensions/pom.xml
index 4d29b9eb..e043adf6 100644
--- a/extensions/pom.xml
+++ b/extensions/pom.xml
@@ -21,7 +21,7 @@
io.jsonwebtoken
jjwt-root
- 0.11.0-SNAPSHOT
+ 0.10.8-SNAPSHOT
../pom.xml
diff --git a/impl/pom.xml b/impl/pom.xml
index fb9a731e..951b1f07 100644
--- a/impl/pom.xml
+++ b/impl/pom.xml
@@ -21,7 +21,7 @@
io.jsonwebtoken
jjwt-root
- 0.11.0-SNAPSHOT
+ 0.10.8-SNAPSHOT
../pom.xml
diff --git a/impl/src/main/java/io/jsonwebtoken/impl/compression/AbstractCompressionCodec.java b/impl/src/main/java/io/jsonwebtoken/impl/compression/AbstractCompressionCodec.java
index e1b2e653..b8b2b577 100644
--- a/impl/src/main/java/io/jsonwebtoken/impl/compression/AbstractCompressionCodec.java
+++ b/impl/src/main/java/io/jsonwebtoken/impl/compression/AbstractCompressionCodec.java
@@ -18,8 +18,12 @@ package io.jsonwebtoken.impl.compression;
import io.jsonwebtoken.CompressionCodec;
import io.jsonwebtoken.CompressionException;
import io.jsonwebtoken.lang.Assert;
+import io.jsonwebtoken.lang.Objects;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
/**
* Abstract class that asserts arguments and wraps IOException with CompressionException.
@@ -28,6 +32,44 @@ import java.io.IOException;
*/
public abstract class AbstractCompressionCodec implements CompressionCodec {
+ //package-protected for a point release. This can be made protected on a minor release (0.11.0, 0.12.0, 1.0, etc).
+ //TODO: make protected on a minor release
+ interface StreamWrapper {
+ OutputStream wrap(OutputStream out) throws IOException;
+ }
+
+ //package-protected for a point release. This can be made protected on a minor release (0.11.0, 0.12.0, 1.0, etc).
+ //TODO: make protected on a minor release
+ byte[] readAndClose(InputStream input) throws IOException {
+ byte[] buffer = new byte[512];
+ ByteArrayOutputStream out = new ByteArrayOutputStream(buffer.length);
+ int read;
+ try {
+ read = input.read(buffer); //assignment separate from loop invariant check for code coverage checks
+ while (read != -1) {
+ out.write(buffer, 0, read);
+ read = input.read(buffer);
+ }
+ } finally {
+ Objects.nullSafeClose(input);
+ }
+ return out.toByteArray();
+ }
+
+ //package-protected for a point release. This can be made protected on a minor release (0.11.0, 0.12.0, 1.0, etc).
+ //TODO: make protected on a minor release
+ byte[] writeAndClose(byte[] payload, StreamWrapper wrapper) throws IOException {
+ ByteArrayOutputStream outputStream = new ByteArrayOutputStream(512);
+ OutputStream compressionStream = wrapper.wrap(outputStream);
+ try {
+ compressionStream.write(payload);
+ compressionStream.flush();
+ } finally {
+ Objects.nullSafeClose(compressionStream);
+ }
+ return outputStream.toByteArray();
+ }
+
/**
* Implement this method to do the actual work of compressing the payload
*
diff --git a/impl/src/main/java/io/jsonwebtoken/impl/compression/DeflateCompressionCodec.java b/impl/src/main/java/io/jsonwebtoken/impl/compression/DeflateCompressionCodec.java
index 9f76970b..f31e6c0d 100644
--- a/impl/src/main/java/io/jsonwebtoken/impl/compression/DeflateCompressionCodec.java
+++ b/impl/src/main/java/io/jsonwebtoken/impl/compression/DeflateCompressionCodec.java
@@ -15,13 +15,11 @@
*/
package io.jsonwebtoken.impl.compression;
-import io.jsonwebtoken.lang.Objects;
-
-import java.io.ByteArrayOutputStream;
+import java.io.ByteArrayInputStream;
import java.io.IOException;
-import java.util.zip.Deflater;
+import java.io.OutputStream;
import java.util.zip.DeflaterOutputStream;
-import java.util.zip.InflaterOutputStream;
+import java.util.zip.InflaterInputStream;
/**
* Codec implementing the deflate compression algorithm.
@@ -32,43 +30,25 @@ public class DeflateCompressionCodec extends AbstractCompressionCodec {
private static final String DEFLATE = "DEF";
+ private static final StreamWrapper WRAPPER = new StreamWrapper() {
+ @Override
+ public OutputStream wrap(OutputStream out) {
+ return new DeflaterOutputStream(out);
+ }
+ };
+
@Override
public String getAlgorithmName() {
return DEFLATE;
}
@Override
- public byte[] doCompress(byte[] payload) throws IOException {
-
- Deflater deflater = new Deflater(Deflater.BEST_COMPRESSION);
-
- ByteArrayOutputStream outputStream = null;
- DeflaterOutputStream deflaterOutputStream = null;
- try {
- outputStream = new ByteArrayOutputStream();
- deflaterOutputStream = new DeflaterOutputStream(outputStream, deflater, true);
-
- deflaterOutputStream.write(payload, 0, payload.length);
- deflaterOutputStream.flush();
- return outputStream.toByteArray();
- } finally {
- Objects.nullSafeClose(outputStream, deflaterOutputStream);
- }
+ protected byte[] doCompress(byte[] payload) throws IOException {
+ return writeAndClose(payload, WRAPPER);
}
@Override
- public byte[] doDecompress(byte[] compressed) throws IOException {
- InflaterOutputStream inflaterOutputStream = null;
- ByteArrayOutputStream decompressedOutputStream = null;
-
- try {
- decompressedOutputStream = new ByteArrayOutputStream();
- inflaterOutputStream = new InflaterOutputStream(decompressedOutputStream);
- inflaterOutputStream.write(compressed);
- inflaterOutputStream.flush();
- return decompressedOutputStream.toByteArray();
- } finally {
- Objects.nullSafeClose(decompressedOutputStream, inflaterOutputStream);
- }
+ protected byte[] doDecompress(byte[] compressed) throws IOException {
+ return readAndClose(new InflaterInputStream(new ByteArrayInputStream(compressed)));
}
}
diff --git a/impl/src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionCodec.java b/impl/src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionCodec.java
index 0355a76a..978f1dc0 100644
--- a/impl/src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionCodec.java
+++ b/impl/src/main/java/io/jsonwebtoken/impl/compression/GzipCompressionCodec.java
@@ -16,11 +16,10 @@
package io.jsonwebtoken.impl.compression;
import io.jsonwebtoken.CompressionCodec;
-import io.jsonwebtoken.lang.Objects;
import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.io.OutputStream;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
@@ -33,43 +32,25 @@ public class GzipCompressionCodec extends AbstractCompressionCodec implements Co
private static final String GZIP = "GZIP";
+ private static final StreamWrapper WRAPPER = new StreamWrapper() {
+ @Override
+ public OutputStream wrap(OutputStream out) throws IOException {
+ return new GZIPOutputStream(out);
+ }
+ };
+
@Override
public String getAlgorithmName() {
return GZIP;
}
@Override
- protected byte[] doDecompress(byte[] compressed) throws IOException {
- byte[] buffer = new byte[512];
-
- ByteArrayOutputStream outputStream = null;
- GZIPInputStream gzipInputStream = null;
- ByteArrayInputStream inputStream = null;
-
- try {
- inputStream = new ByteArrayInputStream(compressed);
- gzipInputStream = new GZIPInputStream(inputStream);
- outputStream = new ByteArrayOutputStream();
- int read = gzipInputStream.read(buffer);
- while (read != -1) {
- outputStream.write(buffer, 0, read);
- read = gzipInputStream.read(buffer);
- }
- return outputStream.toByteArray();
- } finally {
- Objects.nullSafeClose(inputStream, gzipInputStream, outputStream);
- }
+ protected byte[] doCompress(byte[] payload) throws IOException {
+ return writeAndClose(payload, WRAPPER);
}
- protected byte[] doCompress(byte[] payload) throws IOException {
- ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
- GZIPOutputStream compressorOutputStream = new GZIPOutputStream(outputStream, true);
- try {
- compressorOutputStream.write(payload, 0, payload.length);
- compressorOutputStream.finish();
- return outputStream.toByteArray();
- } finally {
- Objects.nullSafeClose(compressorOutputStream, outputStream);
- }
+ @Override
+ protected byte[] doDecompress(byte[] compressed) throws IOException {
+ return readAndClose(new GZIPInputStream(new ByteArrayInputStream(compressed)));
}
}
diff --git a/impl/src/main/java/io/jsonwebtoken/impl/io/RuntimeClasspathDeserializerLocator.java b/impl/src/main/java/io/jsonwebtoken/impl/io/RuntimeClasspathDeserializerLocator.java
index 7205aabc..9dc41412 100644
--- a/impl/src/main/java/io/jsonwebtoken/impl/io/RuntimeClasspathDeserializerLocator.java
+++ b/impl/src/main/java/io/jsonwebtoken/impl/io/RuntimeClasspathDeserializerLocator.java
@@ -30,9 +30,9 @@ public class RuntimeClasspathDeserializerLocator implements InstanceLocator locate() {
- if (isAvailable("com.fasterxml.jackson.databind.ObjectMapper")) {
+ if (isAvailable("io.jsonwebtoken.io.JacksonDeserializer")) {
return Classes.newInstance("io.jsonwebtoken.io.JacksonDeserializer");
- } else if (isAvailable("org.json.JSONObject")) {
+ } else if (isAvailable("io.jsonwebtoken.io.OrgJsonDeserializer")) {
return Classes.newInstance("io.jsonwebtoken.io.OrgJsonDeserializer");
} else if (isAvailable("com.google.gson.GsonBuilder")) {
return Classes.newInstance("io.jsonwebtoken.io.GsonDeSerializer");
diff --git a/impl/src/main/java/io/jsonwebtoken/impl/io/RuntimeClasspathSerializerLocator.java b/impl/src/main/java/io/jsonwebtoken/impl/io/RuntimeClasspathSerializerLocator.java
index 867f5b27..f438fdfa 100644
--- a/impl/src/main/java/io/jsonwebtoken/impl/io/RuntimeClasspathSerializerLocator.java
+++ b/impl/src/main/java/io/jsonwebtoken/impl/io/RuntimeClasspathSerializerLocator.java
@@ -30,9 +30,9 @@ public class RuntimeClasspathSerializerLocator implements InstanceLocator locate() {
- if (isAvailable("com.fasterxml.jackson.databind.ObjectMapper")) {
+ if (isAvailable("io.jsonwebtoken.io.JacksonSerializer")) {
return Classes.newInstance("io.jsonwebtoken.io.JacksonSerializer");
- } else if (isAvailable("org.json.JSONObject")) {
+ } else if (isAvailable("io.jsonwebtoken.io.OrgJsonSerializer")) {
return Classes.newInstance("io.jsonwebtoken.io.OrgJsonSerializer");
} else if (isAvailable("com.google.gson.GsonBuilder")) {
return Classes.newInstance("io.jsonwebtoken.io.GsonSerializer");
diff --git a/impl/src/test/groovy/io/jsonwebtoken/impl/io/RuntimeClasspathDeserializerLocatorTest.groovy b/impl/src/test/groovy/io/jsonwebtoken/impl/io/RuntimeClasspathDeserializerLocatorTest.groovy
index 22756feb..7013aa2a 100644
--- a/impl/src/test/groovy/io/jsonwebtoken/impl/io/RuntimeClasspathDeserializerLocatorTest.groovy
+++ b/impl/src/test/groovy/io/jsonwebtoken/impl/io/RuntimeClasspathDeserializerLocatorTest.groovy
@@ -86,7 +86,7 @@ class RuntimeClasspathDeserializerLocatorTest {
def locator = new RuntimeClasspathDeserializerLocator() {
@Override
protected boolean isAvailable(String fqcn) {
- if (ObjectMapper.class.getName().equals(fqcn)) {
+ if (JacksonDeserializer.class.getName().equals(fqcn)) {
return false; //skip it to allow the OrgJson impl to be created
}
return super.isAvailable(fqcn)
diff --git a/impl/src/test/groovy/io/jsonwebtoken/impl/io/RuntimeClasspathSerializerLocatorTest.groovy b/impl/src/test/groovy/io/jsonwebtoken/impl/io/RuntimeClasspathSerializerLocatorTest.groovy
index 2e6c2aef..96daae90 100644
--- a/impl/src/test/groovy/io/jsonwebtoken/impl/io/RuntimeClasspathSerializerLocatorTest.groovy
+++ b/impl/src/test/groovy/io/jsonwebtoken/impl/io/RuntimeClasspathSerializerLocatorTest.groovy
@@ -1,6 +1,5 @@
package io.jsonwebtoken.impl.io
-import com.fasterxml.jackson.databind.ObjectMapper
import io.jsonwebtoken.io.Serializer
import io.jsonwebtoken.io.JacksonSerializer
import io.jsonwebtoken.io.OrgJsonSerializer
@@ -86,7 +85,7 @@ class RuntimeClasspathSerializerLocatorTest {
def locator = new RuntimeClasspathSerializerLocator() {
@Override
protected boolean isAvailable(String fqcn) {
- if (ObjectMapper.class.getName().equals(fqcn)) {
+ if (JacksonSerializer.class.getName().equals(fqcn)) {
return false //skip it to allow the OrgJson impl to be created
}
return super.isAvailable(fqcn)
diff --git a/pom.xml b/pom.xml
index c0ab801d..a8a18fa6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
io.jsonwebtoken
jjwt-root
- 0.11.0-SNAPSHOT
+ 0.10.8-SNAPSHOT
JJWT
JSON Web Token support for the JVM and Android
pom
@@ -88,7 +88,7 @@
UTF-8
${user.name}-${maven.build.timestamp}
- 2.9.6
+ 2.9.9.1
20180130