mindol1004/spring-session
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Spring Security jackson2

Browse Source 
Issue gh-434
This commit is contained in:
Rob Winch
2016-09-12 14:03:49 -05:00
parent 8b97a32db2
commit 0e1d81f509
34 changed files with 1145 additions and 888 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
samples/httpsession-redis-json/src/integration-test/java/samples/mixins/MixinsDeserilizeTest.java
View File

@@ -1,134 +0,0 @@
package samples.mixins;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.SpringApplicationConfiguration;
import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
import org.springframework.data.redis.serializer.SerializationException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.csrf.DefaultCsrfToken;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import sample.Application;
import javax.servlet.http.Cookie;
import static org.assertj.core.api.Assertions.assertThat;
/**
* @author jitendra on 28/3/16.
*/
@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(Application.class)
public class MixinsDeserilizeTest {
@Autowired
GenericJackson2JsonRedisSerializer redisSerializer;
@Test
public void defaultCsrfTokenMixin() {
String tokenJson = "{\"@class\": \"org.springframework.security.web.csrf.DefaultCsrfToken\", \"token\": \"123456\", \"parameterName\": \"_csrf\", \"headerName\": \"x-csrf-header\"}";
DefaultCsrfToken token = redisSerializer.deserialize(tokenJson.getBytes(), DefaultCsrfToken.class);
assertThat(token)
.hasFieldOrPropertyWithValue("token", "123456")
.hasFieldOrPropertyWithValue("parameterName", "_csrf")
.hasFieldOrPropertyWithValue("headerName", "x-csrf-header");
}
@Test
public void httpCookieTest() {
String httpCookie = "{\"@class\": \"javax.servlet.http.Cookie\", \"name\": \"SESSION\", \"value\": \"123456789\", \"maxAge\": 1000, \"path\": \"/\", \"secure\": true, \"version\": 0, \"httpOnly\": true}";
Cookie cookie = redisSerializer.deserialize(httpCookie.getBytes(), Cookie.class);
assertThat(cookie).hasFieldOrPropertyWithValue("name", "SESSION")
.hasFieldOrPropertyWithValue("value", "123456789")
.hasFieldOrPropertyWithValue("secure", true)
.hasFieldOrPropertyWithValue("comment", "")
.hasFieldOrPropertyWithValue("path", "/")
.hasFieldOrPropertyWithValue("maxAge", 1000)
.hasFieldOrPropertyWithValue("httpOnly", true);
}
@Test(expected = SerializationException.class)
public void simpleGrantedAuthorityWithoutTypeIdTest() {
String authorityJson = "{\"authority\": \"ROLE_USER\"}";
SimpleGrantedAuthority authority = redisSerializer.deserialize(authorityJson.getBytes(), SimpleGrantedAuthority.class);
assertThat(authority.getAuthority()).isEqualTo("ROLE_USER");
}
@Test
public void simpleGrantedAuthorityWithTypeIdTest() {
String authorityJson = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"role\": \"ROLE_USER\"}";
SimpleGrantedAuthority authority = redisSerializer.deserialize(authorityJson.getBytes(), SimpleGrantedAuthority.class);
assertThat(authority.getAuthority()).isEqualTo("ROLE_USER");
}
@Test
public void userTest() {
String userJson = "{\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"user\", \"password\": \"password\", \"authorities\": [\"java.util.Collections$UnmodifiableSet\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"role\": \"ROLE_USER\"}]], \"accountNonExpired\": true, \"accountNonLocked\": true, \"credentialsNonExpired\": true, \"enabled\": true}";
User user = redisSerializer.deserialize(userJson.getBytes(), User.class);
assertThat(user.getUsername()).isEqualTo("user");
assertThat(user.getPassword()).isEqualTo("password");
assertThat(user.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_USER"));
assertThat(user.isEnabled()).isEqualTo(true);
assertThat(user.isAccountNonExpired()).isEqualTo(true);
assertThat(user.isAccountNonLocked()).isEqualTo(true);
assertThat(user.isCredentialsNonExpired()).isEqualTo(true);
}
@Test
public void unauthenticatedUsernamePasswordAuthenticationTokenTest() {
String unauthenticatedTokenJson = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," +
"\"principal\": \"user\", \"credentials\": \"password\", \"details\": null, \"authorities\": [\"java.util.ArrayList\", []]," +
"\"authenticated\": false}";
UsernamePasswordAuthenticationToken token = redisSerializer.deserialize(unauthenticatedTokenJson.getBytes(), UsernamePasswordAuthenticationToken.class);
assertThat(token.getPrincipal()).isEqualTo("user");
assertThat(token.getCredentials()).isEqualTo("password");
assertThat(token.isAuthenticated()).isEqualTo(false);
assertThat(token.getAuthorities()).hasSize(0);
}
@Test
public void unauthenticatedUsernamePasswordAuthenticationTokenWithUserAsPrincipalTest() {
String unauthenticatedTokenJson = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," +
"\"principal\": {\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"user\", \"password\": \"password\", " +
"\"authorities\": [\"java.util.Collections$UnmodifiableSet\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\"," +
" \"role\": \"ROLE_USER\"}]], \"accountNonExpired\": true, \"accountNonLocked\": true, \"credentialsNonExpired\": true, \"enabled\": true}, " +
"\"credentials\": \"password\", \"details\": null, \"authorities\": [\"java.util.ArrayList\", []], \"authenticated\": false}";
UsernamePasswordAuthenticationToken token = redisSerializer.deserialize(unauthenticatedTokenJson.getBytes(), UsernamePasswordAuthenticationToken.class);
assertThat(token.getPrincipal()).isInstanceOf(User.class);
User user = (User) token.getPrincipal();
assertThat(user.getUsername()).isEqualTo("user");
assertThat(user.getPassword()).isEqualTo("password");
assertThat(user.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_USER"));
assertThat(user.isEnabled()).isEqualTo(true);
assertThat(user.isAccountNonExpired()).isEqualTo(true);
assertThat(user.isAccountNonLocked()).isEqualTo(true);
assertThat(user.isCredentialsNonExpired()).isEqualTo(true);
}
@Test
public void authenticatedUsernamePasswordAuthenticationTokenTest() {
String unauthenticatedTokenJson = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," +
"\"principal\": \"user\", \"credentials\": \"password\", \"details\": null, \"authorities\": [\"java.util.ArrayList\", " +
"[{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"role\": \"ROLE_USER\"}]]," +
"\"authenticated\": true}";
UsernamePasswordAuthenticationToken authenticationToken = redisSerializer.deserialize(unauthenticatedTokenJson.getBytes(), UsernamePasswordAuthenticationToken.class);
assertThat(authenticationToken.getPrincipal()).isEqualTo("user");
assertThat(authenticationToken.getCredentials()).isEqualTo("password");
assertThat(authenticationToken.isAuthenticated()).isEqualTo(true);
assertThat(authenticationToken.getAuthorities()).hasSize(1);
assertThat(authenticationToken.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_USER"));
}
@Test
public void webAuthenticationDetailTest() {
String authenticationDetailJson = "{\"@class\": \"org.springframework.security.web.authentication.WebAuthenticationDetails\"," +
"\"remoteAddress\": \"http://localhost/login\", \"sessionId\": \"123456789\"}";
WebAuthenticationDetails details = redisSerializer.deserialize(authenticationDetailJson.getBytes(), WebAuthenticationDetails.class);
assertThat(details.getRemoteAddress()).isEqualTo("http://localhost/login");
assertThat(details.getSessionId()).isEqualTo("123456789");
}
}

104
samples/httpsession-redis-json/src/integration-test/java/samples/mixins/MixinsSerializeTest.java
View File

@@ -1,104 +0,0 @@
package samples.mixins;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.skyscreamer.jsonassert.JSONAssert;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.SpringApplicationConfiguration;
import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.PortResolverImpl;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.csrf.DefaultCsrfToken;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import sample.Application;
import javax.servlet.http.Cookie;
import java.util.Arrays;
/**
* @author jitendra on 28/3/16.
*/
@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(Application.class)
public class MixinsSerializeTest {
@Autowired
GenericJackson2JsonRedisSerializer springSessionDefaultRedisSerializer;
MockHttpServletRequest request;
@Before
public void setup() {
request = new MockHttpServletRequest("get", "/login");
request.setCookies(new Cookie("SESSION", "123456789"));
request.setRemoteAddr("http://localhost:8080/login");
request.setSession(new MockHttpSession(null, "123456789"));
}
@Test
public void testDefaultTypingIdJson() {
User user = new User("user", "password", Arrays.asList(new SimpleGrantedAuthority("ROLE_USER")));
String expectedJsonString = "{'@class': 'org.springframework.security.core.userdetails.User', 'username': 'user', 'password': 'password', 'enabled': true, 'accountNonExpired': true, 'credentialsNonExpired': true, 'accountNonLocked': true, 'authorities': ['java.util.Collections$UnmodifiableSet', [{'@class': 'org.springframework.security.core.authority.SimpleGrantedAuthority', 'role': 'ROLE_USER'}]]}";
String serializedJson = new String(springSessionDefaultRedisSerializer.serialize(user));
JSONAssert.assertEquals(expectedJsonString, serializedJson, true);
}
@Test
public void persistFinalClass() {
SimpleGrantedAuthority authority = new SimpleGrantedAuthority("USER");
String expectedJson = "{'@class': 'org.springframework.security.core.authority.SimpleGrantedAuthority', 'role': 'USER'}";
String actualJson = new String(springSessionDefaultRedisSerializer.serialize(authority));
JSONAssert.assertEquals(expectedJson, actualJson, true);
}
@Test
public void testDefaultCsrfTokenMixin() {
DefaultCsrfToken token = new DefaultCsrfToken("CSRF_HEADER", "CSRF", "123456789");
String expectedJson = "{'@class': 'org.springframework.security.web.csrf.DefaultCsrfToken', 'token': '123456789', 'parameterName': 'CSRF', 'headerName': 'CSRF_HEADER'}";
String serializedString = new String(springSessionDefaultRedisSerializer.serialize(token));
JSONAssert.assertEquals(expectedJson, serializedString, true);
}
@Test
public void unauthenticatedUsernamePasswordAuthenticationTokenTest() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
String expectedJson = "{'@class': 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken', 'principal': 'user', 'credentials': 'password', 'authenticated': false, 'authorities': ['java.util.ArrayList', []], 'details': null}";
String actualJson = new String(springSessionDefaultRedisSerializer.serialize(token));
JSONAssert.assertEquals(expectedJson, actualJson, true);
}
@Test
public void authenticatedUsernamePasswordAuthenticationTokenTest() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password", Arrays.asList(new SimpleGrantedAuthority("USER")));
String expectedJson = "{'@class': 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken', 'principal': 'user', 'credentials': 'password', 'authenticated': true, 'authorities': ['java.util.ArrayList', [{'@class': 'org.springframework.security.core.authority.SimpleGrantedAuthority', 'role': 'USER'}]], 'details': null}";
String actualJson = new String(springSessionDefaultRedisSerializer.serialize(token));
JSONAssert.assertEquals(expectedJson, actualJson, true);
}
@Test
public void defaultSavedRequestTest() {
String savedRequestJson = "{ '@class': 'org.springframework.security.web.savedrequest.DefaultSavedRequest', 'serverPort': 80, 'servletPath': ''," +
"'serverName': 'localhost', 'scheme': 'http', 'requestURL': 'http://localhost/login', 'requestURI': '/login', 'queryString': null," +
"'pathInfo': null, 'method': 'get', 'contextPath': '', 'parameters': {'@class': 'java.util.TreeMap'}," +
"'headers': {'@class': 'java.util.TreeMap'}, 'locales': ['java.util.ArrayList', ['en']], 'cookies': ['java.util.ArrayList', " +
"[{'@class': 'org.springframework.security.web.savedrequest.SavedCookie', 'name': 'SESSION', 'value': '123456789', 'comment': null, domain: null, maxAge: -1, path: null, secure: false, version: 0}]]}";
DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, new PortResolverImpl());
String actualJson = new String(springSessionDefaultRedisSerializer.serialize(savedRequest));
JSONAssert.assertEquals(savedRequestJson, actualJson, true);
}
@Test
public void webAuthenticationDetailsMixinTest() {
WebAuthenticationDetails details = new WebAuthenticationDetails(request);
String expectedJson = "{'@class': 'org.springframework.security.web.authentication.WebAuthenticationDetails', 'remoteAddress': 'http://localhost:8080/login', 'sessionId': '123456789'}";
String actualJson = new String(springSessionDefaultRedisSerializer.serialize(details));
JSONAssert.assertEquals(expectedJson, actualJson, true);
}
}

66
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java Normal file
View File

@@ -0,0 +1,66 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import java.util.Collection;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import org.springframework.security.core.GrantedAuthority;
/**
* This is a Jackson mixin class helps in serialize/deserialize
* {@link org.springframework.security.authentication.AnonymousAuthenticationToken} class.
* To use this class you need to register it with
* {@link com.fasterxml.jackson.databind.ObjectMapper} and
* {@link SimpleGrantedAuthorityMixin} because AnonymousAuthenticationToken contains
* SimpleGrantedAuthority. <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new CoreJackson2Module());
* </pre>
*
* <i>Note: This class will save full class name into a property called @class</i>
*
* @author Jitendra Singh
* @see CoreJackson2Module
* @see SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, isGetterVisibility = JsonAutoDetect.Visibility.NONE, getterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.ANY)
@JsonIgnoreProperties(ignoreUnknown = true)
class AnonymousAuthenticationTokenMixin {
/**
* Constructor used by Jackson to create object of
* {@link org.springframework.security.authentication.AnonymousAuthenticationToken}.
*
* @param keyHash hashCode of key provided at the time of token creation by using
* {@link org.springframework.security.authentication.AnonymousAuthenticationToken#AnonymousAuthenticationToken(String, Object, Collection)}
* @param principal the principal (typically a <code>UserDetails</code>)
* @param authorities the authorities granted to the principal
*/
@JsonCreator
AnonymousAuthenticationTokenMixin(@JsonProperty("keyHash") Integer keyHash,
@JsonProperty("principal") Object principal,
@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {
}
}

71
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java Normal file
View File

@@ -0,0 +1,71 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import java.util.Collections;
import com.fasterxml.jackson.core.Version;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.module.SimpleModule;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.RememberMeAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
/**
* Jackson module for spring-security-core. This module register
* {@link AnonymousAuthenticationTokenMixin}, {@link RememberMeAuthenticationTokenMixin},
* {@link SimpleGrantedAuthorityMixin}, {@link UnmodifiableSetMixin}, {@link UserMixin}
* and {@link UsernamePasswordAuthenticationTokenMixin}. If no default typing enabled by
* default then it'll enable it because typing info is needed to properly
* serialize/deserialize objects. In order to use this module just add this module into
* your ObjectMapper configuration.
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new CoreJackson2Module());
* </pre> <b>Note: use {@link SecurityJacksonModules#getModules(ClassLoader)} to get list
* of all security modules.</b>
*
* @author Jitendra Singh.
* @see SecurityJacksonModules
*/
public class CoreJackson2Module extends SimpleModule {
public CoreJackson2Module() {
super(CoreJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null));
}
@Override
public void setupModule(SetupContext context) {
SecurityJacksonModules.enableDefaultTyping((ObjectMapper) context.getOwner());
context.setMixInAnnotations(AnonymousAuthenticationToken.class,
AnonymousAuthenticationTokenMixin.class);
context.setMixInAnnotations(RememberMeAuthenticationToken.class,
RememberMeAuthenticationTokenMixin.class);
context.setMixInAnnotations(SimpleGrantedAuthority.class,
SimpleGrantedAuthorityMixin.class);
context.setMixInAnnotations(
Collections.<Object>unmodifiableSet(Collections.emptySet()).getClass(),
UnmodifiableSetMixin.class);
context.setMixInAnnotations(User.class, UserMixin.class);
context.setMixInAnnotations(UsernamePasswordAuthenticationToken.class,
UsernamePasswordAuthenticationTokenMixin.class);
}
}

72
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java Normal file
View File

@@ -0,0 +1,72 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import java.util.Collection;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import org.springframework.security.core.GrantedAuthority;
/**
* This mixin class helps in serialize/deserialize
* {@link org.springframework.security.authentication.RememberMeAuthenticationToken}
* class. To use this class you need to register it with
* {@link com.fasterxml.jackson.databind.ObjectMapper} and 2 more mixin classes.
*
* <ol>
* <li>{@link SimpleGrantedAuthorityMixin}</li>
* <li>{@link UserMixin}</li>
* <li>{@link UnmodifiableSetMixin}</li>
* </ol>
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new CoreJackson2Module());
* </pre>
*
* <i>Note: This class will save TypeInfo (full class name) into a property
* called @class</i>
*
* @author Jitendra Singh
* @see CoreJackson2Module
* @see SecurityJacksonModules
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.ANY)
@JsonIgnoreProperties(ignoreUnknown = true)
class RememberMeAuthenticationTokenMixin {
/**
* Constructor used by Jackson to create
* {@link org.springframework.security.authentication.RememberMeAuthenticationToken}
* object.
*
* @param keyHash hashCode of above given key.
* @param principal the principal (typically a <code>UserDetails</code>)
* @param authorities the authorities granted to the principal
*/
@JsonCreator
RememberMeAuthenticationTokenMixin(@JsonProperty("keyHash") Integer keyHash,
@JsonProperty("principal") Object principal,
@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {
}
}

109
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/SecurityJacksonModules.java Normal file
View File

@@ -0,0 +1,109 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import com.fasterxml.jackson.databind.Module;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.jsontype.TypeResolverBuilder;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.ClassUtils;
/**
* This utility class will find all the SecurityModules in classpath.
*
* <p>
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModules(SecurityJacksonModules.getModules());
* </pre> Above code is equivalent to
* <p>
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
* mapper.registerModule(new CoreJackson2Module());
* mapper.registerModule(new CasJackson2Module());
* mapper.registerModule(new WebJackson2Module());
* </pre>
*
* @author Jitendra Singh.
* @since 4.2
*/
public final class SecurityJacksonModules {
private static final Log logger = LogFactory.getLog(SecurityJacksonModules.class);
private static final List<String> securityJackson2ModuleClasses = Arrays.asList(
"org.springframework.security.jackson2.CoreJackson2Module",
"org.springframework.security.cas.jackson2.CasJackson2Module",
"org.springframework.security.web.jackson2.WebJackson2Module");
private SecurityJacksonModules() {
}
public static void enableDefaultTyping(ObjectMapper mapper) {
if (mapper != null) {
TypeResolverBuilder<?> typeBuilder = mapper.getDeserializationConfig()
.getDefaultTyper(null);
if (typeBuilder == null) {
mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL,
JsonTypeInfo.As.PROPERTY);
}
}
}
@SuppressWarnings("unchecked")
private static Module loadAndGetInstance(String className, ClassLoader loader) {
Module instance = null;
try {
Class<? extends Module> securityModule = (Class<? extends Module>) ClassUtils
.forName(className, loader);
if (securityModule != null) {
if (logger.isDebugEnabled()) {
logger.debug("Loaded module " + className + ", now registering");
}
instance = securityModule.newInstance();
}
}
catch (Exception e) {
if (logger.isDebugEnabled()) {
logger.debug("Cannot load module " + className, e);
}
}
return instance;
}
/**
* @param loader the ClassLoader to use
* @return List of available security modules in classpath.
*/
public static List<Module> getModules(ClassLoader loader) {
List<Module> modules = new ArrayList<Module>();
for (String className : securityJackson2ModuleClasses) {
Module module = loadAndGetInstance(className, loader);
if (module != null) {
modules.add(module);
}
}
return modules;
}
}

50
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java Normal file
View File

@@ -0,0 +1,50 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
/**
* Jackson Mixin class helps in serialize/deserialize
* {@link org.springframework.security.core.authority.SimpleGrantedAuthority}.
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new CoreJackson2Module());
* </pre>
* @author Jitendra Singh
* @see CoreJackson2Module
* @see SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.NONE, getterVisibility = JsonAutoDetect.Visibility.PUBLIC_ONLY, isGetterVisibility = JsonAutoDetect.Visibility.NONE)
@JsonIgnoreProperties(ignoreUnknown = true)
public abstract class SimpleGrantedAuthorityMixin {
/**
* Mixin Constructor.
* @param role the role
*/
@JsonCreator
public SimpleGrantedAuthorityMixin(@JsonProperty("authority") String role) {
}
}

48
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java Normal file
View File

@@ -0,0 +1,48 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import java.util.Set;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
/**
* This mixin class used to deserialize java.util.Collections$UnmodifiableSet and used
* with various AuthenticationToken implementation's mixin classes.
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new CoreJackson2Module());
* </pre>
*
* @author Jitendra Singh
* @see CoreJackson2Module
* @see SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
class UnmodifiableSetMixin {
/**
* Mixin Constructor
* @param s the Set
*/
@JsonCreator
UnmodifiableSetMixin(Set<?> s) {
}
}

81
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UserDeserializer.java Normal file
View File

@@ -0,0 +1,81 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import java.io.IOException;
import java.util.Set;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.MissingNode;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
/**
* Custom Deserializer for {@link User} class. This is already registered with
* {@link UserMixin}. You can also use it directly with your mixin class.
*
* @author Jitendra Singh
* @see UserMixin
*/
class UserDeserializer extends JsonDeserializer<User> {
/**
* This method will create {@link User} object. It will ensure successful object
* creation even if password key is null in serialized json, because credentials may
* be removed from the {@link User} by invoking {@link User#eraseCredentials()}. In
* that case there won't be any password key in serialized json.
*
* @param jp the JsonParser
* @param ctxt the DeserializationContext
* @return the user
* @throws IOException if a exception during IO occurs
* @throws JsonProcessingException if an error during JSON processing occurs
*/
@Override
public User deserialize(JsonParser jp, DeserializationContext ctxt)
throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) jp.getCodec();
JsonNode jsonNode = mapper.readTree(jp);
Set<GrantedAuthority> authorities = mapper.convertValue(
jsonNode.get("authorities"),
new TypeReference<Set<SimpleGrantedAuthority>>() {
});
JsonNode password = readJsonNode(jsonNode, "password");
User result = new User(readJsonNode(jsonNode, "username").asText(),
password.asText(""), readJsonNode(jsonNode, "enabled").asBoolean(),
readJsonNode(jsonNode, "accountNonExpired").asBoolean(),
readJsonNode(jsonNode, "credentialsNonExpired").asBoolean(),
readJsonNode(jsonNode, "accountNonLocked").asBoolean(), authorities);
if (password.asText(null) == null) {
result.eraseCredentials();
}
return result;
}
private JsonNode readJsonNode(JsonNode jsonNode, String field) {
return jsonNode.has(field) ? jsonNode.get(field) : MissingNode.getInstance();
}
}

50
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UserMixin.java Normal file
View File

@@ -0,0 +1,50 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
/**
* This mixin class helps in serialize/deserialize
* {@link org.springframework.security.core.userdetails.User}. This class also register a
* custom deserializer {@link UserDeserializer} to deserialize User object successfully.
* In order to use this mixin you need to register two more mixin classes in your
* ObjectMapper configuration.
* <ol>
* <li>{@link SimpleGrantedAuthorityMixin}</li>
* <li>{@link UnmodifiableSetMixin}</li>
* </ol>
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new CoreJackson2Module());
* </pre>
*
* @author Jitendra Singh
* @see UserDeserializer
* @see CoreJackson2Module
* @see SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonDeserialize(using = UserDeserializer.class)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE)
@JsonIgnoreProperties(ignoreUnknown = true)
abstract class UserMixin {
}

95
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java Normal file
View File

@@ -0,0 +1,95 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import java.io.IOException;
import java.util.List;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.MissingNode;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
/**
* Custom deserializer for {@link UsernamePasswordAuthenticationToken}. At the time of
* deserialization it will invoke suitable constructor depending on the value of
* <b>authenticated</b> property. It will ensure that the token's state must not change.
* <p>
* This deserializer is already registered with
* {@link UsernamePasswordAuthenticationTokenMixin} but you can also registered it with
* your own mixin class.
*
* @author Jitendra Singh
* @see UsernamePasswordAuthenticationTokenMixin
*/
class UsernamePasswordAuthenticationTokenDeserializer
extends JsonDeserializer<UsernamePasswordAuthenticationToken> {
/**
* This method construct {@link UsernamePasswordAuthenticationToken} object from
* serialized json.
* @param jp the JsonParser
* @param ctxt the DeserializationContext
* @return the user
* @throws IOException if a exception during IO occurs
* @throws JsonProcessingException if an error during JSON processing occurs
*/
@Override
public UsernamePasswordAuthenticationToken deserialize(JsonParser jp,
DeserializationContext ctxt) throws IOException, JsonProcessingException {
UsernamePasswordAuthenticationToken token = null;
ObjectMapper mapper = (ObjectMapper) jp.getCodec();
JsonNode jsonNode = mapper.readTree(jp);
Boolean authenticated = readJsonNode(jsonNode, "authenticated").asBoolean();
JsonNode principalNode = readJsonNode(jsonNode, "principal");
Object principal = null;
if (principalNode.isObject()) {
principal = mapper.readValue(principalNode.toString(),
new TypeReference<User>() {
});
}
else {
principal = principalNode.asText();
}
Object credentials = readJsonNode(jsonNode, "credentials").asText();
List<GrantedAuthority> authorities = mapper.readValue(
readJsonNode(jsonNode, "authorities").toString(),
new TypeReference<List<GrantedAuthority>>() {
});
if (authenticated) {
token = new UsernamePasswordAuthenticationToken(principal, credentials,
authorities);
}
else {
token = new UsernamePasswordAuthenticationToken(principal, credentials);
}
token.setDetails(readJsonNode(jsonNode, "details"));
return token;
}
private JsonNode readJsonNode(JsonNode jsonNode, String field) {
return jsonNode.has(field) ? jsonNode.get(field) : MissingNode.getInstance();
}
}

49
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java Normal file
View File

@@ -0,0 +1,49 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
/**
* This mixin class is used to serialize / deserialize
* {@link org.springframework.security.authentication.UsernamePasswordAuthenticationToken}
* . This class register a custom deserializer
* {@link UsernamePasswordAuthenticationTokenDeserializer}.
*
* In order to use this mixin you'll need to add 3 more mixin classes.
* <ol>
* <li>{@link UnmodifiableSetMixin}</li>
* <li>{@link SimpleGrantedAuthorityMixin}</li>
* <li>{@link UserMixin}</li>
* </ol>
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new CoreJackson2Module());
* </pre>
* @author Jitendra Singh
* @see CoreJackson2Module
* @see SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class")
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE)
@JsonDeserialize(using = UsernamePasswordAuthenticationTokenDeserializer.class)
abstract class UsernamePasswordAuthenticationTokenMixin {
}

27
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/package-info.java Normal file
View File

@@ -0,0 +1,27 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Mix-in classes to add Jackson serialization support.
*
* @author Jitendra Singh
* @since 4.2
*/
package org.springframework.security.jackson2;
/**
* Package contains Jackson mixin classes.
*/

64
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java Normal file
View File

@@ -0,0 +1,64 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import java.io.IOException;
import javax.servlet.http.Cookie;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.MissingNode;
import com.fasterxml.jackson.databind.node.NullNode;
/**
* Jackson deserializer for {@link Cookie}. This is needed because in most cases we don't
* set {@link Cookie#getDomain()} property. So when jackson deserialize that json
* {@link Cookie#setDomain(String)} throws {@link NullPointerException}. This is
* registered with {@link CookieMixin} but you can also use it with your own mixin.
*
* @author Jitendra Singh
* @see CookieMixin
*/
class CookieDeserializer extends JsonDeserializer<Cookie> {
@Override
public Cookie deserialize(JsonParser jp, DeserializationContext ctxt)
throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) jp.getCodec();
JsonNode jsonNode = mapper.readTree(jp);
Cookie cookie = new Cookie(readJsonNode(jsonNode, "name").asText(),
readJsonNode(jsonNode, "value").asText());
cookie.setComment(readJsonNode(jsonNode, "comment").asText());
cookie.setDomain(readJsonNode(jsonNode, "domain").asText());
cookie.setMaxAge(readJsonNode(jsonNode, "maxAge").asInt(-1));
cookie.setSecure(readJsonNode(jsonNode, "secure").asBoolean());
cookie.setVersion(readJsonNode(jsonNode, "version").asInt());
cookie.setPath(readJsonNode(jsonNode, "path").asText());
cookie.setHttpOnly(readJsonNode(jsonNode, "httpOnly").asBoolean());
return cookie;
}
private JsonNode readJsonNode(JsonNode jsonNode, String field) {
return jsonNode.has(field) && !(jsonNode.get(field) instanceof NullNode)
? jsonNode.get(field) : MissingNode.getInstance();
}
}

40
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java Normal file
View File

@@ -0,0 +1,40 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
/**
* Mixin class to serialize/deserialize {@link javax.servlet.http.Cookie}
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new WebJackson2Module());
* </pre>
*
* @author Jitendra Singh
* @see WebJackson2Module
* @see org.springframework.security.jackson2.SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonDeserialize(using = CookieDeserializer.class)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, isGetterVisibility = JsonAutoDetect.Visibility.NONE)
abstract class CookieMixin {
}

55
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixin.java Normal file
View File

@@ -0,0 +1,55 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
/**
* Jackson mixin class to serialize/deserialize
* {@link org.springframework.security.web.csrf.DefaultCsrfToken} serialization support.
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new WebJackson2Module());
* </pre>
*
* @author Jitendra Singh
* @see WebJackson2Module
* @see org.springframework.security.jackson2.SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class")
@JsonIgnoreProperties(ignoreUnknown = true)
class DefaultCsrfTokenMixin {
/**
* JsonCreator constructor needed by Jackson to create
* {@link org.springframework.security.web.csrf.DefaultCsrfToken} object.
*
* @param headerName the name of the header
* @param parameterName the parameter name
* @param token the CSRF token value
*/
@JsonCreator
DefaultCsrfTokenMixin(@JsonProperty("headerName") String headerName,
@JsonProperty("parameterName") String parameterName,
@JsonProperty("token") String token) {
}
}

34
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestBuilder.java Normal file
View File

@@ -0,0 +1,34 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
/**
* Spring Security 4.2 will support saved request.
*
* @author Rob Winch
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class DefaultSavedRequestBuilder {
public DefaultSavedRequest build() {
return null;
}
}

45
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java Normal file
View File

@@ -0,0 +1,45 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
/**
* Jackson mixin class to serialize/deserialize {@link DefaultSavedRequest}. This mixin
* use {@link org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder}
* to deserialized json.In order to use this mixin class you also need to register
* {@link CookieMixin}.
* <p>
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new WebJackson2Module());
* </pre>
*
* @author Jitendra Singh
* @see WebJackson2Module
* @see org.springframework.security.jackson2.SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonDeserialize(builder = DefaultSavedRequestBuilder.class)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE)
abstract class DefaultSavedRequestMixin {
}

53
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java Normal file
View File

@@ -0,0 +1,53 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
/**
* Jackson mixin class to serialize/deserialize
* {@link org.springframework.security.web.savedrequest.SavedCookie} serialization
* support.
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new WebJackson2Module());
* </pre>
*
* @author Jitendra Singh.
* @see WebJackson2Module
* @see org.springframework.security.jackson2.SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE)
@JsonIgnoreProperties(ignoreUnknown = true)
abstract class SavedCookieMixin {
@JsonCreator
SavedCookieMixin(@JsonProperty("name") String name,
@JsonProperty("value") String value, @JsonProperty("comment") String comment,
@JsonProperty("domain") String domain, @JsonProperty("maxAge") int maxAge,
@JsonProperty("path") String path, @JsonProperty("secure") boolean secure,
@JsonProperty("version") int version) {
}
}

48
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java Normal file
View File

@@ -0,0 +1,48 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
/**
* Jackson mixin class to serialize/deserialize
* {@link org.springframework.security.web.authentication.WebAuthenticationDetails}.
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new WebJackson2Module());
* </pre>
*
* @author Jitendra Singh
* @see WebJackson2Module
* @see org.springframework.security.jackson2.SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonIgnoreProperties(ignoreUnknown = true)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.ANY)
class WebAuthenticationDetailsMixin {
@JsonCreator
WebAuthenticationDetailsMixin(@JsonProperty("remoteAddress") String remoteAddress,
@JsonProperty("sessionId") String sessionId) {
}
}

65
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java Normal file
View File

@@ -0,0 +1,65 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import javax.servlet.http.Cookie;
import com.fasterxml.jackson.core.Version;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.module.SimpleModule;
import org.springframework.security.jackson2.SecurityJacksonModules;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.csrf.DefaultCsrfToken;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.security.web.savedrequest.SavedCookie;
/**
* Jackson module for spring-security-web. This module register {@link CookieMixin},
* {@link DefaultCsrfTokenMixin}, {@link DefaultSavedRequestMixin} and
* {@link WebAuthenticationDetailsMixin}. If no default typing enabled by default then
* it'll enable it because typing info is needed to properly serialize/deserialize
* objects. In order to use this module just add this module into your ObjectMapper
* configuration.
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new WebJackson2Module());
* </pre> <b>Note: use {@link SecurityJacksonModules#getModules(ClassLoader)} to get list
* of all security modules.</b>
*
* @author Jitendra Singh
* @see SecurityJacksonModules
*/
public class WebJackson2Module extends SimpleModule {
public WebJackson2Module() {
super(WebJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null));
}
@Override
public void setupModule(SetupContext context) {
SecurityJacksonModules.enableDefaultTyping((ObjectMapper) context.getOwner());
context.setMixInAnnotations(Cookie.class, CookieMixin.class);
context.setMixInAnnotations(SavedCookie.class, SavedCookieMixin.class);
context.setMixInAnnotations(DefaultCsrfToken.class, DefaultCsrfTokenMixin.class);
context.setMixInAnnotations(DefaultSavedRequest.class,
DefaultSavedRequestMixin.class);
context.setMixInAnnotations(WebAuthenticationDetails.class,
WebAuthenticationDetailsMixin.class);
}
}

23
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/package-info.java Normal file
View File

@@ -0,0 +1,23 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Mix-in classes to provide Jackson serialization support.
*
* @author Jitendra Singh
* @since 4.2
*/
package org.springframework.security.web.jackson2;

15
samples/httpsession-redis-json/src/main/java/sample/mixins/BadCredentialsExceptionMixin.java
View File

@@ -1,15 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.annotation.*;
/**
* @author jitendra on 15/3/16.
*/
@JsonIdentityInfo(generator=ObjectIdGenerators.IntSequenceGenerator.class, property="@id")
@JsonIgnoreProperties({"cause", "@id"})
public class BadCredentialsExceptionMixin {
@JsonCreator
public BadCredentialsExceptionMixin(@JsonProperty("detailMessage") String msg) {
}
}

21
samples/httpsession-redis-json/src/main/java/sample/mixins/DefaultCsrfTokenMixin.java
View File

@@ -1,21 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import org.springframework.security.web.PortResolver;
import javax.servlet.http.HttpServletRequest;
/**
* @author jitendra on 8/3/16.
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class")
public abstract class DefaultCsrfTokenMixin {
@JsonCreator
public DefaultCsrfTokenMixin(@JsonProperty("headerName") String headerName,
@JsonProperty("parameterName") String parameterName,
@JsonProperty("token") String token) {
}
}

262
samples/httpsession-redis-json/src/main/java/sample/mixins/DefaultSavedRequestDeserializer.java
View File

@@ -1,262 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
import com.sun.org.apache.xpath.internal.operations.Bool;
import org.springframework.security.web.PortResolverImpl;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.security.web.savedrequest.SavedCookie;
import org.springframework.util.ObjectUtils;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.lang.reflect.Proxy;
import java.util.*;
/**
* @author jitendra on 8/3/16.
*/
public class DefaultSavedRequestDeserializer extends StdDeserializer<DefaultSavedRequest> {
public DefaultSavedRequestDeserializer(Class<DefaultSavedRequest> requestClass) {
super(requestClass);
}
@Override
public DefaultSavedRequest deserialize(JsonParser p, DeserializationContext context) throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) p.getCodec();
JsonNode jsonNode = mapper.readTree(p);
DummyServletRequest request = new DummyServletRequest();
request.setContextPath(jsonNode.get("contextPath").asText());
request.setMethod(jsonNode.get("method").asText());
request.setPathInfo(jsonNode.get("pathInfo").asText());
request.setQueryString(jsonNode.get("queryString").asText());
request.setRequestURI(jsonNode.get("requestURI").asText());
request.setRequestURL(jsonNode.get("requestURL").asText());
request.setScheme(jsonNode.get("scheme").asText());
request.setServerName(jsonNode.get("serverName").asText());
request.setServletPath(jsonNode.get("servletPath").asText());
request.setServerPort(jsonNode.get("serverPort").asInt());
List<Cookie> cookies = mapper.readValue(jsonNode.get("cookies").toString(), new TypeReference<List<Cookie>>() {
});
Map<String, String[]> params = mapper.readValue(jsonNode.get("parameterMap").toString(), new TypeReference<Map<String, String[]>>() {
});
ArrayList<Locale> locales = mapper.readValue(jsonNode.get("locales").toString(), new TypeReference<List<Locale>>() {
});
Map<String, List<String>> headers = mapper.readValue(jsonNode.get("headers").toString(), new TypeReference<Map<String, List<String>>>() {
});
request.setCookies(cookies.toArray(new Cookie[]{}));
request.setParameters(params);
request.setLocales(locales);
request.setHeaders(headers);
return new DefaultSavedRequest(request, new PortResolverImpl());
}
protected static class DummyServletRequest extends HttpServletRequestWrapper {
private static final HttpServletRequest UNSUPPORTED_REQUEST = (HttpServletRequest) Proxy
.newProxyInstance(DummyServletRequest.class.getClassLoader(),
new Class[]{HttpServletRequest.class},
new UnsupportedOperationExceptionInvocationHandler());
private String method;
private String pathInfo;
private String queryString;
private String requestURI;
private int serverPort;
private String requestURL;
private String scheme;
private String serverName;
private String contextPath;
private String servletPath;
private Cookie[] cookies;
private String remoteAddress;
private ArrayList<Locale> locales = new ArrayList<Locale>();
private Map<String, List<String>> headers = new TreeMap<String, List<String>>(String.CASE_INSENSITIVE_ORDER);
private Map<String, String[]> parameters = new TreeMap<String, String[]>();
private HttpSession session;
public DummyServletRequest() {
super(UNSUPPORTED_REQUEST);
}
public void setMethod(String method) {
this.method = method;
}
public void setPathInfo(String pathInfo) {
this.pathInfo = pathInfo;
}
public void setQueryString(String queryString) {
this.queryString = queryString;
}
public void setRequestURI(String requestURI) {
this.requestURI = requestURI;
}
public void setServerPort(int serverPort) {
this.serverPort = serverPort;
}
public void setRequestURL(String requestURL) {
this.requestURL = requestURL;
}
public void setScheme(String scheme) {
this.scheme = scheme;
}
public void setServerName(String serverName) {
this.serverName = serverName;
}
public void setContextPath(String contextPath) {
this.contextPath = contextPath;
}
public void setServletPath(String servletPath) {
this.servletPath = servletPath;
}
public void setCookies(Cookie[] cookies) {
this.cookies = cookies;
}
@Override
public Cookie[] getCookies() {
return cookies;
}
@Override
public Map<String, String[]> getParameterMap() {
return parameters;
}
public void setParameters(Map<String, String[]> params) {
this.parameters = params;
}
@Override
public Enumeration<String> getParameterNames() {
return Collections.enumeration(parameters.keySet());
}
@Override
public String[] getParameterValues(String name) {
return super.getParameterValues(name);
}
public void setLocales(ArrayList<Locale> locales) {
this.locales = locales;
}
public void setHeaders(Map<String, List<String>> headers) {
this.headers = headers;
}
@Override
public Enumeration<String> getHeaders(String name) {
return Collections.enumeration(headers.get(name));
}
@Override
public Enumeration<String> getHeaderNames() {
return Collections.enumeration(headers.keySet());
}
@Override
public String getMethod() {
return method;
}
@Override
public String getPathInfo() {
return pathInfo;
}
@Override
public String getQueryString() {
return (queryString == null || "null".equals(queryString)) ? "" : queryString;
}
@Override
public String getRequestURI() {
return requestURI;
}
@Override
public int getServerPort() {
return serverPort;
}
@Override
public StringBuffer getRequestURL() {
return new StringBuffer(requestURL);
}
@Override
public String getScheme() {
return scheme;
}
@Override
public String getServerName() {
return serverName;
}
@Override
public String getContextPath() {
return contextPath;
}
@Override
public String getServletPath() {
return servletPath;
}
@Override
public Enumeration<Locale> getLocales() {
return Collections.enumeration(locales);
}
public Map<String, List<String>> getHeaders() {
return headers;
}
public Map<String, String[]> getParameters() {
return parameters;
}
public String getRemoteAddr() {
return remoteAddress;
}
public void setRemoteAddr(String remoteAddress) {
this.remoteAddress = remoteAddress;
}
@Override
public HttpSession getSession() {
return session;
}
@Override
public HttpSession getSession(boolean create) {
return session;
}
public void setSession(HttpSession session) {
this.session = session;
}
}
}

34
samples/httpsession-redis-json/src/main/java/sample/mixins/HttpCookieDeserializer.java
View File

@@ -1,34 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import javax.servlet.http.Cookie;
import java.io.IOException;
import static sample.utils.JsonNodeExtractor.*;
/**
* @author jitendra on 22/3/16.
*/
public class HttpCookieDeserializer extends JsonDeserializer<Cookie> {
@Override
public Cookie deserialize(JsonParser p, DeserializationContext ctxt) throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) p.getCodec();
JsonNode jsonNode = mapper.readTree(p);
Cookie cookie = new Cookie(getStringValue(jsonNode, "name"), getStringValue(jsonNode, "value"));
cookie.setComment(getStringValue(jsonNode, "comment"));
cookie.setDomain(getStringValue(jsonNode, "domain", ""));
cookie.setMaxAge(getIntValue(jsonNode, "maxAge", -1));
cookie.setSecure(getBooleanValue(jsonNode, "secure"));
cookie.setVersion(getIntValue(jsonNode, "version"));
cookie.setPath(getStringValue(jsonNode, "path"));
cookie.setHttpOnly(getBooleanValue(jsonNode, "httpOnly", false));
return cookie;
}
}

17
samples/httpsession-redis-json/src/main/java/sample/mixins/SavedCookieMixin.java
View File

@@ -1,17 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
/**
* @author jitendra on 8/3/16.
*/
public abstract class SavedCookieMixin {
@JsonCreator
SavedCookieMixin(@JsonProperty("name") String name, @JsonProperty("value") String value, @JsonProperty("comment") String comment,
@JsonProperty("domain") String domain, @JsonProperty("maxAge") int maxAge, @JsonProperty("path") String path,
@JsonProperty("secure") boolean secure, @JsonProperty("version") int version){
}
}

15
samples/httpsession-redis-json/src/main/java/sample/mixins/SimpleGrantedAuthorityMixin.java
View File

@@ -1,15 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
/**
* @author jitendra on 14/3/16.
*/
public abstract class SimpleGrantedAuthorityMixin {
@JsonCreator
public SimpleGrantedAuthorityMixin(@JsonProperty("authority") String role) {
}
}

16
samples/httpsession-redis-json/src/main/java/sample/mixins/UnmodifiableSetMixin.java
View File

@@ -1,16 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.Set;
/**
* @author jitendra on 14/3/16.
*/
public abstract class UnmodifiableSetMixin {
@JsonCreator
UnmodifiableSetMixin(@JsonProperty("s") Set s) {
}
}

14
samples/httpsession-redis-json/src/main/java/sample/mixins/UnsupportedOperationExceptionInvocationHandler.java
View File

@@ -1,14 +0,0 @@
package sample.mixins;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
/**
* @author jitendra on 8/3/16.
*/
public class UnsupportedOperationExceptionInvocationHandler implements InvocationHandler {
@Override
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
throw new UnsupportedOperationException(method + " is not supported");
}
}

38
samples/httpsession-redis-json/src/main/java/sample/mixins/UserDeserializer.java
View File

@@ -1,38 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import java.io.IOException;
import java.util.Set;
import static sample.utils.JsonNodeExtractor.*;
/**
* @author jitendra on 14/3/16.
*/
public class UserDeserializer extends JsonDeserializer<User> {
@Override
public User deserialize(JsonParser p, DeserializationContext ctxt) throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) p.getCodec();
JsonNode jsonNode = mapper.readTree(p);
Set<GrantedAuthority> authorities = mapper.readValue(jsonNode.get("authorities").toString(), new TypeReference<Set<GrantedAuthority>>() {});
return new User(
getStringValue(jsonNode, "username"),
getStringValue(jsonNode, "password", ""),
getBooleanValue(jsonNode, "enabled"),
getBooleanValue(jsonNode, "accountNonExpired"),
getBooleanValue(jsonNode, "credentialsNonExpired"),
getBooleanValue(jsonNode, "accountNonLocked"),
authorities
);
}
}

46
samples/httpsession-redis-json/src/main/java/sample/mixins/UsernamePasswordAuthenticationTokenDeserializer.java
View File

@@ -1,46 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import java.io.IOException;
import java.util.List;
/**
* @author jitendra on 9/3/16.
*/
public class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<UsernamePasswordAuthenticationToken> {
@Override
public UsernamePasswordAuthenticationToken deserialize(JsonParser p, DeserializationContext ctxt) throws IOException, JsonProcessingException {
UsernamePasswordAuthenticationToken token = null;
ObjectMapper mapper = (ObjectMapper) p.getCodec();
JsonNode jsonNode = mapper.readTree(p);
Boolean authenticated = jsonNode.get("authenticated").asBoolean();
JsonNode principalNode = jsonNode.get("principal");
Object principal = null;
if(principalNode.isObject()) {
principal = mapper.readValue(principalNode.toString(), new TypeReference<User>() {});
} else {
principal = principalNode.asText();
}
Object credentials = jsonNode.get("credentials").asText();
List<GrantedAuthority> authorities = mapper.readValue(jsonNode.get("authorities").toString(), new TypeReference<List<GrantedAuthority>>() {
});
if (authenticated) {
token = new UsernamePasswordAuthenticationToken(principal, credentials, authorities);
} else {
token = new UsernamePasswordAuthenticationToken(principal, credentials);
}
token.setDetails(jsonNode.get("details"));
return token;
}
}

127
samples/httpsession-redis-json/src/main/java/sample/mixins/WebAuthenticationDetailsDeserializer.java
View File

@@ -1,127 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionContext;
import java.io.IOException;
import java.util.Enumeration;
/**
* @author jitendra on 14/3/16.
*/
public class WebAuthenticationDetailsDeserializer extends JsonDeserializer<WebAuthenticationDetails> {
@Override
public WebAuthenticationDetails deserialize(JsonParser p, DeserializationContext ctxt) throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) p.getCodec();
JsonNode jsonNode = mapper.readTree(p);
DummyHttpSession session = new DummyHttpSession();
session.setId(jsonNode.get("sessionId").asText());
DefaultSavedRequestDeserializer.DummyServletRequest request = new DefaultSavedRequestDeserializer.DummyServletRequest();
request.setRemoteAddr(jsonNode.get("remoteAddress").asText());
request.setSession(session);
return new WebAuthenticationDetails(request);
}
protected static class DummyHttpSession implements HttpSession {
private String id;
@Override
public long getCreationTime() {
return 0;
}
@Override
public String getId() {
return this.id;
}
public void setId(String id) {
this.id = id;
}
@Override
public long getLastAccessedTime() {
return 0;
}
@Override
public ServletContext getServletContext() {
return null;
}
@Override
public void setMaxInactiveInterval(int interval) {
}
@Override
public int getMaxInactiveInterval() {
return 0;
}
@Override
public HttpSessionContext getSessionContext() {
return null;
}
@Override
public Object getAttribute(String name) {
return null;
}
@Override
public Object getValue(String name) {
return null;
}
@Override
public Enumeration<String> getAttributeNames() {
return null;
}
@Override
public String[] getValueNames() {
return new String[0];
}
@Override
public void setAttribute(String name, Object value) {
}
@Override
public void putValue(String name, Object value) {
}
@Override
public void removeAttribute(String name) {
}
@Override
public void removeValue(String name) {
}
@Override
public void invalidate() {
}
@Override
public boolean isNew() {
return false;
}
}
}

45
samples/httpsession-redis-json/src/main/java/sample/utils/JsonNodeExtractor.java
View File

@@ -1,45 +0,0 @@
package sample.utils;
import com.fasterxml.jackson.databind.JsonNode;
import com.sun.org.apache.xpath.internal.operations.Bool;
/**
* Created by jitendra on 28/3/16.
*/
public class JsonNodeExtractor {
public static String getStringValue(JsonNode jsonNode, String field) {
return getStringValue(jsonNode, field, null);
}
public static String getStringValue(JsonNode jsonNode, String field, String defaultValue) {
JsonNode node = getValue(jsonNode, field);
return (node != null) ? node.asText(defaultValue) : defaultValue;
}
private static JsonNode getValue(JsonNode jsonNode, String field) {
if (jsonNode.has(field)) {
return jsonNode.get(field);
} else {
return null;
}
}
public static Integer getIntValue(JsonNode jsonNode, String field) {
return getIntValue(jsonNode, field, 0);
}
public static Integer getIntValue(JsonNode jsonNode, String field, Integer defaultValue) {
JsonNode node = getValue(jsonNode, field);
return (node != null) ? node.asInt(defaultValue) : defaultValue;
}
public static Boolean getBooleanValue(JsonNode jsonNode, String field) {
return getBooleanValue(jsonNode, field, false);
}
public static Boolean getBooleanValue(JsonNode jsonNode, String field, Boolean defaultValue) {
JsonNode node = getValue(jsonNode, field);
return (node != null) ? node.asBoolean(defaultValue) : defaultValue;
}
}