mindol1004/spring-session
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Spring Security jackson2

Browse Source 
Issue gh-434
This commit is contained in:
Rob Winch
2016-09-12 14:03:49 -05:00
parent 8b97a32db2
commit 0e1d81f509
34 changed files with 1145 additions and 888 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java Normal file
View File

@@ -0,0 +1,66 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import java.util.Collection;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import org.springframework.security.core.GrantedAuthority;
/**
* This is a Jackson mixin class helps in serialize/deserialize
* {@link org.springframework.security.authentication.AnonymousAuthenticationToken} class.
* To use this class you need to register it with
* {@link com.fasterxml.jackson.databind.ObjectMapper} and
* {@link SimpleGrantedAuthorityMixin} because AnonymousAuthenticationToken contains
* SimpleGrantedAuthority. <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new CoreJackson2Module());
* </pre>
*
* <i>Note: This class will save full class name into a property called @class</i>
*
* @author Jitendra Singh
* @see CoreJackson2Module
* @see SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, isGetterVisibility = JsonAutoDetect.Visibility.NONE, getterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.ANY)
@JsonIgnoreProperties(ignoreUnknown = true)
class AnonymousAuthenticationTokenMixin {
/**
* Constructor used by Jackson to create object of
* {@link org.springframework.security.authentication.AnonymousAuthenticationToken}.
*
* @param keyHash hashCode of key provided at the time of token creation by using
* {@link org.springframework.security.authentication.AnonymousAuthenticationToken#AnonymousAuthenticationToken(String, Object, Collection)}
* @param principal the principal (typically a <code>UserDetails</code>)
* @param authorities the authorities granted to the principal
*/
@JsonCreator
AnonymousAuthenticationTokenMixin(@JsonProperty("keyHash") Integer keyHash,
@JsonProperty("principal") Object principal,
@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {
}
}

71
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java Normal file
View File

@@ -0,0 +1,71 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import java.util.Collections;
import com.fasterxml.jackson.core.Version;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.module.SimpleModule;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.RememberMeAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
/**
* Jackson module for spring-security-core. This module register
* {@link AnonymousAuthenticationTokenMixin}, {@link RememberMeAuthenticationTokenMixin},
* {@link SimpleGrantedAuthorityMixin}, {@link UnmodifiableSetMixin}, {@link UserMixin}
* and {@link UsernamePasswordAuthenticationTokenMixin}. If no default typing enabled by
* default then it'll enable it because typing info is needed to properly
* serialize/deserialize objects. In order to use this module just add this module into
* your ObjectMapper configuration.
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new CoreJackson2Module());
* </pre> <b>Note: use {@link SecurityJacksonModules#getModules(ClassLoader)} to get list
* of all security modules.</b>
*
* @author Jitendra Singh.
* @see SecurityJacksonModules
*/
public class CoreJackson2Module extends SimpleModule {
public CoreJackson2Module() {
super(CoreJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null));
}
@Override
public void setupModule(SetupContext context) {
SecurityJacksonModules.enableDefaultTyping((ObjectMapper) context.getOwner());
context.setMixInAnnotations(AnonymousAuthenticationToken.class,
AnonymousAuthenticationTokenMixin.class);
context.setMixInAnnotations(RememberMeAuthenticationToken.class,
RememberMeAuthenticationTokenMixin.class);
context.setMixInAnnotations(SimpleGrantedAuthority.class,
SimpleGrantedAuthorityMixin.class);
context.setMixInAnnotations(
Collections.<Object>unmodifiableSet(Collections.emptySet()).getClass(),
UnmodifiableSetMixin.class);
context.setMixInAnnotations(User.class, UserMixin.class);
context.setMixInAnnotations(UsernamePasswordAuthenticationToken.class,
UsernamePasswordAuthenticationTokenMixin.class);
}
}

72
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java Normal file
View File

@@ -0,0 +1,72 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import java.util.Collection;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import org.springframework.security.core.GrantedAuthority;
/**
* This mixin class helps in serialize/deserialize
* {@link org.springframework.security.authentication.RememberMeAuthenticationToken}
* class. To use this class you need to register it with
* {@link com.fasterxml.jackson.databind.ObjectMapper} and 2 more mixin classes.
*
* <ol>
* <li>{@link SimpleGrantedAuthorityMixin}</li>
* <li>{@link UserMixin}</li>
* <li>{@link UnmodifiableSetMixin}</li>
* </ol>
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new CoreJackson2Module());
* </pre>
*
* <i>Note: This class will save TypeInfo (full class name) into a property
* called @class</i>
*
* @author Jitendra Singh
* @see CoreJackson2Module
* @see SecurityJacksonModules
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.ANY)
@JsonIgnoreProperties(ignoreUnknown = true)
class RememberMeAuthenticationTokenMixin {
/**
* Constructor used by Jackson to create
* {@link org.springframework.security.authentication.RememberMeAuthenticationToken}
* object.
*
* @param keyHash hashCode of above given key.
* @param principal the principal (typically a <code>UserDetails</code>)
* @param authorities the authorities granted to the principal
*/
@JsonCreator
RememberMeAuthenticationTokenMixin(@JsonProperty("keyHash") Integer keyHash,
@JsonProperty("principal") Object principal,
@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {
}
}

109
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/SecurityJacksonModules.java Normal file
View File

@@ -0,0 +1,109 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import com.fasterxml.jackson.databind.Module;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.jsontype.TypeResolverBuilder;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.ClassUtils;
/**
* This utility class will find all the SecurityModules in classpath.
*
* <p>
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModules(SecurityJacksonModules.getModules());
* </pre> Above code is equivalent to
* <p>
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
* mapper.registerModule(new CoreJackson2Module());
* mapper.registerModule(new CasJackson2Module());
* mapper.registerModule(new WebJackson2Module());
* </pre>
*
* @author Jitendra Singh.
* @since 4.2
*/
public final class SecurityJacksonModules {
private static final Log logger = LogFactory.getLog(SecurityJacksonModules.class);
private static final List<String> securityJackson2ModuleClasses = Arrays.asList(
"org.springframework.security.jackson2.CoreJackson2Module",
"org.springframework.security.cas.jackson2.CasJackson2Module",
"org.springframework.security.web.jackson2.WebJackson2Module");
private SecurityJacksonModules() {
}
public static void enableDefaultTyping(ObjectMapper mapper) {
if (mapper != null) {
TypeResolverBuilder<?> typeBuilder = mapper.getDeserializationConfig()
.getDefaultTyper(null);
if (typeBuilder == null) {
mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL,
JsonTypeInfo.As.PROPERTY);
}
}
}
@SuppressWarnings("unchecked")
private static Module loadAndGetInstance(String className, ClassLoader loader) {
Module instance = null;
try {
Class<? extends Module> securityModule = (Class<? extends Module>) ClassUtils
.forName(className, loader);
if (securityModule != null) {
if (logger.isDebugEnabled()) {
logger.debug("Loaded module " + className + ", now registering");
}
instance = securityModule.newInstance();
}
}
catch (Exception e) {
if (logger.isDebugEnabled()) {
logger.debug("Cannot load module " + className, e);
}
}
return instance;
}
/**
* @param loader the ClassLoader to use
* @return List of available security modules in classpath.
*/
public static List<Module> getModules(ClassLoader loader) {
List<Module> modules = new ArrayList<Module>();
for (String className : securityJackson2ModuleClasses) {
Module module = loadAndGetInstance(className, loader);
if (module != null) {
modules.add(module);
}
}
return modules;
}
}

50
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java Normal file
View File

@@ -0,0 +1,50 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
/**
* Jackson Mixin class helps in serialize/deserialize
* {@link org.springframework.security.core.authority.SimpleGrantedAuthority}.
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new CoreJackson2Module());
* </pre>
* @author Jitendra Singh
* @see CoreJackson2Module
* @see SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.NONE, getterVisibility = JsonAutoDetect.Visibility.PUBLIC_ONLY, isGetterVisibility = JsonAutoDetect.Visibility.NONE)
@JsonIgnoreProperties(ignoreUnknown = true)
public abstract class SimpleGrantedAuthorityMixin {
/**
* Mixin Constructor.
* @param role the role
*/
@JsonCreator
public SimpleGrantedAuthorityMixin(@JsonProperty("authority") String role) {
}
}

48
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java Normal file
View File

@@ -0,0 +1,48 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import java.util.Set;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
/**
* This mixin class used to deserialize java.util.Collections$UnmodifiableSet and used
* with various AuthenticationToken implementation's mixin classes.
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new CoreJackson2Module());
* </pre>
*
* @author Jitendra Singh
* @see CoreJackson2Module
* @see SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
class UnmodifiableSetMixin {
/**
* Mixin Constructor
* @param s the Set
*/
@JsonCreator
UnmodifiableSetMixin(Set<?> s) {
}
}

81
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UserDeserializer.java Normal file
View File

@@ -0,0 +1,81 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import java.io.IOException;
import java.util.Set;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.MissingNode;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
/**
* Custom Deserializer for {@link User} class. This is already registered with
* {@link UserMixin}. You can also use it directly with your mixin class.
*
* @author Jitendra Singh
* @see UserMixin
*/
class UserDeserializer extends JsonDeserializer<User> {
/**
* This method will create {@link User} object. It will ensure successful object
* creation even if password key is null in serialized json, because credentials may
* be removed from the {@link User} by invoking {@link User#eraseCredentials()}. In
* that case there won't be any password key in serialized json.
*
* @param jp the JsonParser
* @param ctxt the DeserializationContext
* @return the user
* @throws IOException if a exception during IO occurs
* @throws JsonProcessingException if an error during JSON processing occurs
*/
@Override
public User deserialize(JsonParser jp, DeserializationContext ctxt)
throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) jp.getCodec();
JsonNode jsonNode = mapper.readTree(jp);
Set<GrantedAuthority> authorities = mapper.convertValue(
jsonNode.get("authorities"),
new TypeReference<Set<SimpleGrantedAuthority>>() {
});
JsonNode password = readJsonNode(jsonNode, "password");
User result = new User(readJsonNode(jsonNode, "username").asText(),
password.asText(""), readJsonNode(jsonNode, "enabled").asBoolean(),
readJsonNode(jsonNode, "accountNonExpired").asBoolean(),
readJsonNode(jsonNode, "credentialsNonExpired").asBoolean(),
readJsonNode(jsonNode, "accountNonLocked").asBoolean(), authorities);
if (password.asText(null) == null) {
result.eraseCredentials();
}
return result;
}
private JsonNode readJsonNode(JsonNode jsonNode, String field) {
return jsonNode.has(field) ? jsonNode.get(field) : MissingNode.getInstance();
}
}

50
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UserMixin.java Normal file
View File

@@ -0,0 +1,50 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
/**
* This mixin class helps in serialize/deserialize
* {@link org.springframework.security.core.userdetails.User}. This class also register a
* custom deserializer {@link UserDeserializer} to deserialize User object successfully.
* In order to use this mixin you need to register two more mixin classes in your
* ObjectMapper configuration.
* <ol>
* <li>{@link SimpleGrantedAuthorityMixin}</li>
* <li>{@link UnmodifiableSetMixin}</li>
* </ol>
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new CoreJackson2Module());
* </pre>
*
* @author Jitendra Singh
* @see UserDeserializer
* @see CoreJackson2Module
* @see SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonDeserialize(using = UserDeserializer.class)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE)
@JsonIgnoreProperties(ignoreUnknown = true)
abstract class UserMixin {
}

95
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java Normal file
View File

@@ -0,0 +1,95 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import java.io.IOException;
import java.util.List;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.MissingNode;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
/**
* Custom deserializer for {@link UsernamePasswordAuthenticationToken}. At the time of
* deserialization it will invoke suitable constructor depending on the value of
* <b>authenticated</b> property. It will ensure that the token's state must not change.
* <p>
* This deserializer is already registered with
* {@link UsernamePasswordAuthenticationTokenMixin} but you can also registered it with
* your own mixin class.
*
* @author Jitendra Singh
* @see UsernamePasswordAuthenticationTokenMixin
*/
class UsernamePasswordAuthenticationTokenDeserializer
extends JsonDeserializer<UsernamePasswordAuthenticationToken> {
/**
* This method construct {@link UsernamePasswordAuthenticationToken} object from
* serialized json.
* @param jp the JsonParser
* @param ctxt the DeserializationContext
* @return the user
* @throws IOException if a exception during IO occurs
* @throws JsonProcessingException if an error during JSON processing occurs
*/
@Override
public UsernamePasswordAuthenticationToken deserialize(JsonParser jp,
DeserializationContext ctxt) throws IOException, JsonProcessingException {
UsernamePasswordAuthenticationToken token = null;
ObjectMapper mapper = (ObjectMapper) jp.getCodec();
JsonNode jsonNode = mapper.readTree(jp);
Boolean authenticated = readJsonNode(jsonNode, "authenticated").asBoolean();
JsonNode principalNode = readJsonNode(jsonNode, "principal");
Object principal = null;
if (principalNode.isObject()) {
principal = mapper.readValue(principalNode.toString(),
new TypeReference<User>() {
});
}
else {
principal = principalNode.asText();
}
Object credentials = readJsonNode(jsonNode, "credentials").asText();
List<GrantedAuthority> authorities = mapper.readValue(
readJsonNode(jsonNode, "authorities").toString(),
new TypeReference<List<GrantedAuthority>>() {
});
if (authenticated) {
token = new UsernamePasswordAuthenticationToken(principal, credentials,
authorities);
}
else {
token = new UsernamePasswordAuthenticationToken(principal, credentials);
}
token.setDetails(readJsonNode(jsonNode, "details"));
return token;
}
private JsonNode readJsonNode(JsonNode jsonNode, String field) {
return jsonNode.has(field) ? jsonNode.get(field) : MissingNode.getInstance();
}
}

49
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java Normal file
View File

@@ -0,0 +1,49 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.jackson2;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
/**
* This mixin class is used to serialize / deserialize
* {@link org.springframework.security.authentication.UsernamePasswordAuthenticationToken}
* . This class register a custom deserializer
* {@link UsernamePasswordAuthenticationTokenDeserializer}.
*
* In order to use this mixin you'll need to add 3 more mixin classes.
* <ol>
* <li>{@link UnmodifiableSetMixin}</li>
* <li>{@link SimpleGrantedAuthorityMixin}</li>
* <li>{@link UserMixin}</li>
* </ol>
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new CoreJackson2Module());
* </pre>
* @author Jitendra Singh
* @see CoreJackson2Module
* @see SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class")
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE)
@JsonDeserialize(using = UsernamePasswordAuthenticationTokenDeserializer.class)
abstract class UsernamePasswordAuthenticationTokenMixin {
}

27
samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/package-info.java Normal file
View File

@@ -0,0 +1,27 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Mix-in classes to add Jackson serialization support.
*
* @author Jitendra Singh
* @since 4.2
*/
package org.springframework.security.jackson2;
/**
* Package contains Jackson mixin classes.
*/

64
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java Normal file
View File

@@ -0,0 +1,64 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import java.io.IOException;
import javax.servlet.http.Cookie;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.MissingNode;
import com.fasterxml.jackson.databind.node.NullNode;
/**
* Jackson deserializer for {@link Cookie}. This is needed because in most cases we don't
* set {@link Cookie#getDomain()} property. So when jackson deserialize that json
* {@link Cookie#setDomain(String)} throws {@link NullPointerException}. This is
* registered with {@link CookieMixin} but you can also use it with your own mixin.
*
* @author Jitendra Singh
* @see CookieMixin
*/
class CookieDeserializer extends JsonDeserializer<Cookie> {
@Override
public Cookie deserialize(JsonParser jp, DeserializationContext ctxt)
throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) jp.getCodec();
JsonNode jsonNode = mapper.readTree(jp);
Cookie cookie = new Cookie(readJsonNode(jsonNode, "name").asText(),
readJsonNode(jsonNode, "value").asText());
cookie.setComment(readJsonNode(jsonNode, "comment").asText());
cookie.setDomain(readJsonNode(jsonNode, "domain").asText());
cookie.setMaxAge(readJsonNode(jsonNode, "maxAge").asInt(-1));
cookie.setSecure(readJsonNode(jsonNode, "secure").asBoolean());
cookie.setVersion(readJsonNode(jsonNode, "version").asInt());
cookie.setPath(readJsonNode(jsonNode, "path").asText());
cookie.setHttpOnly(readJsonNode(jsonNode, "httpOnly").asBoolean());
return cookie;
}
private JsonNode readJsonNode(JsonNode jsonNode, String field) {
return jsonNode.has(field) && !(jsonNode.get(field) instanceof NullNode)
? jsonNode.get(field) : MissingNode.getInstance();
}
}

40
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java Normal file
View File

@@ -0,0 +1,40 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
/**
* Mixin class to serialize/deserialize {@link javax.servlet.http.Cookie}
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new WebJackson2Module());
* </pre>
*
* @author Jitendra Singh
* @see WebJackson2Module
* @see org.springframework.security.jackson2.SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonDeserialize(using = CookieDeserializer.class)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, isGetterVisibility = JsonAutoDetect.Visibility.NONE)
abstract class CookieMixin {
}

55
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixin.java Normal file
View File

@@ -0,0 +1,55 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
/**
* Jackson mixin class to serialize/deserialize
* {@link org.springframework.security.web.csrf.DefaultCsrfToken} serialization support.
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new WebJackson2Module());
* </pre>
*
* @author Jitendra Singh
* @see WebJackson2Module
* @see org.springframework.security.jackson2.SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class")
@JsonIgnoreProperties(ignoreUnknown = true)
class DefaultCsrfTokenMixin {
/**
* JsonCreator constructor needed by Jackson to create
* {@link org.springframework.security.web.csrf.DefaultCsrfToken} object.
*
* @param headerName the name of the header
* @param parameterName the parameter name
* @param token the CSRF token value
*/
@JsonCreator
DefaultCsrfTokenMixin(@JsonProperty("headerName") String headerName,
@JsonProperty("parameterName") String parameterName,
@JsonProperty("token") String token) {
}
}

34
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestBuilder.java Normal file
View File

@@ -0,0 +1,34 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
/**
* Spring Security 4.2 will support saved request.
*
* @author Rob Winch
*/
@JsonIgnoreProperties(ignoreUnknown = true)
public class DefaultSavedRequestBuilder {
public DefaultSavedRequest build() {
return null;
}
}

45
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java Normal file
View File

@@ -0,0 +1,45 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
/**
* Jackson mixin class to serialize/deserialize {@link DefaultSavedRequest}. This mixin
* use {@link org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder}
* to deserialized json.In order to use this mixin class you also need to register
* {@link CookieMixin}.
* <p>
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new WebJackson2Module());
* </pre>
*
* @author Jitendra Singh
* @see WebJackson2Module
* @see org.springframework.security.jackson2.SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonDeserialize(builder = DefaultSavedRequestBuilder.class)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE)
abstract class DefaultSavedRequestMixin {
}

53
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java Normal file
View File

@@ -0,0 +1,53 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
/**
* Jackson mixin class to serialize/deserialize
* {@link org.springframework.security.web.savedrequest.SavedCookie} serialization
* support.
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new WebJackson2Module());
* </pre>
*
* @author Jitendra Singh.
* @see WebJackson2Module
* @see org.springframework.security.jackson2.SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE)
@JsonIgnoreProperties(ignoreUnknown = true)
abstract class SavedCookieMixin {
@JsonCreator
SavedCookieMixin(@JsonProperty("name") String name,
@JsonProperty("value") String value, @JsonProperty("comment") String comment,
@JsonProperty("domain") String domain, @JsonProperty("maxAge") int maxAge,
@JsonProperty("path") String path, @JsonProperty("secure") boolean secure,
@JsonProperty("version") int version) {
}
}

48
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java Normal file
View File

@@ -0,0 +1,48 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
/**
* Jackson mixin class to serialize/deserialize
* {@link org.springframework.security.web.authentication.WebAuthenticationDetails}.
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new WebJackson2Module());
* </pre>
*
* @author Jitendra Singh
* @see WebJackson2Module
* @see org.springframework.security.jackson2.SecurityJacksonModules
* @since 4.2
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonIgnoreProperties(ignoreUnknown = true)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.ANY)
class WebAuthenticationDetailsMixin {
@JsonCreator
WebAuthenticationDetailsMixin(@JsonProperty("remoteAddress") String remoteAddress,
@JsonProperty("sessionId") String sessionId) {
}
}

65
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java Normal file
View File

@@ -0,0 +1,65 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.jackson2;
import javax.servlet.http.Cookie;
import com.fasterxml.jackson.core.Version;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.module.SimpleModule;
import org.springframework.security.jackson2.SecurityJacksonModules;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.csrf.DefaultCsrfToken;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.security.web.savedrequest.SavedCookie;
/**
* Jackson module for spring-security-web. This module register {@link CookieMixin},
* {@link DefaultCsrfTokenMixin}, {@link DefaultSavedRequestMixin} and
* {@link WebAuthenticationDetailsMixin}. If no default typing enabled by default then
* it'll enable it because typing info is needed to properly serialize/deserialize
* objects. In order to use this module just add this module into your ObjectMapper
* configuration.
*
* <pre>
* ObjectMapper mapper = new ObjectMapper();
* mapper.registerModule(new WebJackson2Module());
* </pre> <b>Note: use {@link SecurityJacksonModules#getModules(ClassLoader)} to get list
* of all security modules.</b>
*
* @author Jitendra Singh
* @see SecurityJacksonModules
*/
public class WebJackson2Module extends SimpleModule {
public WebJackson2Module() {
super(WebJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null));
}
@Override
public void setupModule(SetupContext context) {
SecurityJacksonModules.enableDefaultTyping((ObjectMapper) context.getOwner());
context.setMixInAnnotations(Cookie.class, CookieMixin.class);
context.setMixInAnnotations(SavedCookie.class, SavedCookieMixin.class);
context.setMixInAnnotations(DefaultCsrfToken.class, DefaultCsrfTokenMixin.class);
context.setMixInAnnotations(DefaultSavedRequest.class,
DefaultSavedRequestMixin.class);
context.setMixInAnnotations(WebAuthenticationDetails.class,
WebAuthenticationDetailsMixin.class);
}
}

23
samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/package-info.java Normal file
View File

@@ -0,0 +1,23 @@
/*
* Copyright 2014-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* Mix-in classes to provide Jackson serialization support.
*
* @author Jitendra Singh
* @since 4.2
*/
package org.springframework.security.web.jackson2;

15
samples/httpsession-redis-json/src/main/java/sample/mixins/BadCredentialsExceptionMixin.java
View File

@@ -1,15 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.annotation.*;
/**
* @author jitendra on 15/3/16.
*/
@JsonIdentityInfo(generator=ObjectIdGenerators.IntSequenceGenerator.class, property="@id")
@JsonIgnoreProperties({"cause", "@id"})
public class BadCredentialsExceptionMixin {
@JsonCreator
public BadCredentialsExceptionMixin(@JsonProperty("detailMessage") String msg) {
}
}

21
samples/httpsession-redis-json/src/main/java/sample/mixins/DefaultCsrfTokenMixin.java
View File

@@ -1,21 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
import org.springframework.security.web.PortResolver;
import javax.servlet.http.HttpServletRequest;
/**
* @author jitendra on 8/3/16.
*/
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class")
public abstract class DefaultCsrfTokenMixin {
@JsonCreator
public DefaultCsrfTokenMixin(@JsonProperty("headerName") String headerName,
@JsonProperty("parameterName") String parameterName,
@JsonProperty("token") String token) {
}
}

262
samples/httpsession-redis-json/src/main/java/sample/mixins/DefaultSavedRequestDeserializer.java
View File

@@ -1,262 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
import com.sun.org.apache.xpath.internal.operations.Bool;
import org.springframework.security.web.PortResolverImpl;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.security.web.savedrequest.SavedCookie;
import org.springframework.util.ObjectUtils;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.lang.reflect.Proxy;
import java.util.*;
/**
* @author jitendra on 8/3/16.
*/
public class DefaultSavedRequestDeserializer extends StdDeserializer<DefaultSavedRequest> {
public DefaultSavedRequestDeserializer(Class<DefaultSavedRequest> requestClass) {
super(requestClass);
}
@Override
public DefaultSavedRequest deserialize(JsonParser p, DeserializationContext context) throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) p.getCodec();
JsonNode jsonNode = mapper.readTree(p);
DummyServletRequest request = new DummyServletRequest();
request.setContextPath(jsonNode.get("contextPath").asText());
request.setMethod(jsonNode.get("method").asText());
request.setPathInfo(jsonNode.get("pathInfo").asText());
request.setQueryString(jsonNode.get("queryString").asText());
request.setRequestURI(jsonNode.get("requestURI").asText());
request.setRequestURL(jsonNode.get("requestURL").asText());
request.setScheme(jsonNode.get("scheme").asText());
request.setServerName(jsonNode.get("serverName").asText());
request.setServletPath(jsonNode.get("servletPath").asText());
request.setServerPort(jsonNode.get("serverPort").asInt());
List<Cookie> cookies = mapper.readValue(jsonNode.get("cookies").toString(), new TypeReference<List<Cookie>>() {
});
Map<String, String[]> params = mapper.readValue(jsonNode.get("parameterMap").toString(), new TypeReference<Map<String, String[]>>() {
});
ArrayList<Locale> locales = mapper.readValue(jsonNode.get("locales").toString(), new TypeReference<List<Locale>>() {
});
Map<String, List<String>> headers = mapper.readValue(jsonNode.get("headers").toString(), new TypeReference<Map<String, List<String>>>() {
});
request.setCookies(cookies.toArray(new Cookie[]{}));
request.setParameters(params);
request.setLocales(locales);
request.setHeaders(headers);
return new DefaultSavedRequest(request, new PortResolverImpl());
}
protected static class DummyServletRequest extends HttpServletRequestWrapper {
private static final HttpServletRequest UNSUPPORTED_REQUEST = (HttpServletRequest) Proxy
.newProxyInstance(DummyServletRequest.class.getClassLoader(),
new Class[]{HttpServletRequest.class},
new UnsupportedOperationExceptionInvocationHandler());
private String method;
private String pathInfo;
private String queryString;
private String requestURI;
private int serverPort;
private String requestURL;
private String scheme;
private String serverName;
private String contextPath;
private String servletPath;
private Cookie[] cookies;
private String remoteAddress;
private ArrayList<Locale> locales = new ArrayList<Locale>();
private Map<String, List<String>> headers = new TreeMap<String, List<String>>(String.CASE_INSENSITIVE_ORDER);
private Map<String, String[]> parameters = new TreeMap<String, String[]>();
private HttpSession session;
public DummyServletRequest() {
super(UNSUPPORTED_REQUEST);
}
public void setMethod(String method) {
this.method = method;
}
public void setPathInfo(String pathInfo) {
this.pathInfo = pathInfo;
}
public void setQueryString(String queryString) {
this.queryString = queryString;
}
public void setRequestURI(String requestURI) {
this.requestURI = requestURI;
}
public void setServerPort(int serverPort) {
this.serverPort = serverPort;
}
public void setRequestURL(String requestURL) {
this.requestURL = requestURL;
}
public void setScheme(String scheme) {
this.scheme = scheme;
}
public void setServerName(String serverName) {
this.serverName = serverName;
}
public void setContextPath(String contextPath) {
this.contextPath = contextPath;
}
public void setServletPath(String servletPath) {
this.servletPath = servletPath;
}
public void setCookies(Cookie[] cookies) {
this.cookies = cookies;
}
@Override
public Cookie[] getCookies() {
return cookies;
}
@Override
public Map<String, String[]> getParameterMap() {
return parameters;
}
public void setParameters(Map<String, String[]> params) {
this.parameters = params;
}
@Override
public Enumeration<String> getParameterNames() {
return Collections.enumeration(parameters.keySet());
}
@Override
public String[] getParameterValues(String name) {
return super.getParameterValues(name);
}
public void setLocales(ArrayList<Locale> locales) {
this.locales = locales;
}
public void setHeaders(Map<String, List<String>> headers) {
this.headers = headers;
}
@Override
public Enumeration<String> getHeaders(String name) {
return Collections.enumeration(headers.get(name));
}
@Override
public Enumeration<String> getHeaderNames() {
return Collections.enumeration(headers.keySet());
}
@Override
public String getMethod() {
return method;
}
@Override
public String getPathInfo() {
return pathInfo;
}
@Override
public String getQueryString() {
return (queryString == null || "null".equals(queryString)) ? "" : queryString;
}
@Override
public String getRequestURI() {
return requestURI;
}
@Override
public int getServerPort() {
return serverPort;
}
@Override
public StringBuffer getRequestURL() {
return new StringBuffer(requestURL);
}
@Override
public String getScheme() {
return scheme;
}
@Override
public String getServerName() {
return serverName;
}
@Override
public String getContextPath() {
return contextPath;
}
@Override
public String getServletPath() {
return servletPath;
}
@Override
public Enumeration<Locale> getLocales() {
return Collections.enumeration(locales);
}
public Map<String, List<String>> getHeaders() {
return headers;
}
public Map<String, String[]> getParameters() {
return parameters;
}
public String getRemoteAddr() {
return remoteAddress;
}
public void setRemoteAddr(String remoteAddress) {
this.remoteAddress = remoteAddress;
}
@Override
public HttpSession getSession() {
return session;
}
@Override
public HttpSession getSession(boolean create) {
return session;
}
public void setSession(HttpSession session) {
this.session = session;
}
}
}

34
samples/httpsession-redis-json/src/main/java/sample/mixins/HttpCookieDeserializer.java
View File

@@ -1,34 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import javax.servlet.http.Cookie;
import java.io.IOException;
import static sample.utils.JsonNodeExtractor.*;
/**
* @author jitendra on 22/3/16.
*/
public class HttpCookieDeserializer extends JsonDeserializer<Cookie> {
@Override
public Cookie deserialize(JsonParser p, DeserializationContext ctxt) throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) p.getCodec();
JsonNode jsonNode = mapper.readTree(p);
Cookie cookie = new Cookie(getStringValue(jsonNode, "name"), getStringValue(jsonNode, "value"));
cookie.setComment(getStringValue(jsonNode, "comment"));
cookie.setDomain(getStringValue(jsonNode, "domain", ""));
cookie.setMaxAge(getIntValue(jsonNode, "maxAge", -1));
cookie.setSecure(getBooleanValue(jsonNode, "secure"));
cookie.setVersion(getIntValue(jsonNode, "version"));
cookie.setPath(getStringValue(jsonNode, "path"));
cookie.setHttpOnly(getBooleanValue(jsonNode, "httpOnly", false));
return cookie;
}
}

17
samples/httpsession-redis-json/src/main/java/sample/mixins/SavedCookieMixin.java
View File

@@ -1,17 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeInfo;
/**
* @author jitendra on 8/3/16.
*/
public abstract class SavedCookieMixin {
@JsonCreator
SavedCookieMixin(@JsonProperty("name") String name, @JsonProperty("value") String value, @JsonProperty("comment") String comment,
@JsonProperty("domain") String domain, @JsonProperty("maxAge") int maxAge, @JsonProperty("path") String path,
@JsonProperty("secure") boolean secure, @JsonProperty("version") int version){
}
}

15
samples/httpsession-redis-json/src/main/java/sample/mixins/SimpleGrantedAuthorityMixin.java
View File

@@ -1,15 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
/**
* @author jitendra on 14/3/16.
*/
public abstract class SimpleGrantedAuthorityMixin {
@JsonCreator
public SimpleGrantedAuthorityMixin(@JsonProperty("authority") String role) {
}
}

16
samples/httpsession-redis-json/src/main/java/sample/mixins/UnmodifiableSetMixin.java
View File

@@ -1,16 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.Set;
/**
* @author jitendra on 14/3/16.
*/
public abstract class UnmodifiableSetMixin {
@JsonCreator
UnmodifiableSetMixin(@JsonProperty("s") Set s) {
}
}

14
samples/httpsession-redis-json/src/main/java/sample/mixins/UnsupportedOperationExceptionInvocationHandler.java
View File

@@ -1,14 +0,0 @@
package sample.mixins;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
/**
* @author jitendra on 8/3/16.
*/
public class UnsupportedOperationExceptionInvocationHandler implements InvocationHandler {
@Override
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
throw new UnsupportedOperationException(method + " is not supported");
}
}

38
samples/httpsession-redis-json/src/main/java/sample/mixins/UserDeserializer.java
View File

@@ -1,38 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import java.io.IOException;
import java.util.Set;
import static sample.utils.JsonNodeExtractor.*;
/**
* @author jitendra on 14/3/16.
*/
public class UserDeserializer extends JsonDeserializer<User> {
@Override
public User deserialize(JsonParser p, DeserializationContext ctxt) throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) p.getCodec();
JsonNode jsonNode = mapper.readTree(p);
Set<GrantedAuthority> authorities = mapper.readValue(jsonNode.get("authorities").toString(), new TypeReference<Set<GrantedAuthority>>() {});
return new User(
getStringValue(jsonNode, "username"),
getStringValue(jsonNode, "password", ""),
getBooleanValue(jsonNode, "enabled"),
getBooleanValue(jsonNode, "accountNonExpired"),
getBooleanValue(jsonNode, "credentialsNonExpired"),
getBooleanValue(jsonNode, "accountNonLocked"),
authorities
);
}
}

46
samples/httpsession-redis-json/src/main/java/sample/mixins/UsernamePasswordAuthenticationTokenDeserializer.java
View File

@@ -1,46 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import java.io.IOException;
import java.util.List;
/**
* @author jitendra on 9/3/16.
*/
public class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<UsernamePasswordAuthenticationToken> {
@Override
public UsernamePasswordAuthenticationToken deserialize(JsonParser p, DeserializationContext ctxt) throws IOException, JsonProcessingException {
UsernamePasswordAuthenticationToken token = null;
ObjectMapper mapper = (ObjectMapper) p.getCodec();
JsonNode jsonNode = mapper.readTree(p);
Boolean authenticated = jsonNode.get("authenticated").asBoolean();
JsonNode principalNode = jsonNode.get("principal");
Object principal = null;
if(principalNode.isObject()) {
principal = mapper.readValue(principalNode.toString(), new TypeReference<User>() {});
} else {
principal = principalNode.asText();
}
Object credentials = jsonNode.get("credentials").asText();
List<GrantedAuthority> authorities = mapper.readValue(jsonNode.get("authorities").toString(), new TypeReference<List<GrantedAuthority>>() {
});
if (authenticated) {
token = new UsernamePasswordAuthenticationToken(principal, credentials, authorities);
} else {
token = new UsernamePasswordAuthenticationToken(principal, credentials);
}
token.setDetails(jsonNode.get("details"));
return token;
}
}

127
samples/httpsession-redis-json/src/main/java/sample/mixins/WebAuthenticationDetailsDeserializer.java
View File

@@ -1,127 +0,0 @@
package sample.mixins;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionContext;
import java.io.IOException;
import java.util.Enumeration;
/**
* @author jitendra on 14/3/16.
*/
public class WebAuthenticationDetailsDeserializer extends JsonDeserializer<WebAuthenticationDetails> {
@Override
public WebAuthenticationDetails deserialize(JsonParser p, DeserializationContext ctxt) throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) p.getCodec();
JsonNode jsonNode = mapper.readTree(p);
DummyHttpSession session = new DummyHttpSession();
session.setId(jsonNode.get("sessionId").asText());
DefaultSavedRequestDeserializer.DummyServletRequest request = new DefaultSavedRequestDeserializer.DummyServletRequest();
request.setRemoteAddr(jsonNode.get("remoteAddress").asText());
request.setSession(session);
return new WebAuthenticationDetails(request);
}
protected static class DummyHttpSession implements HttpSession {
private String id;
@Override
public long getCreationTime() {
return 0;
}
@Override
public String getId() {
return this.id;
}
public void setId(String id) {
this.id = id;
}
@Override
public long getLastAccessedTime() {
return 0;
}
@Override
public ServletContext getServletContext() {
return null;
}
@Override
public void setMaxInactiveInterval(int interval) {
}
@Override
public int getMaxInactiveInterval() {
return 0;
}
@Override
public HttpSessionContext getSessionContext() {
return null;
}
@Override
public Object getAttribute(String name) {
return null;
}
@Override
public Object getValue(String name) {
return null;
}
@Override
public Enumeration<String> getAttributeNames() {
return null;
}
@Override
public String[] getValueNames() {
return new String[0];
}
@Override
public void setAttribute(String name, Object value) {
}
@Override
public void putValue(String name, Object value) {
}
@Override
public void removeAttribute(String name) {
}
@Override
public void removeValue(String name) {
}
@Override
public void invalidate() {
}
@Override
public boolean isNew() {
return false;
}
}
}

45
samples/httpsession-redis-json/src/main/java/sample/utils/JsonNodeExtractor.java
View File

@@ -1,45 +0,0 @@
package sample.utils;
import com.fasterxml.jackson.databind.JsonNode;
import com.sun.org.apache.xpath.internal.operations.Bool;
/**
* Created by jitendra on 28/3/16.
*/
public class JsonNodeExtractor {
public static String getStringValue(JsonNode jsonNode, String field) {
return getStringValue(jsonNode, field, null);
}
public static String getStringValue(JsonNode jsonNode, String field, String defaultValue) {
JsonNode node = getValue(jsonNode, field);
return (node != null) ? node.asText(defaultValue) : defaultValue;
}
private static JsonNode getValue(JsonNode jsonNode, String field) {
if (jsonNode.has(field)) {
return jsonNode.get(field);
} else {
return null;
}
}
public static Integer getIntValue(JsonNode jsonNode, String field) {
return getIntValue(jsonNode, field, 0);
}
public static Integer getIntValue(JsonNode jsonNode, String field, Integer defaultValue) {
JsonNode node = getValue(jsonNode, field);
return (node != null) ? node.asInt(defaultValue) : defaultValue;
}
public static Boolean getBooleanValue(JsonNode jsonNode, String field) {
return getBooleanValue(jsonNode, field, false);
}
public static Boolean getBooleanValue(JsonNode jsonNode, String field, Boolean defaultValue) {
JsonNode node = getValue(jsonNode, field);
return (node != null) ? node.asBoolean(defaultValue) : defaultValue;
}
}