From 4e33b7740ccd3054882b93a5dee03d7f65ee234a Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Fri, 23 Sep 2016 15:54:37 -0500 Subject: [PATCH] Update to Spring Security 4.2.0.M1 --- gradle.properties | 2 +- .../AnonymousAuthenticationTokenMixin.java | 66 ----------- .../security/jackson2/CoreJackson2Module.java | 71 ------------ .../RememberMeAuthenticationTokenMixin.java | 72 ------------ .../jackson2/SecurityJacksonModules.java | 109 ------------------ .../jackson2/SimpleGrantedAuthorityMixin.java | 50 -------- .../jackson2/UnmodifiableSetMixin.java | 48 -------- .../security/jackson2/UserDeserializer.java | 81 ------------- .../security/jackson2/UserMixin.java | 50 -------- ...sswordAuthenticationTokenDeserializer.java | 95 --------------- ...rnamePasswordAuthenticationTokenMixin.java | 49 -------- .../security/jackson2/package-info.java | 27 ----- .../web/jackson2/CookieDeserializer.java | 64 ---------- .../security/web/jackson2/CookieMixin.java | 40 ------- .../web/jackson2/DefaultCsrfTokenMixin.java | 55 --------- .../jackson2/DefaultSavedRequestBuilder.java | 34 ------ .../jackson2/DefaultSavedRequestMixin.java | 45 -------- .../web/jackson2/SavedCookieMixin.java | 53 --------- .../WebAuthenticationDetailsMixin.java | 48 -------- .../web/jackson2/WebJackson2Module.java | 65 ----------- .../security/web/jackson2/package-info.java | 23 ---- 21 files changed, 1 insertion(+), 1146 deletions(-) delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/SecurityJacksonModules.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UserDeserializer.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UserMixin.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/package-info.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixin.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestBuilder.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java delete mode 100644 samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/package-info.java diff --git a/gradle.properties b/gradle.properties index 3c2399ff..98c9b6c6 100644 --- a/gradle.properties +++ b/gradle.properties @@ -14,7 +14,7 @@ mockitoVersion=1.10.19 hazelcastVersion=3.6.5 springDataGeodeVersion=1.0.0.APACHE-GEODE-INCUBATING-M2 seleniumVersion=2.52.0 -springSecurityVersion=4.0.3.RELEASE +springSecurityVersion=4.2.0.M1 springVersion=4.2.5.RELEASE httpClientVersion=4.5.1 jedisVersion=2.8.1 diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java deleted file mode 100644 index b2218738..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.jackson2; - -import java.util.Collection; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -import org.springframework.security.core.GrantedAuthority; - -/** - * This is a Jackson mixin class helps in serialize/deserialize - * {@link org.springframework.security.authentication.AnonymousAuthenticationToken} class. - * To use this class you need to register it with - * {@link com.fasterxml.jackson.databind.ObjectMapper} and - * {@link SimpleGrantedAuthorityMixin} because AnonymousAuthenticationToken contains - * SimpleGrantedAuthority. 
- *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new CoreJackson2Module());
- *
- * - * Note: This class will save full class name into a property called @class - * - * @author Jitendra Singh - * @see CoreJackson2Module - * @see SecurityJacksonModules - * @since 4.2 - */ -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, isGetterVisibility = JsonAutoDetect.Visibility.NONE, getterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.ANY) -@JsonIgnoreProperties(ignoreUnknown = true) -class AnonymousAuthenticationTokenMixin { - - /** - * Constructor used by Jackson to create object of - * {@link org.springframework.security.authentication.AnonymousAuthenticationToken}. - * - * @param keyHash hashCode of key provided at the time of token creation by using - * {@link org.springframework.security.authentication.AnonymousAuthenticationToken#AnonymousAuthenticationToken(String, Object, Collection)} - * @param principal the principal (typically a UserDetails) - * @param authorities the authorities granted to the principal - */ - @JsonCreator - AnonymousAuthenticationTokenMixin(@JsonProperty("keyHash") Integer keyHash, - @JsonProperty("principal") Object principal, - @JsonProperty("authorities") Collection authorities) { - } -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java deleted file mode 100644 index ff23bf5c..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.jackson2; - -import java.util.Collections; - -import com.fasterxml.jackson.core.Version; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.module.SimpleModule; - -import org.springframework.security.authentication.AnonymousAuthenticationToken; -import org.springframework.security.authentication.RememberMeAuthenticationToken; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.userdetails.User; - -/** - * Jackson module for spring-security-core. This module register - * {@link AnonymousAuthenticationTokenMixin}, {@link RememberMeAuthenticationTokenMixin}, - * {@link SimpleGrantedAuthorityMixin}, {@link UnmodifiableSetMixin}, {@link UserMixin} - * and {@link UsernamePasswordAuthenticationTokenMixin}. If no default typing enabled by - * default then it'll enable it because typing info is needed to properly - * serialize/deserialize objects. In order to use this module just add this module into - * your ObjectMapper configuration. - * - * 
- *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new CoreJackson2Module());
- *
Note: use {@link SecurityJacksonModules#getModules(ClassLoader)} to get list - * of all security modules. - * - * @author Jitendra Singh. - * @see SecurityJacksonModules - */ -public class CoreJackson2Module extends SimpleModule { - - public CoreJackson2Module() { - super(CoreJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null)); - } - - @Override - public void setupModule(SetupContext context) { - SecurityJacksonModules.enableDefaultTyping((ObjectMapper) context.getOwner()); - context.setMixInAnnotations(AnonymousAuthenticationToken.class, - AnonymousAuthenticationTokenMixin.class); - context.setMixInAnnotations(RememberMeAuthenticationToken.class, - RememberMeAuthenticationTokenMixin.class); - context.setMixInAnnotations(SimpleGrantedAuthority.class, - SimpleGrantedAuthorityMixin.class); - context.setMixInAnnotations( - Collections.unmodifiableSet(Collections.emptySet()).getClass(), - UnmodifiableSetMixin.class); - context.setMixInAnnotations(User.class, UserMixin.class); - context.setMixInAnnotations(UsernamePasswordAuthenticationToken.class, - UsernamePasswordAuthenticationTokenMixin.class); - } -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java deleted file mode 100644 index 77ae0d51..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.jackson2; - -import java.util.Collection; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -import org.springframework.security.core.GrantedAuthority; - -/** - * This mixin class helps in serialize/deserialize - * {@link org.springframework.security.authentication.RememberMeAuthenticationToken} - * class. To use this class you need to register it with - * {@link com.fasterxml.jackson.databind.ObjectMapper} and 2 more mixin classes. - * - *
    - *
  1. {@link SimpleGrantedAuthorityMixin}
    2. - *
  2. {@link UserMixin}
    3. - *
  3. {@link UnmodifiableSetMixin}
    4. - *
- * - * 
- *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new CoreJackson2Module());
- *
- * - * Note: This class will save TypeInfo (full class name) into a property - * called @class - * - * @author Jitendra Singh - * @see CoreJackson2Module - * @see SecurityJacksonModules - */ -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.ANY) -@JsonIgnoreProperties(ignoreUnknown = true) -class RememberMeAuthenticationTokenMixin { - - /** - * Constructor used by Jackson to create - * {@link org.springframework.security.authentication.RememberMeAuthenticationToken} - * object. - * - * @param keyHash hashCode of above given key. - * @param principal the principal (typically a UserDetails) - * @param authorities the authorities granted to the principal - */ - @JsonCreator - RememberMeAuthenticationTokenMixin(@JsonProperty("keyHash") Integer keyHash, - @JsonProperty("principal") Object principal, - @JsonProperty("authorities") Collection authorities) { - } -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/SecurityJacksonModules.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/SecurityJacksonModules.java deleted file mode 100644 index b7e8d5fe..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/SecurityJacksonModules.java +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.jackson2; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; - -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import com.fasterxml.jackson.databind.Module; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.jsontype.TypeResolverBuilder; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import org.springframework.util.ClassUtils; - -/** - * This utility class will find all the SecurityModules in classpath. - * - *

- * 

- *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModules(SecurityJacksonModules.getModules());
- *
Above code is equivalent to - *

- * 

- *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
- *     mapper.registerModule(new CoreJackson2Module());
- *     mapper.registerModule(new CasJackson2Module());
- *     mapper.registerModule(new WebJackson2Module());
- *
- * - * @author Jitendra Singh. - * @since 4.2 - */ -public final class SecurityJacksonModules { - - private static final Log logger = LogFactory.getLog(SecurityJacksonModules.class); - private static final List securityJackson2ModuleClasses = Arrays.asList( - "org.springframework.security.jackson2.CoreJackson2Module", - "org.springframework.security.cas.jackson2.CasJackson2Module", - "org.springframework.security.web.jackson2.WebJackson2Module"); - - private SecurityJacksonModules() { - } - - public static void enableDefaultTyping(ObjectMapper mapper) { - if (mapper != null) { - TypeResolverBuilder typeBuilder = mapper.getDeserializationConfig() - .getDefaultTyper(null); - if (typeBuilder == null) { - mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, - JsonTypeInfo.As.PROPERTY); - } - } - } - - @SuppressWarnings("unchecked") - private static Module loadAndGetInstance(String className, ClassLoader loader) { - Module instance = null; - try { - Class securityModule = (Class) ClassUtils - .forName(className, loader); - if (securityModule != null) { - if (logger.isDebugEnabled()) { - logger.debug("Loaded module " + className + ", now registering"); - } - instance = securityModule.newInstance(); - } - } - catch (Exception e) { - if (logger.isDebugEnabled()) { - logger.debug("Cannot load module " + className, e); - } - } - return instance; - } - - /** - * @param loader the ClassLoader to use - * @return List of available security modules in classpath. - */ - public static List getModules(ClassLoader loader) { - List modules = new ArrayList(); - for (String className : securityJackson2ModuleClasses) { - Module module = loadAndGetInstance(className, loader); - if (module != null) { - modules.add(module); - } - } - return modules; - } -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java deleted file mode 100644 index 6ce2bc12..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.jackson2; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -/** - * Jackson Mixin class helps in serialize/deserialize - * {@link org.springframework.security.core.authority.SimpleGrantedAuthority}. - * - * 
- *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new CoreJackson2Module());
- *
- * @author Jitendra Singh - * @see CoreJackson2Module - * @see SecurityJacksonModules - * @since 4.2 - */ -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.NONE, getterVisibility = JsonAutoDetect.Visibility.PUBLIC_ONLY, isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(ignoreUnknown = true) -public abstract class SimpleGrantedAuthorityMixin { - - /** - * Mixin Constructor. - * @param role the role - */ - @JsonCreator - public SimpleGrantedAuthorityMixin(@JsonProperty("authority") String role) { - } -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java deleted file mode 100644 index 9f824ec7..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.jackson2; - -import java.util.Set; - -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -/** - * This mixin class used to deserialize java.util.Collections$UnmodifiableSet and used - * with various AuthenticationToken implementation's mixin classes. - * - * 
- *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new CoreJackson2Module());
- *
- * - * @author Jitendra Singh - * @see CoreJackson2Module - * @see SecurityJacksonModules - * @since 4.2 - */ -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY) -class UnmodifiableSetMixin { - - /** - * Mixin Constructor - * @param s the Set - */ - @JsonCreator - UnmodifiableSetMixin(Set s) { - } -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UserDeserializer.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UserDeserializer.java deleted file mode 100644 index f078664a..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UserDeserializer.java +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.jackson2; - -import java.io.IOException; -import java.util.Set; - -import com.fasterxml.jackson.core.JsonParser; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.core.type.TypeReference; -import com.fasterxml.jackson.databind.DeserializationContext; -import com.fasterxml.jackson.databind.JsonDeserializer; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.node.MissingNode; - -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.userdetails.User; - -/** - * Custom Deserializer for {@link User} class. This is already registered with - * {@link UserMixin}. You can also use it directly with your mixin class. - * - * @author Jitendra Singh - * @see UserMixin - */ -class UserDeserializer extends JsonDeserializer { - - /** - * This method will create {@link User} object. It will ensure successful object - * creation even if password key is null in serialized json, because credentials may - * be removed from the {@link User} by invoking {@link User#eraseCredentials()}. In - * that case there won't be any password key in serialized json. - * - * @param jp the JsonParser - * @param ctxt the DeserializationContext - * @return the user - * @throws IOException if a exception during IO occurs - * @throws JsonProcessingException if an error during JSON processing occurs - */ - @Override - public User deserialize(JsonParser jp, DeserializationContext ctxt) - throws IOException, JsonProcessingException { - ObjectMapper mapper = (ObjectMapper) jp.getCodec(); - JsonNode jsonNode = mapper.readTree(jp); - Set authorities = mapper.convertValue( - jsonNode.get("authorities"), - new TypeReference>() { - }); - JsonNode password = readJsonNode(jsonNode, "password"); - User result = new User(readJsonNode(jsonNode, "username").asText(), - password.asText(""), readJsonNode(jsonNode, "enabled").asBoolean(), - readJsonNode(jsonNode, "accountNonExpired").asBoolean(), - readJsonNode(jsonNode, "credentialsNonExpired").asBoolean(), - readJsonNode(jsonNode, "accountNonLocked").asBoolean(), authorities); - - if (password.asText(null) == null) { - result.eraseCredentials(); - } - return result; - } - - private JsonNode readJsonNode(JsonNode jsonNode, String field) { - return jsonNode.has(field) ? jsonNode.get(field) : MissingNode.getInstance(); - } -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UserMixin.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UserMixin.java deleted file mode 100644 index 6d4cda3c..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UserMixin.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.jackson2; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; - -/** - * This mixin class helps in serialize/deserialize - * {@link org.springframework.security.core.userdetails.User}. This class also register a - * custom deserializer {@link UserDeserializer} to deserialize User object successfully. - * In order to use this mixin you need to register two more mixin classes in your - * ObjectMapper configuration. - *
    - *
  1. {@link SimpleGrantedAuthorityMixin}
    2. - *
  2. {@link UnmodifiableSetMixin}
    3. - *
- * 
- *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new CoreJackson2Module());
- *
- * - * @author Jitendra Singh - * @see UserDeserializer - * @see CoreJackson2Module - * @see SecurityJacksonModules - * @since 4.2 - */ -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY) -@JsonDeserialize(using = UserDeserializer.class) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(ignoreUnknown = true) -abstract class UserMixin { -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java deleted file mode 100644 index bf5bc5a2..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.jackson2; - -import java.io.IOException; -import java.util.List; - -import com.fasterxml.jackson.core.JsonParser; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.core.type.TypeReference; -import com.fasterxml.jackson.databind.DeserializationContext; -import com.fasterxml.jackson.databind.JsonDeserializer; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.node.MissingNode; - -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.userdetails.User; - -/** - * Custom deserializer for {@link UsernamePasswordAuthenticationToken}. At the time of - * deserialization it will invoke suitable constructor depending on the value of - * authenticated property. It will ensure that the token's state must not change. - *

- * This deserializer is already registered with - * {@link UsernamePasswordAuthenticationTokenMixin} but you can also registered it with - * your own mixin class. - * - * @author Jitendra Singh - * @see UsernamePasswordAuthenticationTokenMixin - */ -class UsernamePasswordAuthenticationTokenDeserializer - extends JsonDeserializer { - - /** - * This method construct {@link UsernamePasswordAuthenticationToken} object from - * serialized json. - * @param jp the JsonParser - * @param ctxt the DeserializationContext - * @return the user - * @throws IOException if a exception during IO occurs - * @throws JsonProcessingException if an error during JSON processing occurs - */ - @Override - public UsernamePasswordAuthenticationToken deserialize(JsonParser jp, - DeserializationContext ctxt) throws IOException, JsonProcessingException { - UsernamePasswordAuthenticationToken token = null; - ObjectMapper mapper = (ObjectMapper) jp.getCodec(); - JsonNode jsonNode = mapper.readTree(jp); - Boolean authenticated = readJsonNode(jsonNode, "authenticated").asBoolean(); - JsonNode principalNode = readJsonNode(jsonNode, "principal"); - Object principal = null; - if (principalNode.isObject()) { - principal = mapper.readValue(principalNode.toString(), - new TypeReference() { - }); - } - else { - principal = principalNode.asText(); - } - Object credentials = readJsonNode(jsonNode, "credentials").asText(); - List authorities = mapper.readValue( - readJsonNode(jsonNode, "authorities").toString(), - new TypeReference>() { - }); - if (authenticated) { - token = new UsernamePasswordAuthenticationToken(principal, credentials, - authorities); - } - else { - token = new UsernamePasswordAuthenticationToken(principal, credentials); - } - token.setDetails(readJsonNode(jsonNode, "details")); - return token; - } - - private JsonNode readJsonNode(JsonNode jsonNode, String field) { - return jsonNode.has(field) ? jsonNode.get(field) : MissingNode.getInstance(); - } -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java deleted file mode 100644 index b323c1a0..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.jackson2; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; - -/** - * This mixin class is used to serialize / deserialize - * {@link org.springframework.security.authentication.UsernamePasswordAuthenticationToken} - * . This class register a custom deserializer - * {@link UsernamePasswordAuthenticationTokenDeserializer}. - * - * In order to use this mixin you'll need to add 3 more mixin classes. - *

    - *
  1. {@link UnmodifiableSetMixin}
    2. - *
  2. {@link SimpleGrantedAuthorityMixin}
    3. - *
  3. {@link UserMixin}
    4. - *
- * - * 
- *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new CoreJackson2Module());
- *
- * @author Jitendra Singh - * @see CoreJackson2Module - * @see SecurityJacksonModules - * @since 4.2 - */ -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class") -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonDeserialize(using = UsernamePasswordAuthenticationTokenDeserializer.class) -abstract class UsernamePasswordAuthenticationTokenMixin { -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/package-info.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/package-info.java deleted file mode 100644 index 0c2a3a9f..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/jackson2/package-info.java +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Mix-in classes to add Jackson serialization support. - * - * @author Jitendra Singh - * @since 4.2 - */ -package org.springframework.security.jackson2; - -/** - * Package contains Jackson mixin classes. - */ diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java deleted file mode 100644 index ed31fe4f..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.web.jackson2; - -import java.io.IOException; - -import javax.servlet.http.Cookie; - -import com.fasterxml.jackson.core.JsonParser; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.DeserializationContext; -import com.fasterxml.jackson.databind.JsonDeserializer; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.node.MissingNode; -import com.fasterxml.jackson.databind.node.NullNode; - -/** - * Jackson deserializer for {@link Cookie}. This is needed because in most cases we don't - * set {@link Cookie#getDomain()} property. So when jackson deserialize that json - * {@link Cookie#setDomain(String)} throws {@link NullPointerException}. This is - * registered with {@link CookieMixin} but you can also use it with your own mixin. - * - * @author Jitendra Singh - * @see CookieMixin - */ -class CookieDeserializer extends JsonDeserializer { - - @Override - public Cookie deserialize(JsonParser jp, DeserializationContext ctxt) - throws IOException, JsonProcessingException { - ObjectMapper mapper = (ObjectMapper) jp.getCodec(); - JsonNode jsonNode = mapper.readTree(jp); - Cookie cookie = new Cookie(readJsonNode(jsonNode, "name").asText(), - readJsonNode(jsonNode, "value").asText()); - cookie.setComment(readJsonNode(jsonNode, "comment").asText()); - cookie.setDomain(readJsonNode(jsonNode, "domain").asText()); - cookie.setMaxAge(readJsonNode(jsonNode, "maxAge").asInt(-1)); - cookie.setSecure(readJsonNode(jsonNode, "secure").asBoolean()); - cookie.setVersion(readJsonNode(jsonNode, "version").asInt()); - cookie.setPath(readJsonNode(jsonNode, "path").asText()); - cookie.setHttpOnly(readJsonNode(jsonNode, "httpOnly").asBoolean()); - return cookie; - } - - private JsonNode readJsonNode(JsonNode jsonNode, String field) { - return jsonNode.has(field) && !(jsonNode.get(field) instanceof NullNode) - ? jsonNode.get(field) : MissingNode.getInstance(); - } -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java deleted file mode 100644 index 2ffb20f6..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.web.jackson2; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; - -/** - * Mixin class to serialize/deserialize {@link javax.servlet.http.Cookie} - * - * 
- *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new WebJackson2Module());
- *
- * - * @author Jitendra Singh - * @see WebJackson2Module - * @see org.springframework.security.jackson2.SecurityJacksonModules - * @since 4.2 - */ -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY) -@JsonDeserialize(using = CookieDeserializer.class) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, isGetterVisibility = JsonAutoDetect.Visibility.NONE) -abstract class CookieMixin { -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixin.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixin.java deleted file mode 100644 index 7fb64292..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixin.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.web.jackson2; - -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -/** - * Jackson mixin class to serialize/deserialize - * {@link org.springframework.security.web.csrf.DefaultCsrfToken} serialization support. - * - * 
- * 		ObjectMapper mapper = new ObjectMapper();
- *		mapper.registerModule(new WebJackson2Module());
- *
- * - * @author Jitendra Singh - * @see WebJackson2Module - * @see org.springframework.security.jackson2.SecurityJacksonModules - * @since 4.2 - */ -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class") -@JsonIgnoreProperties(ignoreUnknown = true) -class DefaultCsrfTokenMixin { - - /** - * JsonCreator constructor needed by Jackson to create - * {@link org.springframework.security.web.csrf.DefaultCsrfToken} object. - * - * @param headerName the name of the header - * @param parameterName the parameter name - * @param token the CSRF token value - */ - @JsonCreator - DefaultCsrfTokenMixin(@JsonProperty("headerName") String headerName, - @JsonProperty("parameterName") String parameterName, - @JsonProperty("token") String token) { - } -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestBuilder.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestBuilder.java deleted file mode 100644 index 9c0966e1..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestBuilder.java +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.web.jackson2; - -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; - -import org.springframework.security.web.savedrequest.DefaultSavedRequest; - -/** - * Spring Security 4.2 will support saved request. - * - * @author Rob Winch - */ -@JsonIgnoreProperties(ignoreUnknown = true) -public class DefaultSavedRequestBuilder { - - public DefaultSavedRequest build() { - return null; - } -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java deleted file mode 100644 index 16db2f96..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.web.jackson2; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; - -import org.springframework.security.web.savedrequest.DefaultSavedRequest; - -/** - * Jackson mixin class to serialize/deserialize {@link DefaultSavedRequest}. This mixin - * use {@link org.springframework.security.web.savedrequest.DefaultSavedRequest.Builder} - * to deserialized json.In order to use this mixin class you also need to register - * {@link CookieMixin}. - *

- * 

- *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new WebJackson2Module());
- *
- * - * @author Jitendra Singh - * @see WebJackson2Module - * @see org.springframework.security.jackson2.SecurityJacksonModules - * @since 4.2 - */ -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY) -@JsonDeserialize(builder = DefaultSavedRequestBuilder.class) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE) -abstract class DefaultSavedRequestMixin { -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java deleted file mode 100644 index f0cdd7f5..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.web.jackson2; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -/** - * Jackson mixin class to serialize/deserialize - * {@link org.springframework.security.web.savedrequest.SavedCookie} serialization - * support. - * - * 
- * 		ObjectMapper mapper = new ObjectMapper();
- *		mapper.registerModule(new WebJackson2Module());
- *
- * - * @author Jitendra Singh. - * @see WebJackson2Module - * @see org.springframework.security.jackson2.SecurityJacksonModules - * @since 4.2 - */ -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE) -@JsonIgnoreProperties(ignoreUnknown = true) -abstract class SavedCookieMixin { - - @JsonCreator - SavedCookieMixin(@JsonProperty("name") String name, - @JsonProperty("value") String value, @JsonProperty("comment") String comment, - @JsonProperty("domain") String domain, @JsonProperty("maxAge") int maxAge, - @JsonProperty("path") String path, @JsonProperty("secure") boolean secure, - @JsonProperty("version") int version) { - - } -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java deleted file mode 100644 index e65b9470..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.web.jackson2; - -import com.fasterxml.jackson.annotation.JsonAutoDetect; -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - -/** - * Jackson mixin class to serialize/deserialize - * {@link org.springframework.security.web.authentication.WebAuthenticationDetails}. - * - * 
- * 	ObjectMapper mapper = new ObjectMapper();
- *	mapper.registerModule(new WebJackson2Module());
- *
- * - * @author Jitendra Singh - * @see WebJackson2Module - * @see org.springframework.security.jackson2.SecurityJacksonModules - * @since 4.2 - */ -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY) -@JsonIgnoreProperties(ignoreUnknown = true) -@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.ANY) -class WebAuthenticationDetailsMixin { - - @JsonCreator - WebAuthenticationDetailsMixin(@JsonProperty("remoteAddress") String remoteAddress, - @JsonProperty("sessionId") String sessionId) { - } -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java deleted file mode 100644 index 5a86502d..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.web.jackson2; - -import javax.servlet.http.Cookie; - -import com.fasterxml.jackson.core.Version; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.module.SimpleModule; - -import org.springframework.security.jackson2.SecurityJacksonModules; -import org.springframework.security.web.authentication.WebAuthenticationDetails; -import org.springframework.security.web.csrf.DefaultCsrfToken; -import org.springframework.security.web.savedrequest.DefaultSavedRequest; -import org.springframework.security.web.savedrequest.SavedCookie; - -/** - * Jackson module for spring-security-web. This module register {@link CookieMixin}, - * {@link DefaultCsrfTokenMixin}, {@link DefaultSavedRequestMixin} and - * {@link WebAuthenticationDetailsMixin}. If no default typing enabled by default then - * it'll enable it because typing info is needed to properly serialize/deserialize - * objects. In order to use this module just add this module into your ObjectMapper - * configuration. - * - * 
- *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new WebJackson2Module());
- *
Note: use {@link SecurityJacksonModules#getModules(ClassLoader)} to get list - * of all security modules. - * - * @author Jitendra Singh - * @see SecurityJacksonModules - */ -public class WebJackson2Module extends SimpleModule { - - public WebJackson2Module() { - super(WebJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null)); - } - - @Override - public void setupModule(SetupContext context) { - SecurityJacksonModules.enableDefaultTyping((ObjectMapper) context.getOwner()); - context.setMixInAnnotations(Cookie.class, CookieMixin.class); - context.setMixInAnnotations(SavedCookie.class, SavedCookieMixin.class); - context.setMixInAnnotations(DefaultCsrfToken.class, DefaultCsrfTokenMixin.class); - context.setMixInAnnotations(DefaultSavedRequest.class, - DefaultSavedRequestMixin.class); - context.setMixInAnnotations(WebAuthenticationDetails.class, - WebAuthenticationDetailsMixin.class); - } -} diff --git a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/package-info.java b/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/package-info.java deleted file mode 100644 index f65eabb7..00000000 --- a/samples/httpsession-redis-json/src/main/java/org/springframework/security/web/jackson2/package-info.java +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright 2014-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * Mix-in classes to provide Jackson serialization support. - * - * @author Jitendra Singh - * @since 4.2 - */ -package org.springframework.security.web.jackson2;