|
| 1 | +/* |
| 2 | + * Copyright 2015-2016 the original author or authors. |
| 3 | + * |
| 4 | + * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | + * you may not use this file except in compliance with the License. |
| 6 | + * You may obtain a copy of the License at |
| 7 | + * |
| 8 | + * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | + * |
| 10 | + * Unless required by applicable law or agreed to in writing, software |
| 11 | + * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | + * See the License for the specific language governing permissions and |
| 14 | + * limitations under the License. |
| 15 | + */ |
| 16 | + |
| 17 | +package org.springframework.security.web.jackson2; |
| 18 | + |
| 19 | +import java.io.IOException; |
| 20 | +import java.util.List; |
| 21 | + |
| 22 | +import org.springframework.security.core.GrantedAuthority; |
| 23 | +import org.springframework.security.core.userdetails.User; |
| 24 | +import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; |
| 25 | + |
| 26 | +import com.fasterxml.jackson.core.JsonParser; |
| 27 | +import com.fasterxml.jackson.core.JsonProcessingException; |
| 28 | +import com.fasterxml.jackson.core.type.TypeReference; |
| 29 | +import com.fasterxml.jackson.databind.DeserializationContext; |
| 30 | +import com.fasterxml.jackson.databind.JsonDeserializer; |
| 31 | +import com.fasterxml.jackson.databind.JsonNode; |
| 32 | +import com.fasterxml.jackson.databind.ObjectMapper; |
| 33 | +import com.fasterxml.jackson.databind.node.MissingNode; |
| 34 | + |
| 35 | +/** |
| 36 | + * Custom deserializer for {@link PreAuthenticatedAuthenticationToken}. At the time of deserialization |
| 37 | + * it will invoke suitable constructor depending on the value of <b>authenticated</b> property. |
| 38 | + * It will ensure that the token's state must not change. |
| 39 | + * <p> |
| 40 | + * This deserializer is already registered with {@link PreAuthenticatedAuthenticationTokenMixin} but |
| 41 | + * you can also registered it with your own mixin class. |
| 42 | + * |
| 43 | + * @author Jitendra Singh |
| 44 | + * @see PreAuthenticatedAuthenticationTokenMixin |
| 45 | + * @since 4.2 |
| 46 | + */ |
| 47 | +class PreAuthenticatedAuthenticationTokenDeserializer extends JsonDeserializer<PreAuthenticatedAuthenticationToken> { |
| 48 | + |
| 49 | + /** |
| 50 | + * This method construct {@link PreAuthenticatedAuthenticationToken} object from serialized json. |
| 51 | + * @param jp the JsonParser |
| 52 | + * @param ctxt the DeserializationContext |
| 53 | + * @return the user |
| 54 | + * @throws IOException if a exception during IO occurs |
| 55 | + * @throws JsonProcessingException if an error during JSON processing occurs |
| 56 | + */ |
| 57 | + @Override |
| 58 | + public PreAuthenticatedAuthenticationToken deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException { |
| 59 | + PreAuthenticatedAuthenticationToken token = null; |
| 60 | + ObjectMapper mapper = (ObjectMapper) jp.getCodec(); |
| 61 | + JsonNode jsonNode = mapper.readTree(jp); |
| 62 | + Boolean authenticated = readJsonNode(jsonNode, "authenticated").asBoolean(); |
| 63 | + JsonNode principalNode = readJsonNode(jsonNode, "principal"); |
| 64 | + Object principal = null; |
| 65 | + if(principalNode.isObject()) { |
| 66 | + principal = mapper.readValue(principalNode.toString(), new TypeReference<User>() {}); |
| 67 | + } else { |
| 68 | + principal = principalNode.asText(); |
| 69 | + } |
| 70 | + Object credentials = readJsonNode(jsonNode, "credentials").asText(); |
| 71 | + List<GrantedAuthority> authorities = mapper.readValue( |
| 72 | + readJsonNode(jsonNode, "authorities").toString(), new TypeReference<List<GrantedAuthority>>() { |
| 73 | + }); |
| 74 | + if (authenticated) { |
| 75 | + token = new PreAuthenticatedAuthenticationToken(principal, credentials, authorities); |
| 76 | + } else { |
| 77 | + token = new PreAuthenticatedAuthenticationToken(principal, credentials); |
| 78 | + } |
| 79 | + token.setDetails(readJsonNode(jsonNode, "details")); |
| 80 | + return token; |
| 81 | + } |
| 82 | + |
| 83 | + private JsonNode readJsonNode(JsonNode jsonNode, String field) { |
| 84 | + return jsonNode.has(field) ? jsonNode.get(field) : MissingNode.getInstance(); |
| 85 | + } |
| 86 | +} |
0 commit comments