Closed
Description
It would be nice to provide custom serialization mechanism that uses Jackson for objects Spring Security places in session. This would make serializing much faster and ensure consistency when using things like Spring Session. Some of the interfaces (and classes) are:
- SecurityContext (SecurityContextImpl)
- Authentication (various implementations of it)
- UserDetails (User)
- CsrfToken (DefaultCsrfToken)
- SavedRequest (DefaultSavedRequest)
We might also try to provide compression on the serialization. For example when UserDetails is the principal of an Authentication, we can derive a UsernamePasswordAuthenticationToken from the UserDetails and assume SecurityContextImpl is used.
UPDATE spring-projects/spring-session#434 has must of the support we would need for this feature. We may want to merge those changes into Spring Security