Skip to content

Add Jackson Support for Objects stored in HttpSession #3736

Closed
@rwinch

Description

@rwinch

It would be nice to provide custom serialization mechanism that uses Jackson for objects Spring Security places in session. This would make serializing much faster and ensure consistency when using things like Spring Session. Some of the interfaces (and classes) are:

  • SecurityContext (SecurityContextImpl)
  • Authentication (various implementations of it)
  • UserDetails (User)
  • CsrfToken (DefaultCsrfToken)
  • SavedRequest (DefaultSavedRequest)

We might also try to provide compression on the serialization. For example when UserDetails is the principal of an Authentication, we can derive a UsernamePasswordAuthenticationToken from the UserDetails and assume SecurityContextImpl is used.

UPDATE spring-projects/spring-session#434 has must of the support we would need for this feature. We may want to merge those changes into Spring Security

Metadata

Metadata

Assignees

Labels

in: casAn issue in spring-security-casin: coreAn issue in spring-security-corein: webAn issue in web modules (web, webmvc)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions