-
Notifications
You must be signed in to change notification settings - Fork 6.1k
Add Jackson Support for Objects stored in HttpSession #3812
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Changes from all commits
Commits
Show all changes
64 commits
Select commit
Hold shift + click to select a range
3a6e5be
JSONAssert version property added
jitendra-bisht 434feed
Jackson and JSONAssert dependencies added
jitendra-bisht cb29035
Jackson2 package added to add mix-in classes for web module
jitendra-bisht 130729d
DefaultCsrfTokenMixin added
jitendra-bisht 774e6fa
DefaultCsrfTokenMixin tests added
jitendra-bisht a28b65b
Jackson and jsonassert dependencies added
jitendra-bisht a9393d3
Jackson2 package added to add jackson mixin classes for this module
jitendra-bisht 614cb5b
SimpleGrantedAuthorityMixin class added
jitendra-bisht 731d232
Mixin added for WebAuthenticationDetails
jitendra-bisht f808de2
Builder class added with private Constructor
jitendra-bisht 79353ce
Mixin added for DefaultSavedRequest
jitendra-bisht 30f42b7
Http Cookie mixins and Deserializer added
jitendra-bisht 16a9104
SecurityContext Tests added
jitendra-bisht 715065c
UsernamePasswordAuthenticationToken mixins, deserializer and test added
jitendra-bisht a2c41de
User mixin, deserializer and tests added
jitendra-bisht 0df66e4
Unmodifiable tests added
jitendra-bisht bb95f25
Mixin and Tests added for SimpleGrantedAuthority
jitendra-bisht 1d94aed
Private Constructor added to enabled enable deserialization support
jitendra-bisht aeb8cb1
AbstractMixinTests added with default ObjectMapper
jitendra-bisht 3e6fcfa
Mixin and tests added for RememberMeAuthenticationToken
jitendra-bisht 14906c9
static methods added to help in building objects hashKey based Authen…
jitendra-bisht e8c176a
Private constructor added in AnonymousAuthenticationToken to enable j…
jitendra-bisht 5625231
Jackson and JSONAssert dependencies added in cas module
jitendra-bisht 4460f23
Private constructor added to enable jackson deserialization support
jitendra-bisht d113906
Mixin and tests added for CasAuthenticationToken
jitendra-bisht e867ce5
Mix-ins added for AssertionImpl and AttributePrincipalImpl classes us…
jitendra-bisht 9cc1a37
Mix-in and tests added for AnonymousAuthenticationToken
jitendra-bisht b16da66
License header added and indentation changed to tab
jitendra-bisht 26d4e26
License header added and indentation changed to tab
jitendra-bisht d6d4658
Space indentation removed to tab
jitendra-bisht 1cd5a70
Space indentation removed from UserMixin
jitendra-bisht 0039850
Code formatted single spaces removed added tab indentation
jitendra-bisht 7f576ca
Documentation added for mixin classes in cas module
jitendra-bisht 9afb364
No need of constructor because Deserializer is already registered
jitendra-bisht 993188b
Documentation added in core module mixin classes
jitendra-bisht 04f9c55
Constructor removed because CookieDeserializer already registered
jitendra-bisht 005e263
Documentation added for web module jackson mixin classes
jitendra-bisht 86ac453
Package name corrected
jitendra-bisht f625580
extra space removed from docs
jitendra-bisht 3d4b84f
Ignore unknown properties configuration added in DefaultSavedRequests…
jitendra-bisht da104e8
Removed unused import
jitendra-bisht 9fe6ba7
Jackson SimpleModules added in core, web and cas module
jitendra-bisht effd806
Licence header added in Core and Web Jackson module
jitendra-bisht 3a96358
javadoc @since 4.2 added in new class / methods / constructors
jitendra-bisht 4bc98c6
Constructor parameter changed
jitendra-bisht 043459e
extractHashKey method moved from AbstractAuthenticationToken to child…
jitendra-bisht 785a6b9
Json autodetect info updated, fields visibility marked any to ensure …
jitendra-bisht f3d0649
Mixin added for SavedCookie class
jitendra-bisht 257c3bd
Externalized ObjectMapper configuration and tests updated
jitendra-bisht a5e7cd8
Externalized ObjectMapper configuration and updated tests in web and …
jitendra-bisht 1f78c78
SecurityJacksonModules class added to auto register spring security m…
jitendra-bisht 625282b
Naming convention corrected for security module classes
jitendra-bisht 40eedcf
test classes renamed as per project's naming convention
jitendra-bisht 4c84918
tests added when eraseCredential() invoked
jitendra-bisht 74f48f1
tests refactored
jitendra-bisht c2c152b
JavaDocs updated
jeetmp3 97af1c3
Unused imports removed
jeetmp3 3cb4be4
addModules() added to get list of security modules
jeetmp3 08323a9
extra logs removed
jeetmp3 efffa78
typo fixed in variable name
jeetmp3 9e7e2cb
httpOnly field name fixed in CookieDeserializer
jeetmp3 731c147
Merge branch 'gh-3812'
jeetmp3 b35f44a
registerModules method replaced with getModules
jeetmp3 971ad4b
Merge branch 'gh-3812'
jeetmp3 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
62 changes: 62 additions & 0 deletions
62
cas/src/main/java/org/springframework/security/cas/jackson2/AssertionImplMixin.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
/* | ||
* Copyright 2015-2016 the original author or authors. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.springframework.security.cas.jackson2; | ||
|
||
import com.fasterxml.jackson.annotation.*; | ||
import org.jasig.cas.client.authentication.AttributePrincipal; | ||
|
||
import java.util.Date; | ||
import java.util.Map; | ||
|
||
/** | ||
* Helps in jackson deserialization of class {@link org.jasig.cas.client.validation.AssertionImpl}, which is | ||
* used with {@link org.springframework.security.cas.authentication.CasAuthenticationToken}. | ||
* To use this class we need to register with {@link com.fasterxml.jackson.databind.ObjectMapper}. Type information | ||
* will be stored in @class property. | ||
* <p> | ||
* <pre> | ||
* ObjectMapper mapper = new ObjectMapper(); | ||
* mapper.registerModule(new CasJackson2Module()); | ||
* </pre> | ||
* | ||
* | ||
* @author Jitendra Singh | ||
* @see CasJackson2Module | ||
* @see org.springframework.security.jackson2.SecurityJacksonModules | ||
* @since 4.2 | ||
*/ | ||
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY) | ||
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, | ||
getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE) | ||
@JsonIgnoreProperties(ignoreUnknown = true) | ||
public class AssertionImplMixin { | ||
|
||
/** | ||
* Mixin Constructor helps in deserialize {@link org.jasig.cas.client.validation.AssertionImpl} | ||
* | ||
* @param principal the Principal to associate with the Assertion. | ||
* @param validFromDate when the assertion is valid from. | ||
* @param validUntilDate when the assertion is valid to. | ||
* @param authenticationDate when the assertion is authenticated. | ||
* @param attributes the key/value pairs for this attribute. | ||
*/ | ||
@JsonCreator | ||
public AssertionImplMixin(@JsonProperty("principal") AttributePrincipal principal, | ||
@JsonProperty("validFromDate") Date validFromDate, @JsonProperty("validUntilDate") Date validUntilDate, | ||
@JsonProperty("authenticationDate") Date authenticationDate, @JsonProperty("attributes") Map<String, Object> attributes){ | ||
} | ||
} |
58 changes: 58 additions & 0 deletions
58
cas/src/main/java/org/springframework/security/cas/jackson2/AttributePrincipalImplMixin.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
/* | ||
* Copyright 2015-2016 the original author or authors. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.springframework.security.cas.jackson2; | ||
|
||
import com.fasterxml.jackson.annotation.*; | ||
import org.jasig.cas.client.proxy.ProxyRetriever; | ||
|
||
import java.util.Map; | ||
|
||
/** | ||
* Helps in deserialize {@link org.jasig.cas.client.authentication.AttributePrincipalImpl} which is used with | ||
* {@link org.springframework.security.cas.authentication.CasAuthenticationToken}. Type information will be stored | ||
* in property named @class. | ||
* <p> | ||
* <pre> | ||
* ObjectMapper mapper = new ObjectMapper(); | ||
* mapper.registerModule(new CasJackson2Module()); | ||
* </pre> | ||
* | ||
* @author Jitendra Singh | ||
* @see CasJackson2Module | ||
* @see org.springframework.security.jackson2.SecurityJacksonModules | ||
* @since 4.2 | ||
*/ | ||
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY) | ||
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, | ||
isGetterVisibility = JsonAutoDetect.Visibility.NONE) | ||
@JsonIgnoreProperties(ignoreUnknown = true) | ||
public class AttributePrincipalImplMixin { | ||
|
||
/** | ||
* Mixin Constructor helps in deserialize {@link org.jasig.cas.client.authentication.AttributePrincipalImpl} | ||
* | ||
* @param name the unique identifier for the principal. | ||
* @param attributes the key/value pairs for this principal. | ||
* @param proxyGrantingTicket the ticket associated with this principal. | ||
* @param proxyRetriever the ProxyRetriever implementation to call back to the CAS server. | ||
*/ | ||
@JsonCreator | ||
public AttributePrincipalImplMixin(@JsonProperty("name") String name, @JsonProperty("attributes") Map<String, Object> attributes, | ||
@JsonProperty("proxyGrantingTicket") String proxyGrantingTicket, | ||
@JsonProperty("proxyRetriever") ProxyRetriever proxyRetriever) { | ||
} | ||
} |
77 changes: 77 additions & 0 deletions
77
cas/src/main/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixin.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
/* | ||
* Copyright 2015-2016 the original author or authors. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.springframework.security.cas.jackson2; | ||
|
||
import com.fasterxml.jackson.annotation.*; | ||
import org.jasig.cas.client.validation.Assertion; | ||
import org.springframework.security.cas.authentication.CasAuthenticationProvider; | ||
import org.springframework.security.cas.authentication.CasAuthenticationToken; | ||
import org.springframework.security.core.GrantedAuthority; | ||
import org.springframework.security.core.userdetails.UserDetails; | ||
|
||
import java.util.Collection; | ||
|
||
/** | ||
* Mixin class which helps in deserialize {@link org.springframework.security.cas.authentication.CasAuthenticationToken} | ||
* using jackson. Two more dependent classes needs to register along with this mixin class. | ||
* <ol> | ||
* <li>{@link org.springframework.security.cas.jackson2.AssertionImplMixin}</li> | ||
* <li>{@link org.springframework.security.cas.jackson2.AttributePrincipalImplMixin}</li> | ||
* </ol> | ||
* | ||
* <p> | ||
* | ||
* <pre> | ||
* ObjectMapper mapper = new ObjectMapper(); | ||
* mapper.registerModule(new CasJackson2Module()); | ||
* </pre> | ||
* | ||
* @author Jitendra Singh | ||
* @see CasJackson2Module | ||
* @see org.springframework.security.jackson2.SecurityJacksonModules | ||
* @since 4.2 | ||
*/ | ||
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY) | ||
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, isGetterVisibility = JsonAutoDetect.Visibility.NONE, | ||
getterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.ANY) | ||
@JsonIgnoreProperties(ignoreUnknown = true) | ||
public class CasAuthenticationTokenMixin { | ||
|
||
/** | ||
* Mixin Constructor helps in deserialize {@link CasAuthenticationToken} | ||
* | ||
* @param keyHash hashCode of provided key to identify if this object made by a given | ||
* {@link CasAuthenticationProvider} | ||
* @param principal typically the UserDetails object (cannot be <code>null</code>) | ||
* @param credentials the service/proxy ticket ID from CAS (cannot be | ||
* <code>null</code>) | ||
* @param authorities the authorities granted to the user (from the | ||
* {@link org.springframework.security.core.userdetails.UserDetailsService}) (cannot | ||
* be <code>null</code>) | ||
* @param userDetails the user details (from the | ||
* {@link org.springframework.security.core.userdetails.UserDetailsService}) (cannot | ||
* be <code>null</code>) | ||
* @param assertion the assertion returned from the CAS servers. It contains the | ||
* principal and how to obtain a proxy ticket for the user. | ||
*/ | ||
@JsonCreator | ||
public CasAuthenticationTokenMixin(@JsonProperty("keyHash") Integer keyHash, @JsonProperty("principal") Object principal, | ||
@JsonProperty("credentials") Object credentials, | ||
@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities, | ||
@JsonProperty("userDetails") UserDetails userDetails, @JsonProperty("assertion") Assertion assertion) { | ||
} | ||
} |
56 changes: 56 additions & 0 deletions
56
cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
/* | ||
* Copyright 2015-2016 the original author or authors. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.springframework.security.cas.jackson2; | ||
|
||
import com.fasterxml.jackson.core.Version; | ||
import com.fasterxml.jackson.databind.ObjectMapper; | ||
import com.fasterxml.jackson.databind.module.SimpleModule; | ||
import org.jasig.cas.client.authentication.AttributePrincipalImpl; | ||
import org.jasig.cas.client.validation.AssertionImpl; | ||
import org.springframework.security.cas.authentication.CasAuthenticationToken; | ||
import org.springframework.security.jackson2.SecurityJacksonModules; | ||
|
||
/** | ||
* Jackson module for spring-security-cas. This module register {@link AssertionImplMixin}, | ||
* {@link AttributePrincipalImplMixin} and {@link CasAuthenticationTokenMixin}. If no default typing enabled by default then | ||
* it'll enable it because typing info is needed to properly serialize/deserialize objects. In order to use this module just | ||
* add this module into your ObjectMapper configuration. | ||
* | ||
* <pre> | ||
* ObjectMapper mapper = new ObjectMapper(); | ||
* mapper.registerModule(new CasJackson2Module()); | ||
* </pre> | ||
* <b>Note: use {@link SecurityJacksonModules#getModules()} to get list of all security modules.</b> | ||
* | ||
* @author Jitendra Singh. | ||
* @see org.springframework.security.jackson2.SecurityJacksonModules | ||
* @since 4.2 | ||
*/ | ||
public class CasJackson2Module extends SimpleModule { | ||
|
||
public CasJackson2Module() { | ||
super(CasJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null)); | ||
} | ||
|
||
@Override | ||
public void setupModule(SetupContext context) { | ||
SecurityJacksonModules.enableDefaultTyping((ObjectMapper) context.getOwner()); | ||
context.setMixInAnnotations(AssertionImpl.class, AssertionImplMixin.class); | ||
context.setMixInAnnotations(AttributePrincipalImpl.class, AttributePrincipalImplMixin.class); | ||
context.setMixInAnnotations(CasAuthenticationToken.class, CasAuthenticationTokenMixin.class); | ||
} | ||
} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add
@since 4.2
to all new methods / constructors / classes