Unable to extend or modify ObjectMapper

[davideanderson]

I am trying to use JacksonMongoSessionConverter (in Spring Session MongoDB version 2.0.2.RELEASE) to serialize my sessions.

However, I keep getting the following exception:

Caused by: java.lang.IllegalArgumentException: The class with java.util.LinkedHashMap and name of java.util.LinkedHashMap is not whitelisted. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See spring-projects/spring-security#4370 for details

Unfortunately, despite the fact that the exception indicates that I should provide a mixin, the implementation of JacksonMongoSessionConverter prevents me from doing so due to the fact that the ObjectMapper is inaccessible. The property is private, and the method to build it is also private.

Expected behavior

Provide a mechanism for adding a mixin to the ObjectMapper or enable Default typing on the ObjectMapper.

I suggest making either the buildObjectMapper() protected so it can be overridden, or the objectMapper property be made protected, or provide a constructor where an external objectMapper can be provided.

Thanks.

[rougou]

I had/have the same issue. I was able to get it to work as follows, though I'm not sure if this is the right approach or a hack. It would be more straightforward to have access to the ObjectMapper as you said.

	@Bean
	public JacksonMongoSessionConverter sessionConverter() {
		List<Module> modules = new ArrayList<Module>();
		SimpleModule module = new SimpleModule();
		module.setMixInAnnotation(MyClass.class, MyClassMixin.class);
		module.setMixInAnnotation(HashSet.class, HashSetMixin.class);
		modules.add(module);
		return new JacksonMongoSessionConverter(modules);
	}

	private static class MyClassMixin{}

	private static class HashSetMixin {}

Somewhat related to spring-projects/spring-session#913.