Mix-ins added for Jackson Serialization/deserialization

Fixes gh-434

Author: jitendra-bisht

samples/httpsession-redis-json/build.gradle

@@ -0,0 +1,68 @@
+buildscript {
+    repositories {
+        mavenCentral()
+    }
+    dependencies {
+        classpath("org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion")
+    }
+}
+
+apply plugin: 'spring-boot'
+
+apply from: JAVA_GRADLE
+
+//tasks.findByPath("artifactoryPublish")?.enabled = false
+
+group = 'samples'
+ext {
+    jsonassertVersion="1.3.0"
+    assertjVersion = "2.4.0"
+}
+
+dependencies {
+    compile project(':spring-session'),
+            "org.springframework.boot:spring-boot-starter-redis",
+            "org.springframework.boot:spring-boot-starter-web",
+            "org.springframework.boot:spring-boot-starter-thymeleaf",
+            "nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect",
+            "org.springframework.security:spring-security-web:$springSecurityVersion",
+            "org.springframework.security:spring-security-core:$springSecurityVersion",
+            "org.springframework.security:spring-security-config:$springSecurityVersion",
+            "org.apache.httpcomponents:httpclient"
+
+    testCompile "org.springframework.boot:spring-boot-starter-test",
+            "org.assertj:assertj-core:$assertjVersion"
+    testCompile "org.skyscreamer:jsonassert:$jsonassertVersion"
+    testCompile "org.assertj:assertj-core:$assertjVersion"
+    integrationTestCompile gebDependencies,
+            "org.spockframework:spock-spring:$spockVersion"
+
+}
+//
+integrationTest {
+    doFirst {
+        def port = reservePort()
+
+        def host = 'localhost:' + port
+        systemProperties['geb.build.baseUrl'] = 'http://'+host+'/'
+        systemProperties['geb.build.reportsDir'] = 'build/geb-reports'
+        systemProperties['server.port'] = port
+        systemProperties['management.port'] = 0
+
+        systemProperties['spring.session.redis.namespace'] = project.name
+    }
+    jvmArgs "-XX:-UseSplitVerifier"
+}
+
+integrationTest {
+    testLogging {
+        events "passed", "skipped", "failed"
+    }
+}
+
+def reservePort() {
+    def socket = new ServerSocket(0)
+    def result = socket.localPort
+    socket.close()
+    result
+}

samples/httpsession-redis-json/src/integration-test/groovy/samples/HttpRedisJsonTest.groovy

@@ -0,0 +1,55 @@
+package samples
+
+import geb.spock.GebSpec
+import org.springframework.boot.test.IntegrationTest
+import org.springframework.boot.test.SpringApplicationContextLoader
+import org.springframework.test.context.ContextConfiguration
+import org.springframework.test.context.web.WebAppConfiguration
+import sample.Application
+import samples.pages.HomePage
+import samples.pages.LoginPage
+import samples.pages.SetAttributePage
+import spock.lang.Stepwise
+
+/**
+ * @author jitendra on 15/3/16.
+ */
+@Stepwise
+@ContextConfiguration(classes = Application, loader = SpringApplicationContextLoader)
+@WebAppConfiguration
+@IntegrationTest
+class HttpRedisJsonTest extends GebSpec {
+
+    def 'login page test'() {
+        when:
+        to LoginPage
+        then:
+        at LoginPage
+    }
+
+    def "Unauthenticated user sent to login page"() {
+        when:
+        via HomePage
+        then:
+        at LoginPage
+    }
+
+    def "Successful Login test"() {
+        when:
+        login()
+        then:
+        at HomePage
+        driver.manage().cookies.find {it.name == "SESSION"}
+        !driver.manage().cookies.find {it.name == "JSESSIONID"}
+    }
+
+    def "Set and get attributes in session"() {
+        when:
+        setAttribute("Demo Key", "Demo Value")
+
+        then:
+        at SetAttributePage
+        tdKey()*.text().contains("Demo Key")
+        tdKey()*.text().contains("Demo Value")
+    }
+}

samples/httpsession-redis-json/src/integration-test/groovy/samples/pages/HomePage.groovy

@@ -0,0 +1,24 @@
+package samples.pages
+
+import geb.Page
+
+/**
+ * @author jitendra on 15/3/16.
+ */
+class HomePage extends Page {
+    static url = "/"
+
+    static at = {
+        driver.title == "Spring Session Sample - Home"
+    }
+
+    static content = {
+        form { $('form') }
+        submit { $('button[type=submit]') }
+        setAttribute(required: false) { key = 'project', value = 'SessionRedisJson' ->
+            form.key = key
+            form.value = value
+            submit.click(SetAttributePage)
+        }
+    }
+}

samples/httpsession-redis-json/src/integration-test/groovy/samples/pages/LoginPage.groovy

@@ -0,0 +1,25 @@
+package samples.pages
+
+import geb.Page
+
+/**
+ * @author jitendra on 15/3/16.
+ */
+class LoginPage extends Page {
+    static url = "/login"
+
+    static at = {
+        assert title == "Spring Session Sample - Login"
+        return true
+    }
+
+    static content = {
+        form { $('form') }
+        submit { $('button[type=submit]') }
+        login(required: false) { user = 'user', pass = 'password' ->
+            form.username = user
+            form.password = pass
+            submit.click(HomePage)
+        }
+    }
+}

samples/httpsession-redis-json/src/integration-test/groovy/samples/pages/SetAttributePage.groovy

@@ -0,0 +1,18 @@
+package samples.pages
+
+import geb.Page
+
+/**
+ * @author jitendra on 15/3/16.
+ */
+class SetAttributePage extends Page {
+    static url = "/setValue"
+
+    static at = {
+        title == "Spring Session Sample - Home"
+    }
+
+    static content = {
+        tdKey { $('td') }
+    }
+}

samples/httpsession-redis-json/src/integration-test/java/samples/RedisSerializerTest.java

@@ -0,0 +1,31 @@
+package samples;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import sample.Application;
+
+import static org.springframework.util.Assert.notNull;
+import static org.junit.Assert.*;
+
+/**
+ * @author jitendra on 8/3/16.
+ */
+@RunWith(SpringJUnit4ClassRunner.class)
+@SpringApplicationConfiguration(Application.class)
+public class RedisSerializerTest {
+
+    @Autowired
+    RedisTemplate sessionRedisTemplate;
+
+    @Test
+    public void testRedisTemplate() {
+        notNull(sessionRedisTemplate);
+        notNull(sessionRedisTemplate.getDefaultSerializer());
+        assertTrue(sessionRedisTemplate.getDefaultSerializer() instanceof GenericJackson2JsonRedisSerializer);
+    }
+}

samples/httpsession-redis-json/src/integration-test/java/samples/mixins/MixinsDeserilizeTest.java

@@ -0,0 +1,134 @@
+package samples.mixins;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
+import org.springframework.data.redis.serializer.SerializationException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+import org.springframework.security.web.csrf.DefaultCsrfToken;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import sample.Application;
+
+import javax.servlet.http.Cookie;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author jitendra on 28/3/16.
+ */
+@RunWith(SpringJUnit4ClassRunner.class)
+@SpringApplicationConfiguration(Application.class)
+public class MixinsDeserilizeTest {
+
+    @Autowired
+    GenericJackson2JsonRedisSerializer redisSerializer;
+
+    @Test
+    public void defaultCsrfTokenMixin() {
+        String tokenJson = "{\"@class\": \"org.springframework.security.web.csrf.DefaultCsrfToken\", \"token\": \"123456\", \"parameterName\": \"_csrf\", \"headerName\": \"x-csrf-header\"}";
+        DefaultCsrfToken token = redisSerializer.deserialize(tokenJson.getBytes(), DefaultCsrfToken.class);
+        assertThat(token)
+                .hasFieldOrPropertyWithValue("token", "123456")
+                .hasFieldOrPropertyWithValue("parameterName", "_csrf")
+                .hasFieldOrPropertyWithValue("headerName", "x-csrf-header");
+    }
+
+    @Test
+    public void httpCookieTest() {
+        String httpCookie = "{\"@class\": \"javax.servlet.http.Cookie\", \"name\": \"SESSION\", \"value\": \"123456789\", \"maxAge\": 1000, \"path\": \"/\", \"secure\": true, \"version\": 0, \"httpOnly\": true}";
+        Cookie cookie = redisSerializer.deserialize(httpCookie.getBytes(), Cookie.class);
+        assertThat(cookie).hasFieldOrPropertyWithValue("name", "SESSION")
+                .hasFieldOrPropertyWithValue("value", "123456789")
+                .hasFieldOrPropertyWithValue("secure", true)
+                .hasFieldOrPropertyWithValue("comment", "")
+                .hasFieldOrPropertyWithValue("path", "/")
+                .hasFieldOrPropertyWithValue("maxAge", 1000)
+                .hasFieldOrPropertyWithValue("httpOnly", true);
+    }
+
+    @Test(expected = SerializationException.class)
+    public void simpleGrantedAuthorityWithoutTypeIdTest() {
+        String authorityJson = "{\"authority\": \"ROLE_USER\"}";
+        SimpleGrantedAuthority authority = redisSerializer.deserialize(authorityJson.getBytes(), SimpleGrantedAuthority.class);
+        assertThat(authority.getAuthority()).isEqualTo("ROLE_USER");
+    }
+
+    @Test
+    public void simpleGrantedAuthorityWithTypeIdTest() {
+        String authorityJson = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"role\": \"ROLE_USER\"}";
+        SimpleGrantedAuthority authority = redisSerializer.deserialize(authorityJson.getBytes(), SimpleGrantedAuthority.class);
+        assertThat(authority.getAuthority()).isEqualTo("ROLE_USER");
+    }
+
+    @Test
+    public void userTest() {
+        String userJson = "{\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"user\", \"password\": \"password\", \"authorities\": [\"java.util.Collections$UnmodifiableSet\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"role\": \"ROLE_USER\"}]], \"accountNonExpired\": true, \"accountNonLocked\": true, \"credentialsNonExpired\": true, \"enabled\": true}";
+        User user = redisSerializer.deserialize(userJson.getBytes(), User.class);
+        assertThat(user.getUsername()).isEqualTo("user");
+        assertThat(user.getPassword()).isEqualTo("password");
+        assertThat(user.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_USER"));
+        assertThat(user.isEnabled()).isEqualTo(true);
+        assertThat(user.isAccountNonExpired()).isEqualTo(true);
+        assertThat(user.isAccountNonLocked()).isEqualTo(true);
+        assertThat(user.isCredentialsNonExpired()).isEqualTo(true);
+    }
+
+    @Test
+    public void unauthenticatedUsernamePasswordAuthenticationTokenTest() {
+        String unauthenticatedTokenJson = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," +
+                "\"principal\": \"user\", \"credentials\": \"password\", \"details\": null, \"authorities\": [\"java.util.ArrayList\", []]," +
+                "\"authenticated\": false}";
+        UsernamePasswordAuthenticationToken token = redisSerializer.deserialize(unauthenticatedTokenJson.getBytes(), UsernamePasswordAuthenticationToken.class);
+        assertThat(token.getPrincipal()).isEqualTo("user");
+        assertThat(token.getCredentials()).isEqualTo("password");
+        assertThat(token.isAuthenticated()).isEqualTo(false);
+        assertThat(token.getAuthorities()).hasSize(0);
+    }
+
+    @Test
+    public void unauthenticatedUsernamePasswordAuthenticationTokenWithUserAsPrincipalTest() {
+        String unauthenticatedTokenJson = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," +
+                "\"principal\": {\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"user\", \"password\": \"password\", " +
+                "\"authorities\": [\"java.util.Collections$UnmodifiableSet\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\"," +
+                " \"role\": \"ROLE_USER\"}]], \"accountNonExpired\": true, \"accountNonLocked\": true, \"credentialsNonExpired\": true, \"enabled\": true}, " +
+                "\"credentials\": \"password\", \"details\": null, \"authorities\": [\"java.util.ArrayList\", []], \"authenticated\": false}";
+        UsernamePasswordAuthenticationToken token = redisSerializer.deserialize(unauthenticatedTokenJson.getBytes(), UsernamePasswordAuthenticationToken.class);
+        assertThat(token.getPrincipal()).isInstanceOf(User.class);
+        User user = (User) token.getPrincipal();
+        assertThat(user.getUsername()).isEqualTo("user");
+        assertThat(user.getPassword()).isEqualTo("password");
+        assertThat(user.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_USER"));
+        assertThat(user.isEnabled()).isEqualTo(true);
+        assertThat(user.isAccountNonExpired()).isEqualTo(true);
+        assertThat(user.isAccountNonLocked()).isEqualTo(true);
+        assertThat(user.isCredentialsNonExpired()).isEqualTo(true);
+    }
+
+    @Test
+    public void authenticatedUsernamePasswordAuthenticationTokenTest() {
+        String unauthenticatedTokenJson = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," +
+                "\"principal\": \"user\", \"credentials\": \"password\", \"details\": null, \"authorities\": [\"java.util.ArrayList\", " +
+                "[{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"role\": \"ROLE_USER\"}]]," +
+                "\"authenticated\": true}";
+        UsernamePasswordAuthenticationToken authenticationToken = redisSerializer.deserialize(unauthenticatedTokenJson.getBytes(), UsernamePasswordAuthenticationToken.class);
+        assertThat(authenticationToken.getPrincipal()).isEqualTo("user");
+        assertThat(authenticationToken.getCredentials()).isEqualTo("password");
+        assertThat(authenticationToken.isAuthenticated()).isEqualTo(true);
+        assertThat(authenticationToken.getAuthorities()).hasSize(1);
+        assertThat(authenticationToken.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_USER"));
+    }
+
+    @Test
+    public void webAuthenticationDetailTest() {
+        String authenticationDetailJson = "{\"@class\": \"org.springframework.security.web.authentication.WebAuthenticationDetails\"," +
+                "\"remoteAddress\": \"http://localhost/login\", \"sessionId\": \"123456789\"}";
+        WebAuthenticationDetails details = redisSerializer.deserialize(authenticationDetailJson.getBytes(), WebAuthenticationDetails.class);
+        assertThat(details.getRemoteAddress()).isEqualTo("http://localhost/login");
+        assertThat(details.getSessionId()).isEqualTo("123456789");
+    }
+}