Skip to content

Deserialize details field in UsernamePasswordAuthenticationToken #7660

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Dec 18, 2019
Merged

Deserialize details field in UsernamePasswordAuthenticationToken #7660

merged 3 commits into from
Dec 18, 2019

Conversation

buzzerrookie
Copy link
Contributor

Before this commit, the details field was set to a JsonNode, but now it is deserialized correctly.

Fixes gh-7482

@buzzerrookie
Deserialize details field in UsernamePasswordAuthenticationToken
c370acd 
Before this commit, the details field was set to a JsonNode, but now it is deserialized correctly.

Fixes gh-7482
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Nov 20, 2019
@eleftherias eleftherias self-assigned this Nov 27, 2019
eleftherias
eleftherias suggested changes Dec 13, 2019
View reviewed changes
Copy link
Contributor

@eleftherias eleftherias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a test for the scenario that this commit fixes.
The test should go in the class UsernamePasswordAuthenticationTokenMixinTests.

@eleftherias eleftherias added in: core An issue in spring-security-core status: waiting-for-feedback We need additional information before we can continue type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 13, 2019
@eleftherias eleftherias added the type: breaks-passivity A change that breaks passivity with the previous release label Dec 18, 2019
@eleftherias eleftherias merged commit f18d0fd into spring-projects:master Dec 18, 2019
@eleftherias eleftherias added this to the 5.3.0.M1 milestone Dec 18, 2019
@eleftherias
Copy link
Contributor

Thanks for the PR @buzzerrookie! This is now merged into master.

@eleftherias eleftherias removed the status: waiting-for-feedback We need additional information before we can continue label Dec 18, 2019
@reda-alaoui
Copy link

reda-alaoui commented Dec 19, 2019
edited
Loading

Hi @eleftherias ,

Could you back-port this to 5.2 branch ?

@buzzerrookie
Copy link
Contributor Author

@reda-alaoui You can add a mixin which uses the right UsernamePasswordAuthenticationTokenDeserializer to replace the default.

@Bean
public RedisSerializer<Object> springSessionDefaultRedisSerializer() {
    ObjectMapper mapper = new ObjectMapper();
    mapper.registerModules(new CoreJackson2Module(), new WebJackson2Module());
    mapper.addMixIn(UsernamePasswordAuthenticationToken.class, UsernamePasswordAuthenticationTokenMixin.class);
    return new GenericJackson2JsonRedisSerializer(mapper);
}

In the code above, UsernamePasswordAuthenticationTokenMixin is your own mixin using the right UsernamePasswordAuthenticationTokenDeserializer.

@eleftherias
Copy link
Contributor

Thanks for providing a workaround @buzzerrookie.
@reda-alaoui I will not be backporting this fix because it is not passive.

@eleftherias eleftherias added status: duplicate A duplicate of another issue and removed type: enhancement A general enhancement labels Dec 27, 2019
@buzzerrookie buzzerrookie deleted the gh-7482 branch December 29, 2019 03:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eleftherias eleftherias Awaiting requested review from eleftherias

Assignees

@eleftherias eleftherias

Labels
in: core An issue in spring-security-core status: duplicate A duplicate of another issue type: breaks-passivity A change that breaks passivity with the previous release
Projects
None yet
Milestone
5.3.0.M1
Development

Successfully merging this pull request may close these issues.

UsernamePasswordAuthenticationTokenDeserializer doesn't deserialize details to correct type
4 participants
@buzzerrookie @eleftherias @reda-alaoui @spring-projects-issues