From c370acd5d2f966027b709cea3723d16980cc2c7f Mon Sep 17 00:00:00 2001
From: Tao Sun <buzzerrookie@hotmail.com>
Date: Wed, 20 Nov 2019 14:55:18 +0800
Subject: [PATCH 1/3] Deserialize details field in
 UsernamePasswordAuthenticationToken

Before this commit, the details field was set to a JsonNode, but now it is deserialized correctly.

Fixes gh-7482
---
 .../UsernamePasswordAuthenticationTokenDeserializer.java       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
index 96ad469f4b0..64a5b4a7b00 100644
--- a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
+++ b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java
@@ -87,7 +87,8 @@ public UsernamePasswordAuthenticationToken deserialize(JsonParser jp, Deserializ
 		if (detailsNode.isNull() || detailsNode.isMissingNode()) {
 			token.setDetails(null);
 		} else {
-			token.setDetails(detailsNode);
+			Object details = mapper.readValue(detailsNode.toString(), new TypeReference<Object>() {});
+			token.setDetails(details);
 		}
 		return token;
 	}

From e5942718d195326805947265dcb6b8971b59e90d Mon Sep 17 00:00:00 2001
From: Tao Sun <buzzerrookie@hotmail.com>
Date: Sat, 14 Dec 2019 11:39:25 +0800
Subject: [PATCH 2/3] Add test for details deserialization

---
 ...amePasswordAuthenticationTokenMixinTests.java | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
index 505c34b3ce2..88184920486 100644
--- a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
@@ -64,6 +64,10 @@ public class UsernamePasswordAuthenticationTokenMixinTests extends AbstractMixin
 		+ "}";
 	// @formatter:on
 
+	// @formatter:off
+	private static final String AUTHENTICATED_STRINGDETAILS_JSON = AUTHENTICATED_JSON.replace("\"details\": null, ", "\"details\": \"details\", ");
+	// @formatter:on
+
 	// @formatter:off
 	private static final String AUTHENTICATED_NON_USER_PRINCIPAL_JSON = AUTHENTICATED_JSON
 		.replace(UserDeserializerTests.USER_JSON, NON_USER_PRINCIPAL_JSON)
@@ -155,6 +159,18 @@ public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithNonUs
 		assertThat(token.getPrincipal()).isNotNull().isInstanceOf(NonUserPrincipal.class);
 	}
 
+	@Test
+	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithDetailsTest() throws IOException {
+		UsernamePasswordAuthenticationToken token = mapper
+				.readValue(AUTHENTICATED_STRINGDETAILS_JSON, UsernamePasswordAuthenticationToken.class);
+		assertThat(token).isNotNull();
+		assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class);
+		assertThat(((User) token.getPrincipal()).getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
+		assertThat(token.isAuthenticated()).isEqualTo(true);
+		assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
+		assertThat(token.getDetails()).isExactlyInstanceOf(String.class);
+	}
+
 	@Test
 	public void serializingThenDeserializingWithNoCredentialsOrDetailsShouldWork() throws IOException {
 		// given

From a05665c603539f6fc33b2e9c351ac1719699951d Mon Sep 17 00:00:00 2001
From: Tao Sun <buzzerrookie@hotmail.com>
Date: Mon, 16 Dec 2019 09:27:07 +0800
Subject: [PATCH 3/3] Test details using isEqualTo

---
 .../jackson2/UsernamePasswordAuthenticationTokenMixinTests.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
index 88184920486..7475476fe62 100644
--- a/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
+++ b/core/src/test/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixinTests.java
@@ -168,7 +168,7 @@ public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithDetai
 		assertThat(((User) token.getPrincipal()).getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
 		assertThat(token.isAuthenticated()).isEqualTo(true);
 		assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
-		assertThat(token.getDetails()).isExactlyInstanceOf(String.class);
+		assertThat(token.getDetails()).isExactlyInstanceOf(String.class).isEqualTo("details");
 	}
 
 	@Test