1 月之前 · 743817fc15
--- a/core/src/main/java/org/springframework/security/jackson/AuthorizationProxyMixin.java
+++ b/core/src/main/java/org/springframework/security/jackson/AuthorizationProxyMixin.java
@@ -0,0 +1,33 @@
 
															+/*
														
 
															+ * Copyright 2004-present the original author or authors.
														
 
															+ *
														
 
															+ * Licensed under the Apache License, Version 2.0 (the "License");
														
 
															+ * you may not use this file except in compliance with the License.
														
 
															+ * You may obtain a copy of the License at
														
 
															+ *
														
 
															+ *      https://www.apache.org/licenses/LICENSE-2.0
														
 
															+ *
														
 
															+ * Unless required by applicable law or agreed to in writing, software
														
 
															+ * distributed under the License is distributed on an "AS IS" BASIS,
														
 
															+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
														
 
															+ * See the License for the specific language governing permissions and
														
 
															+ * limitations under the License.
														
 
															+ */
														
 
															+
														
 
															+package org.springframework.security.jackson;
														
 
															+
														
 
															+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
														
 
															+
														
 
															+import org.springframework.security.authorization.method.AuthorizationProxy;
														
 
															+
														
 
															+/**
														
 
															+ * Jackson configurations for objects that extend {@link AuthorizationProxy}
														
 
															+ *
														
 
															+ * @author Josh Cummings
														
 
															+ * @since 7.0
														
 
															+ * @see org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory
														
 
															+ */
														
 
															+@JsonIgnoreProperties("callbacks")
														
 
															+class AuthorizationProxyMixin {
														
 
															+
														
 
															+}
														
--- a/core/src/main/java/org/springframework/security/jackson/CoreJacksonModule.java
+++ b/core/src/main/java/org/springframework/security/jackson/CoreJacksonModule.java
@@ -29,6 +29,7 @@ import org.springframework.security.authentication.BadCredentialsException;
 
															 import org.springframework.security.authentication.RememberMeAuthenticationToken;
														
 
															 import org.springframework.security.authentication.TestingAuthenticationToken;
														
 
															 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
														
 
															+import org.springframework.security.authorization.method.AuthorizationProxy;
														
 
															 import org.springframework.security.core.authority.FactorGrantedAuthority;
														
 
															 import org.springframework.security.core.authority.SimpleGrantedAuthority;
														
 
															 import org.springframework.security.core.context.SecurityContextImpl;
														
@@ -108,6 +109,7 @@ public class CoreJacksonModule extends SecurityJacksonModule {
 
															 		context.setMixIn(UsernamePasswordAuthenticationToken.class, UsernamePasswordAuthenticationTokenMixin.class);
														
 
															 		context.setMixIn(TestingAuthenticationToken.class, TestingAuthenticationTokenMixin.class);
														
 
															 		context.setMixIn(BadCredentialsException.class, BadCredentialsExceptionMixin.class);
														
 
															+		context.setMixIn(AuthorizationProxy.class, AuthorizationProxyMixin.class);
														
 
															 	}
														
 
															 }
														
--- a/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java
@@ -34,7 +34,6 @@ import java.util.TreeSet;
 
															 import java.util.function.Supplier;
														
 
															 import java.util.stream.Stream;
														
 
															-import org.junit.jupiter.api.Disabled;
														
 
															 import org.junit.jupiter.api.Test;
														
 
															 import tools.jackson.databind.json.JsonMapper;
														
@@ -50,6 +49,7 @@ import org.springframework.security.authorization.method.AuthorizationAdvisorPro
 
															 import org.springframework.security.authorization.method.AuthorizationProxy;
														
 
															 import org.springframework.security.core.Authentication;
														
 
															 import org.springframework.security.core.context.SecurityContextHolder;
														
 
															+import org.springframework.security.jackson.CoreJacksonModule;
														
 
															 import static org.assertj.core.api.Assertions.assertThat;
														
 
															 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
														
@@ -340,15 +340,13 @@ public class AuthorizationAdvisorProxyFactoryTests {
 
															 		assertThat(factory.proxy(35)).isEqualTo(35);
														
 
															 	}
														
 
															-	// TODO Find why callbacks property is serialized with Jackson 3, not with Jackson 2
														
 
															-	// FIXME: https://github.com/spring-projects/spring-security/issues/18077
														
 
															-	@Disabled("callbacks property is serialized with Jackson 3, not with Jackson 2")
														
 
															 	@Test
														
 
															 	public void serializeWhenAuthorizationProxyObjectThenOnlyIncludesProxiedProperties() {
														
 
															 		SecurityContextHolder.getContext().setAuthentication(this.admin);
														
 
															 		AuthorizationAdvisorProxyFactory factory = AuthorizationAdvisorProxyFactory.withDefaults();
														
 
															 		User user = proxy(factory, this.alan);
														
 
															-		JsonMapper mapper = new JsonMapper();
														
 
															+		// gh-18077
														
 
															+		JsonMapper mapper = JsonMapper.builder().addModule(new CoreJacksonModule()).build();
														
 
															 		String serialized = mapper.writeValueAsString(user);
														
 
															 		Map<String, Object> properties = mapper.readValue(serialized, Map.class);
														
 
															 		assertThat(properties).hasSize(3).containsKeys("id", "firstName", "lastName");