Fix json deserialization of multi-valued authorization request parameters
Closes gh-1666
This commit is contained in:
committed by
Joe Grandja
parent
ab6f4e4186
commit
72d7fb195e
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2020-2022 the original author or authors.
|
||||
* Copyright 2020-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -40,6 +40,7 @@ import org.springframework.security.oauth2.server.authorization.settings.OAuth2T
|
||||
* <li>{@link DurationMixin}</li>
|
||||
* <li>{@link JwsAlgorithmMixin}</li>
|
||||
* <li>{@link OAuth2TokenFormatMixin}</li>
|
||||
* <li>{@link StringArrayMixin}</li>
|
||||
* </ul>
|
||||
*
|
||||
* If not already enabled, default typing will be automatically enabled as type info is
|
||||
@@ -63,6 +64,7 @@ import org.springframework.security.oauth2.server.authorization.settings.OAuth2T
|
||||
* @see DurationMixin
|
||||
* @see JwsAlgorithmMixin
|
||||
* @see OAuth2TokenFormatMixin
|
||||
* @see StringArrayMixin
|
||||
*/
|
||||
public class OAuth2AuthorizationServerJackson2Module extends SimpleModule {
|
||||
|
||||
@@ -82,6 +84,7 @@ public class OAuth2AuthorizationServerJackson2Module extends SimpleModule {
|
||||
context.setMixInAnnotations(SignatureAlgorithm.class, JwsAlgorithmMixin.class);
|
||||
context.setMixInAnnotations(MacAlgorithm.class, JwsAlgorithmMixin.class);
|
||||
context.setMixInAnnotations(OAuth2TokenFormat.class, OAuth2TokenFormatMixin.class);
|
||||
context.setMixInAnnotations(String[].class, StringArrayMixin.class);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -0,0 +1,35 @@
|
||||
/*
|
||||
* Copyright 2020-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.oauth2.server.authorization.jackson2;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonCreator;
|
||||
import com.fasterxml.jackson.annotation.JsonTypeInfo;
|
||||
|
||||
/**
|
||||
* This mixin class is used to serialize/deserialize {@link String} array.
|
||||
*
|
||||
* @author Nikola Jovanovic
|
||||
* @since 1.2.6
|
||||
* @see String
|
||||
*/
|
||||
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
|
||||
abstract class StringArrayMixin {
|
||||
|
||||
@JsonCreator
|
||||
StringArrayMixin(String[] array) {
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2020-2022 the original author or authors.
|
||||
* Copyright 2020-2024 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -43,6 +43,9 @@ public class OAuth2AuthorizationServerJackson2ModuleTests {
|
||||
private static final TypeReference<Set<String>> STRING_SET = new TypeReference<Set<String>>() {
|
||||
};
|
||||
|
||||
private static final TypeReference<String[]> STRING_ARRAY = new TypeReference<String[]>() {
|
||||
};
|
||||
|
||||
private ObjectMapper objectMapper;
|
||||
|
||||
@BeforeEach
|
||||
@@ -73,4 +76,12 @@ public class OAuth2AuthorizationServerJackson2ModuleTests {
|
||||
assertThat(this.objectMapper.readValue(json, STRING_SET)).isEqualTo(set);
|
||||
}
|
||||
|
||||
// gh-1666
|
||||
@Test
|
||||
public void readValueWhenStringArrayThenSuccess() throws Exception {
|
||||
String[] array = new String[] { "one", "two" };
|
||||
String json = this.objectMapper.writeValueAsString(array);
|
||||
assertThat(this.objectMapper.readValue(json, STRING_ARRAY)).isEqualTo(array);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user