Add conditionally servlet based support for spring security web jackson module.

Author: finke-ba

core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java

@@ -57,6 +57,7 @@
  *     mapper.registerModule(new CoreJackson2Module());
  *     mapper.registerModule(new CasJackson2Module());
  *     mapper.registerModule(new WebJackson2Module());
+ *     mapper.registerModule(new WebServletJackson2Module());
  * </pre>
  *
  * @author Jitendra Singh.
@@ -70,6 +71,8 @@ public final class SecurityJackson2Modules {
 			"org.springframework.security.cas.jackson2.CasJackson2Module",
 			"org.springframework.security.web.jackson2.WebJackson2Module"
 	);
+	private static final String webServletJackson2ModuleClass =
+			"org.springframework.security.web.jackson2.WebServletJackson2Module";
 
 	private SecurityJackson2Modules() {
 	}
@@ -109,14 +112,26 @@ private static Module loadAndGetInstance(String className, ClassLoader loader) {
 	public static List<Module> getModules(ClassLoader loader) {
 		List<Module> modules = new ArrayList<>();
 		for (String className : securityJackson2ModuleClasses) {
-			Module module = loadAndGetInstance(className, loader);
-			if (module != null) {
-				modules.add(module);
-			}
+			addToModulesList(loader, modules, className);
+		}
+		if (ClassUtils.isPresent("javax.servlet.http.Cookie", loader)) {
+			addToModulesList(loader, modules, webServletJackson2ModuleClass);
 		}
 		return modules;
 	}
 
+	/**
+	 * @param loader    the ClassLoader to use
+	 * @param modules   list of the modules to add
+	 * @param className name of the class to instantiate
+	 */
+	private static void addToModulesList(ClassLoader loader, List<Module> modules, String className) {
+		Module module = loadAndGetInstance(className, loader);
+		if (module != null) {
+			modules.add(module);
+		}
+	}
+
 	/**
 	 * Creates a TypeResolverBuilder that performs whitelisting.
 	 * @return a TypeResolverBuilder that performs whitelisting.

web/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java

@@ -25,11 +25,11 @@
  *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new WebJackson2Module());
+ *     mapper.registerModule(new WebServletJackson2Module());
  * </pre>
  *
  * @author Jitendra Singh
- * @see WebJackson2Module
+ * @see WebServletJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
  * @since 4.2
  */

web/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java

@@ -29,11 +29,11 @@
  * <p>
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
- *     mapper.registerModule(new WebJackson2Module());
+ *     mapper.registerModule(new WebServletJackson2Module());
  * </pre>
  *
  * @author Jitendra Singh
- * @see WebJackson2Module
+ * @see WebServletJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
  * @since 4.2
  */

web/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java

@@ -24,11 +24,11 @@
  *
  * <pre>
  * 		ObjectMapper mapper = new ObjectMapper();
- *		mapper.registerModule(new WebJackson2Module());
+ *		mapper.registerModule(new WebServletJackson2Module());
  * </pre>
  *
  * @author Jitendra Singh.
- * @see WebJackson2Module
+ * @see WebServletJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
  * @since 4.2
  */

web/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java

@@ -23,11 +23,11 @@
  *
  * <pre>
  * 	ObjectMapper mapper = new ObjectMapper();
- *	mapper.registerModule(new WebJackson2Module());
+ *	mapper.registerModule(new WebServletJackson2Module());
  * </pre>
  *
  * @author Jitendra Singh
- * @see WebJackson2Module
+ * @see WebServletJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
  * @since 4.2
  */

web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java

@@ -16,23 +16,17 @@
 
 package org.springframework.security.web.jackson2;
 
-import javax.servlet.http.Cookie;
-
 import org.springframework.security.jackson2.SecurityJackson2Modules;
-import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.security.web.csrf.DefaultCsrfToken;
-import org.springframework.security.web.savedrequest.DefaultSavedRequest;
-import org.springframework.security.web.savedrequest.SavedCookie;
 
 import com.fasterxml.jackson.core.Version;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.module.SimpleModule;
 
 /**
- * Jackson module for spring-security-web. This module register {@link CookieMixin},
- * {@link DefaultCsrfTokenMixin}, {@link DefaultSavedRequestMixin} and {@link WebAuthenticationDetailsMixin}. If no
- * default typing enabled by default then it'll enable it because typing info is needed to properly serialize/deserialize objects.
+ * Jackson module for spring-security-web. This module register {@link DefaultCsrfTokenMixin} and
+ * {@link PreAuthenticatedAuthenticationTokenMixin}. If no default typing enabled by default then it'll enable
+ * it because typing info is needed to properly serialize/deserialize objects.
  * In order to use this module just add this module into your ObjectMapper configuration.
  *
  * <pre>
@@ -53,12 +47,8 @@ public WebJackson2Module() {
 
 	@Override
 	public void setupModule(SetupContext context) {
-		SecurityJackson2Modules.enableDefaultTyping((ObjectMapper) context.getOwner());
-		context.setMixInAnnotations(Cookie.class, CookieMixin.class);
-		context.setMixInAnnotations(SavedCookie.class, SavedCookieMixin.class);
+		SecurityJackson2Modules.enableDefaultTyping(context.getOwner());
 		context.setMixInAnnotations(DefaultCsrfToken.class, DefaultCsrfTokenMixin.class);
-		context.setMixInAnnotations(DefaultSavedRequest.class, DefaultSavedRequestMixin.class);
-		context.setMixInAnnotations(WebAuthenticationDetails.class, WebAuthenticationDetailsMixin.class);
 		context.setMixInAnnotations(PreAuthenticatedAuthenticationToken.class, PreAuthenticatedAuthenticationTokenMixin.class);
 	}
 }

web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java

@@ -0,0 +1,59 @@
+/*
+ * Copyright 2015-2016 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.jackson2;
+
+import javax.servlet.http.Cookie;
+
+import org.springframework.security.jackson2.SecurityJackson2Modules;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+import org.springframework.security.web.savedrequest.DefaultSavedRequest;
+import org.springframework.security.web.savedrequest.SavedCookie;
+
+import com.fasterxml.jackson.core.Version;
+import com.fasterxml.jackson.databind.module.SimpleModule;
+
+/**
+ * Jackson module for spring-security-web related to servlet. This module register {@link CookieMixin},
+ * {@link SavedCookieMixin}, {@link DefaultSavedRequestMixin} and {@link WebAuthenticationDetailsMixin}. If no
+ * default typing enabled by default then it'll enable it because typing info is needed to properly serialize/deserialize objects.
+ * In order to use this module just add this module into your ObjectMapper configuration.
+ *
+ * <pre>
+ *     ObjectMapper mapper = new ObjectMapper();
+ *     mapper.registerModule(new WebServletJackson2Module());
+ * </pre>
+ * <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list of all security modules.</b>
+ *
+ * @author Boris Finkelshteyn
+ * @see SecurityJackson2Modules
+ * @since 5.1
+ */
+public class WebServletJackson2Module extends SimpleModule {
+
+	public WebServletJackson2Module() {
+		super(WebJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null));
+	}
+
+	@Override
+	public void setupModule(SetupContext context) {
+		SecurityJackson2Modules.enableDefaultTyping(context.getOwner());
+		context.setMixInAnnotations(Cookie.class, CookieMixin.class);
+		context.setMixInAnnotations(SavedCookie.class, SavedCookieMixin.class);
+		context.setMixInAnnotations(DefaultSavedRequest.class, DefaultSavedRequestMixin.class);
+		context.setMixInAnnotations(WebAuthenticationDetails.class, WebAuthenticationDetailsMixin.class);
+	}
+}