Skip to content

Add Jackson Module for Spring Session #2305

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
marcusdacoregio opened this issue May 30, 2023 · 4 comments
Open

Add Jackson Module for Spring Session #2305

marcusdacoregio opened this issue May 30, 2023 · 4 comments
Assignees
@marcusdacoregio
Labels
in: core type: enhancement A general enhancement

Comments

@marcusdacoregio
Copy link
Contributor

marcusdacoregio commented May 30, 2023
edited
Loading

Since Spring Session defines its own types to be serialized and, therefore, has different needs than Spring Security, we should provide a Jackson Module that registers the required mixins.

See:
@marcusdacoregio marcusdacoregio self-assigned this May 30, 2023
@marcusdacoregio marcusdacoregio added this to the 3.2.0-M1 milestone May 30, 2023
This was referenced May 30, 2023
Closed
Closed
@marcusdacoregio marcusdacoregio modified the milestones: 3.2.0-M1, 3.2.0, 3.2.0-RC1 Jul 18, 2023
@marcusdacoregio marcusdacoregio removed this from the 3.2.0-RC1 milestone Oct 16, 2023
@leshalv
Copy link

leshalv commented Nov 23, 2023

When will the plan come into operation?

@czp3009
Copy link

czp3009 commented Oct 8, 2024

any news?

@amontenegro
Copy link

Any news on this one?

@ningbing
Copy link

Any news now? The error is still happen:

java.lang.IllegalArgumentException: The class with org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken and name of org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See spring-projects/spring-security#4370 for details
at org.springframework.security.jackson2.SecurityJackson2Modules$AllowlistTypeIdResolver.typeFromId(SecurityJackson2Modules.java:285) ~[spring-security-core-6.3.3.jar:6.3.3]
at com.fasterxml.jackson.databind.jsontype.impl.TypeDeserializerBase._findDeserializer(TypeDeserializerBase.java:159) ~[jackson-databind-2.17.2.jar:2.17.2]
at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer._deserializeTypedForId(AsPropertyTypeDeserializer.java:151) ~[jackson-databind-2.17.2.jar:2.17.2]
at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer.deserializeTypedFromObject(AsPropertyTypeDeserializer.java:136) ~[jackson-databind-2.17.2.jar:2.17.2]
at com.fasterxml.jackson.databind.deser.AbstractDeserializer.deserializeWithType(AbstractDeserializer.java:263) ~[jackson-databind-2.17.2.jar:2.17.2]
at com.fasterxml.jackson.databind.deser.impl.TypeWrappedDeserializer.deserialize(TypeWrappedDeserializer.java:74) ~[jackson-databind-2.17.2.jar:2.17.2]
at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:342) ~[jackson-databind-2.17.2.jar:2.17.2]
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4905) ~[jackson-databind-2.17.2.jar:2.17.2]
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3909) ~[jackson-databind-2.17.2.jar:2.17.2]
at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:50) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:67) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.getSecurityContext(ContextHolderAuthenticationResolverFilter.java:74) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.invoke(ContextHolderAuthenticationResolverFilter.java:61) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:349) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.filter.GenericFilter.invoke(GenericFilter.java:222) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:349) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.protocol.tri.h12.HttpContextFilter.invoke(HttpContextFilter.java:38) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:349) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.filter.ClassLoaderFilter.invoke(ClassLoaderFilter.java:54) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:349) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.filter.EchoFilter.invoke(EchoFilter.java:41) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:349) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.metrics.filter.MetricsFilter.invoke(MetricsFilter.java:86) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.metrics.filter.MetricsProviderFilter.invoke(MetricsProviderFilter.java:37) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:349) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.tracing.filter.ObservationReceiverFilter.invoke(ObservationReceiverFilter.java:59) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:349) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.filter.ProfilerServerFilter.invoke(ProfilerServerFilter.java:66) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:349) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.filter.ContextFilter.invoke(ContextFilter.java:191) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:349) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:197) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.rpc.protocol.dubbo.DubboProtocol$1.reply(DubboProtocol.java:167) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.remoting.exchange.support.header.HeaderExchangeHandler.handleRequest(HeaderExchangeHandler.java:110) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.remoting.exchange.support.header.HeaderExchangeHandler.received(HeaderExchangeHandler.java:205) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.remoting.transport.DecodeHandler.received(DecodeHandler.java:52) ~[dubbo-3.3.0.jar:3.3.0]
at org.apache.dubbo.remoting.transport.dispatcher.ChannelEventRunnable.run(ChannelEventRunnable.java:64) ~[dubbo-3.3.0.jar:3.3.0]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) ~[na:na]
at org.apache.dubbo.common.threadlocal.InternalRunnable.run(InternalRunnable.java:39) ~[dubbo-3.3.0.jar:3.3.0]
at java.base/java.lang.Thread.run(Thread.java:1583) ~[na:na]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
in: core type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@amontenegro @ningbing @marcusdacoregio @czp3009 @leshalv