Skip to content

Commit fd660f1

Browse files
qwerty7878qwerty7878
committed
fix: add allowIfSubType for URL and Instant in OAuth2ClientJacksonModule
Signed-off-by: hyeonjune <annhj980@naver.com>
1 parent 7c9cecc commit fd660f1

2 files changed

Lines changed: 36 additions & 1 deletion

File tree

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson/OAuth2ClientJacksonModule.java

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,9 @@
1616

1717
package org.springframework.security.oauth2.client.jackson;
1818

19+
import java.net.URL;
20+
import java.time.Instant;
21+
1922
import tools.jackson.core.Version;
2023
import tools.jackson.databind.jsontype.BasicPolymorphicTypeValidator;
2124

@@ -94,7 +97,9 @@ public void configurePolymorphicTypeValidator(BasicPolymorphicTypeValidator.Buil
9497
.allowIfSubType(OAuth2RefreshToken.class)
9598
.allowIfSubType(OAuth2AuthenticationToken.class)
9699
.allowIfSubType(OidcUserAuthority.class)
97-
.allowIfSubType(OAuth2UserAuthority.class);
100+
.allowIfSubType(OAuth2UserAuthority.class)
101+
.allowIfSubType(URL.class)
102+
.allowIfSubType(Instant.class);
98103
}
99104

100105
@Override

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson/OAuth2AuthenticationTokenMixinTests.java

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,11 +16,14 @@
1616

1717
package org.springframework.security.oauth2.client.jackson;
1818

19+
import java.net.URL;
1920
import java.time.Instant;
2021
import java.util.ArrayList;
2122
import java.util.Collection;
2223
import java.util.Collections;
24+
import java.util.HashMap;
2325
import java.util.List;
26+
import java.util.Map;
2427
import java.util.stream.Collectors;
2528

2629
import com.fasterxml.jackson.datatype.jsr310.DecimalUtils;
@@ -171,6 +174,33 @@ public void deserializeWhenRequiredAttributesOnlyThenDeserializes() throws Excep
171174
assertThat(principal.getUserInfo()).isNull();
172175
}
173176

177+
@Test
178+
public void deserializeWhenClaimsContainUrlAndInstantThenDeserializes() throws Exception {
179+
Map<String, Object> claims = new HashMap<>();
180+
Instant issuedAt = Instant.now();
181+
Instant expiresAt = issuedAt.plusSeconds(3600);
182+
claims.put(IdTokenClaimNames.ISS, new URL("http://localhost/issuer"));
183+
claims.put(IdTokenClaimNames.SUB, "subject");
184+
claims.put(IdTokenClaimNames.IAT, issuedAt);
185+
claims.put(IdTokenClaimNames.EXP, expiresAt);
186+
187+
OidcIdToken idToken = new OidcIdToken("id-token", issuedAt, expiresAt, claims);
188+
Collection<GrantedAuthority> authorities =
189+
Collections.singleton(new OidcUserAuthority(idToken));
190+
DefaultOidcUser principal = new DefaultOidcUser(authorities, idToken);
191+
OAuth2AuthenticationToken authentication =
192+
new OAuth2AuthenticationToken(principal, authorities, "registration-id");
193+
194+
String json = this.mapper.writeValueAsString(authentication);
195+
OAuth2AuthenticationToken deserialized =
196+
this.mapper.readValue(json, OAuth2AuthenticationToken.class);
197+
198+
assertThat(deserialized).isNotNull();
199+
DefaultOidcUser deserializedUser = (DefaultOidcUser) deserialized.getPrincipal();
200+
assertThat(deserializedUser.getIdToken().getClaims())
201+
.containsKey(IdTokenClaimNames.ISS);
202+
}
203+
174204
private static String asJson(OAuth2AuthenticationToken authentication) {
175205
String principalJson = (authentication.getPrincipal() instanceof DefaultOidcUser)
176206
? asJson((DefaultOidcUser) authentication.getPrincipal())

0 commit comments

Comments
 (0)