diff --git a/web/src/main/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixIn.java b/web/src/main/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixIn.java index 463995af933..4fff7ffdc41 100644 --- a/web/src/main/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixIn.java +++ b/web/src/main/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixIn.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,15 +29,15 @@ * Jackson mixin class to serialize/deserialize {@link SwitchUserGrantedAuthority}. * * @author Markus Heiden - * @since 5.8 + * @since 6.3 * @see WebServletJackson2Module * @see org.springframework.security.jackson2.SecurityJackson2Modules */ -@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY) -@JsonIgnoreProperties(ignoreUnknown = true) +@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS) @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE) -public abstract class SwitchUserGrantedAuthorityMixIn { +@JsonIgnoreProperties(ignoreUnknown = true) +abstract class SwitchUserGrantedAuthorityMixIn { @JsonCreator SwitchUserGrantedAuthorityMixIn(@JsonProperty("role") String role, @JsonProperty("source") Authentication source) { diff --git a/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java b/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java index f2c9d46f76c..70b098e4fed 100644 --- a/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java +++ b/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 the original author or authors. + * Copyright 2015-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,12 +27,12 @@ import org.springframework.security.web.savedrequest.SavedCookie; /** - * Jackson module for spring-security-web related to servlet. This module register - * {@link CookieMixin}, {@link SavedCookieMixin}, {@link DefaultSavedRequestMixin} and - * {@link WebAuthenticationDetailsMixin}. If no default typing enabled by default then - * it'll enable it because typing info is needed to properly serialize/deserialize - * objects. In order to use this module just add this module into your ObjectMapper - * configuration. + * Jackson module for spring-security-web related to servlet. This module registers + * {@link CookieMixin}, {@link SavedCookieMixin}, {@link DefaultSavedRequestMixin}, + * {@link WebAuthenticationDetailsMixin}, and {@link SwitchUserGrantedAuthorityMixIn}. If + * no default typing is enabled by default then it will be enabled, because typing info is + * needed to properly serialize/deserialize objects. In order to use this module just add + * this module into your ObjectMapper configuration. * *
  *     ObjectMapper mapper = new ObjectMapper();
diff --git a/web/src/test/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixInTest.java b/web/src/test/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixInTests.java
similarity index 83%
rename from web/src/test/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixInTest.java
rename to web/src/test/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixInTests.java
index 29694717315..703811658c6 100644
--- a/web/src/test/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixInTest.java
+++ b/web/src/test/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixInTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,9 +31,9 @@
 
 /**
  * @author Markus Heiden
- * @since 5.8
+ * @since 6.3
  */
-public class SwitchUserGrantedAuthorityMixInTest extends AbstractMixinTests {
+public class SwitchUserGrantedAuthorityMixInTests extends AbstractMixinTests {
 
 	// language=JSON
 	private static final String SWITCH_JSON = """
@@ -50,25 +50,24 @@ public class SwitchUserGrantedAuthorityMixInTest extends AbstractMixinTests {
 				}
 			}
 			""".formatted(SimpleGrantedAuthorityMixinTests.AUTHORITIES_ARRAYLIST_JSON);
-	SwitchUserGrantedAuthority expected;
 
-	Authentication source;
+	private Authentication source;
 
 	@BeforeEach
-	public void setupExpected() {
+	public void setUp() {
 		this.source = new UsernamePasswordAuthenticationToken("principal", "credentials",
 				AuthorityUtils.createAuthorityList("ROLE_USER"));
-		this.expected = new SwitchUserGrantedAuthority("switched", this.source);
 	}
 
 	@Test
 	public void serializeWhenPrincipalCredentialsAuthoritiesThenSuccess() throws Exception {
-		String serializedJson = this.mapper.writeValueAsString(this.expected);
+		SwitchUserGrantedAuthority expected = new SwitchUserGrantedAuthority("switched", this.source);
+		String serializedJson = this.mapper.writeValueAsString(expected);
 		JSONAssert.assertEquals(SWITCH_JSON, serializedJson, true);
 	}
 
 	@Test
-	public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws Exception {
+	public void deserializeWhenSourceIsUsernamePasswordAuthenticationTokenThenSuccess() throws Exception {
 		SwitchUserGrantedAuthority deserialized = this.mapper.readValue(SWITCH_JSON, SwitchUserGrantedAuthority.class);
 		assertThat(deserialized).isNotNull();
 		assertThat(deserialized.getAuthority()).isEqualTo("switched");