From 6fd9ff254baa5c90f1260b2c7a645fb9b04929a1 Mon Sep 17 00:00:00 2001 From: Frank Pavageau Date: Fri, 17 Mar 2017 16:50:15 +0100 Subject: [PATCH] Map values directly from the JSON nodes Not only is it more efficient without converting to an intermediate String, using JsonNode.toString() may not even produce valid JSON according to its Javadoc (ObjectMapper.writeValueAsString() should be used). --- .../security/jackson2/UnmodifiableSetDeserializer.java | 4 ++-- .../UsernamePasswordAuthenticationTokenDeserializer.java | 4 ++-- .../PreAuthenticatedAuthenticationTokenDeserializer.java | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java index 73cba239f7..97256a8de0 100644 --- a/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java +++ b/core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java @@ -50,10 +50,10 @@ class UnmodifiableSetDeserializer extends JsonDeserializer { Iterator nodeIterator = arrayNode.iterator(); while (nodeIterator.hasNext()) { JsonNode elementNode = nodeIterator.next(); - resultSet.add(mapper.readValue(elementNode.toString(), Object.class)); + resultSet.add(mapper.readValue(elementNode.traverse(mapper), Object.class)); } } else { - resultSet.add(mapper.readValue(node.toString(), Object.class)); + resultSet.add(mapper.readValue(node.traverse(mapper), Object.class)); } } return Collections.unmodifiableSet(resultSet); diff --git a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java index 450149e9bb..4c86d5a83d 100644 --- a/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java +++ b/core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java @@ -62,13 +62,13 @@ class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer() {}); + principal = mapper.readValue(principalNode.traverse(mapper), new TypeReference() {}); } else { principal = principalNode.asText(); } Object credentials = readJsonNode(jsonNode, "credentials").asText(); List authorities = mapper.readValue( - readJsonNode(jsonNode, "authorities").toString(), new TypeReference>() { + readJsonNode(jsonNode, "authorities").traverse(mapper), new TypeReference>() { }); if (authenticated) { token = new UsernamePasswordAuthenticationToken(principal, credentials, authorities); diff --git a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java index 48f1914436..0a8c0df921 100644 --- a/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java +++ b/web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java @@ -63,13 +63,13 @@ class PreAuthenticatedAuthenticationTokenDeserializer extends JsonDeserializer

() {}); + principal = mapper.readValue(principalNode.traverse(mapper), new TypeReference() {}); } else { principal = principalNode.asText(); } Object credentials = readJsonNode(jsonNode, "credentials").asText(); List authorities = mapper.readValue( - readJsonNode(jsonNode, "authorities").toString(), new TypeReference>() { + readJsonNode(jsonNode, "authorities").traverse(mapper), new TypeReference>() { }); if (authenticated) { token = new PreAuthenticatedAuthenticationToken(principal, credentials, authorities);