Add JsonParser utility interface so that JWT can choose one

At runtime Jackson (1) might not be available on the classpath and up to now the JwtAccessTokenConverter relied on it coming from spring-security-jwt transitively. The latest version of that library no longer requires an external JSON parser, so we need a way to choose a converter/parser at runtime. Fixes spring-atticgh-391
arthuman2007 · Feb 19, 2015 · 6620619 · 6620619
1 parent e303652
commit 6620619
Show file tree

Hide file tree

Showing 7 changed files with 179 additions and 7 deletions.
diff --git a/...th2/src/main/java/org/springframework/security/oauth2/common/util/Jackson2JsonParser.java b/...th2/src/main/java/org/springframework/security/oauth2/common/util/Jackson2JsonParser.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2013-2014 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package org.springframework.security.oauth2.common.util;
+
+import java.util.Map;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+
+
+/**
+ * @author Dave Syer
+ *
+ */
+public class Jackson2JsonParser implements JsonParser {
+
+	private ObjectMapper mapper = new ObjectMapper();
+
+	@SuppressWarnings("unchecked")
+	@Override
+	public Map<String, Object> parseMap(String json) {
+		try {
+			return mapper.readValue(json, Map.class);
+		}
+		catch (Exception e) {
+			throw new IllegalArgumentException("Cannot parse json", e);
+		}
+	}
+
+	@Override
+	public String formatMap(Map<String, ?> map) {
+		try {
+			return mapper.writeValueAsString(map);
+		}
+		catch (Exception e) {
+			throw new IllegalArgumentException("Cannot format json", e);
+		}
+	}
+
+}
diff --git a/...uth2/src/main/java/org/springframework/security/oauth2/common/util/JacksonJsonParser.java b/...uth2/src/main/java/org/springframework/security/oauth2/common/util/JacksonJsonParser.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2013-2014 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package org.springframework.security.oauth2.common.util;
+
+import java.util.Map;
+
+import org.codehaus.jackson.map.ObjectMapper;
+
+/**
+ * @author Dave Syer
+ *
+ */
+public class JacksonJsonParser implements JsonParser {
+
+	private ObjectMapper mapper = new ObjectMapper();
+
+	@SuppressWarnings("unchecked")
+	@Override
+	public Map<String, Object> parseMap(String json) {
+		try {
+			return mapper.readValue(json, Map.class);
+		}
+		catch (Exception e) {
+			throw new IllegalArgumentException("Cannot parse json", e);
+		}
+	}
+
+	@Override
+	public String formatMap(Map<String, ?> map) {
+		try {
+			return mapper.writeValueAsString(map);
+		}
+		catch (Exception e) {
+			throw new IllegalArgumentException("Cannot format json", e);
+		}
+	}
+
+}
diff --git a/...rity-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParser.java b/...rity-oauth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParser.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2013-2014 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package org.springframework.security.oauth2.common.util;
+
+import java.util.Map;
+
+/**
+ * @author Dave Syer
+ *
+ */
+public interface JsonParser {
+
+	/**
+	 * Parse the specified JSON string into a Map.
+	 * @param json the JSON to parse
+	 * @return the parsed JSON as a map
+	 */
+	Map<String, Object> parseMap(String json);
+
+	/**
+	 * Convert the Map to JSON
+	 * @param map a map to format
+	 * @return a JSON representation of the map
+	 */
+	String formatMap(Map<String, ?> map);
+
+}
diff --git a/...uth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParserFactory.java b/...uth2/src/main/java/org/springframework/security/oauth2/common/util/JsonParserFactory.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2013-2014 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package org.springframework.security.oauth2.common.util;
+
+import org.springframework.util.ClassUtils;
+
+/**
+ * @author Dave Syer
+ *
+ */
+public class JsonParserFactory {
+
+	public static JsonParser create() {
+		if (ClassUtils.isPresent("com.fasterxml.jackson.databind.ObjectMapper", null)) {
+			return new Jackson2JsonParser();
+		}
+		if (ClassUtils.isPresent("org.codehaus.jackson.map.ObjectMapper", null)) {
+			return new JacksonJsonParser();
+		}
+		throw new IllegalStateException("No Jackson parser found. Please add Jackson to your classpath.");
+	}
+
+}
diff --git a/...ava/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java b/...ava/org/springframework/security/oauth2/provider/token/store/JwtAccessTokenConverter.java
@@ -22,7 +22,6 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.codehaus.jackson.map.ObjectMapper;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.crypto.codec.Base64;
 import org.springframework.security.jwt.Jwt;
@@ -40,6 +39,8 @@
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2RefreshToken;
 import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
+import org.springframework.security.oauth2.common.util.JsonParser;
+import org.springframework.security.oauth2.common.util.JsonParserFactory;
 import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.token.AccessTokenConverter;
@@ -73,7 +74,7 @@ public class JwtAccessTokenConverter implements TokenEnhancer, AccessTokenConver
 
 	private AccessTokenConverter tokenConverter = new DefaultAccessTokenConverter();
 
-	private ObjectMapper objectMapper = new ObjectMapper();
+	private JsonParser objectMapper = JsonParserFactory.create();
 
 	private String verifierKey = new RandomValueStringGenerator().generate();
 
@@ -225,7 +226,7 @@ public boolean isRefreshToken(OAuth2AccessToken token) {
 	protected String encode(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
 		String content;
 		try {
-			content = objectMapper.writeValueAsString(tokenConverter.convertAccessToken(accessToken, authentication));
+			content = objectMapper.formatMap(tokenConverter.convertAccessToken(accessToken, authentication));
 		}
 		catch (Exception e) {
 			throw new IllegalStateException("Cannot convert access token to JSON", e);
@@ -238,8 +239,7 @@ protected Map<String, Object> decode(String token) {
 		try {
 			Jwt jwt = JwtHelper.decodeAndVerify(token, verifier);
 			String content = jwt.getClaims();
-			@SuppressWarnings("unchecked")
-			Map<String, Object> map = objectMapper.readValue(content, Map.class);
+			Map<String, Object> map = objectMapper.parseMap(content);
 			if (map.containsKey(EXP) && map.get(EXP) instanceof Integer) {
 				Integer intValue = (Integer) map.get(EXP);
 				map.put(EXP, new Long(intValue));

diff --git a/tests/annotation/pom.xml b/tests/annotation/pom.xml
@@ -45,7 +45,7 @@
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-jwt</artifactId>
-			<version>1.0.2.RELEASE</version>
+			<version>1.0.3.RELEASE</version>
 		</dependency>
 	</dependencies>
     </dependencyManagement>

diff --git a/tests/xml/pom.xml b/tests/xml/pom.xml
@@ -43,7 +43,7 @@
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-jwt</artifactId>
-			<version>1.0.2.RELEASE</version>
+			<version>1.0.3.RELEASE</version>
 		</dependency>
 	</dependencies>
     </dependencyManagement>