Open coldcutter opened 5 years ago
Now i am using GenericFastJsonRedisSerializer, it seems work well..
but i wonder whether this is a bug of GenericJackson2JsonRedisSerializer, if the field type is Object and i put primitive type in it, the jackson will serialize it to an array???
I think you can replace spring security's default UsernamePasswordAuthenticationTokenDeserializer with your own UsernamePasswordAuthenticationTokenDeserializer. No matter what type principal is, just deserialize it as a Object as follows:
Object principal = mapper.readValue(principalNode.traverse(mapper), Object.class);
but i wonder whether this is a bug of GenericJackson2JsonRedisSerializer, if the field type is Object and i put primitive type in it, the jackson will serialize it to an array???
The javadoc of AsPropertyTypeSerializer says:
Type serializer that preferably embeds type information as an additional JSON Object property, if possible (when resulting serialization would use JSON Object). If this is not possible (for JSON Arrays, scalars), uses a JSON Array wrapper (similar to how JsonTypeInfo.As.WRAPPER_ARRAY always works) as a fallback.
When debugging, I find jackson treats Long as a scalar, so a Long field is serialized as the following form:
"principal": [
"java.lang.Long",
1
],
Summary
In a Spring Boot application using both Spring Security and Spring Session (with Redis and GenericJackson2JsonRedisSerializer), a
UsernamePasswordAuthenticationToken
with java.lang.Long(such as userId) as the principal can be serialized, but deserialized value is emptyActual Behavior
deserialize value is empty string
Expected Behavior
the Long value as i stored
Configuration
Version
Spring Boot: 2.1.0.RELEASE Spring Security: 5.1.1.RELEASE Spring Session: 2.1.1.RELEASE
Sample
The content stored in redis:
the deserialize object printed is:
the magic is in UsernamePasswordAuthenticationTokenDeserializer's deserialize method:
because the principal serialized is an array, the principalNode is a Jackson's ArrayNode, the asText() method return "".