/** * This method will create {@link User} object. It will ensure successful object creation even if password key is null in * serialized json, because credentials may be removed from the {@link User} by invoking {@link User#eraseCredentials()}. * In that case there won't be any password key in serialized json. * * @param jp the JsonParser * @param ctxt the DeserializationContext * @return the user * @throws IOException if a exception during IO occurs * @throws JsonProcessingException if an error during JSON processing occurs */ @Override public User deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException { ObjectMapper mapper = (ObjectMapper) jp.getCodec(); JsonNode jsonNode = mapper.readTree(jp); Set<GrantedAuthority> authorities = mapper.convertValue(jsonNode.get("authorities"), new TypeReference<Set<SimpleGrantedAuthority>>() { }); JsonNode password = readJsonNode(jsonNode, "password"); User result = new User( readJsonNode(jsonNode, "username").asText(), password.asText(""), readJsonNode(jsonNode, "enabled").asBoolean(), readJsonNode(jsonNode, "accountNonExpired").asBoolean(), readJsonNode(jsonNode, "credentialsNonExpired").asBoolean(), readJsonNode(jsonNode, "accountNonLocked").asBoolean(), authorities ); if (password.asText(null) == null) { result.eraseCredentials(); } return result; }
/** * This method will create {@link User} object. It will ensure successful object creation even if password key is null in * serialized json, because credentials may be removed from the {@link User} by invoking {@link User#eraseCredentials()}. * In that case there won't be any password key in serialized json. * * @param jp the JsonParser * @param ctxt the DeserializationContext * @return the user * @throws IOException if a exception during IO occurs * @throws JsonProcessingException if an error during JSON processing occurs */ @Override public User deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException { ObjectMapper mapper = (ObjectMapper) jp.getCodec(); JsonNode jsonNode = mapper.readTree(jp); Set<GrantedAuthority> authorities = mapper.convertValue(jsonNode.get("authorities"), new TypeReference<Set<SimpleGrantedAuthority>>() { }); JsonNode password = readJsonNode(jsonNode, "password"); User result = new User( readJsonNode(jsonNode, "username").asText(), password.asText(""), readJsonNode(jsonNode, "enabled").asBoolean(), readJsonNode(jsonNode, "accountNonExpired").asBoolean(), readJsonNode(jsonNode, "credentialsNonExpired").asBoolean(), readJsonNode(jsonNode, "accountNonLocked").asBoolean(), authorities ); if (password.asText(null) == null) { result.eraseCredentials(); } return result; }
@Test public void findByUsernameWhenClearCredentialsThenFindByUsernameStillHasCredentials() { User foundUser = users.findByUsername(USER_DETAILS.getUsername()).cast(User.class).block(); assertThat(foundUser.getPassword()).isNotEmpty(); foundUser.eraseCredentials(); assertThat(foundUser.getPassword()).isNull(); foundUser = users.findByUsername(USER_DETAILS.getUsername()).cast(User.class).block(); assertThat(foundUser.getPassword()).isNotEmpty(); }
/** * This method will create {@link User} object. It will ensure successful object creation even if password key is null in * serialized json, because credentials may be removed from the {@link User} by invoking {@link User#eraseCredentials()}. * In that case there won't be any password key in serialized json. * * @param jp the JsonParser * @param ctxt the DeserializationContext * @return the user * @throws IOException if a exception during IO occurs * @throws JsonProcessingException if an error during JSON processing occurs */ @Override public User deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException { ObjectMapper mapper = (ObjectMapper) jp.getCodec(); JsonNode jsonNode = mapper.readTree(jp); Set<GrantedAuthority> authorities = mapper.convertValue(jsonNode.get("authorities"), new TypeReference<Set<SimpleGrantedAuthority>>() { }); JsonNode password = readJsonNode(jsonNode, "password"); User result = new User( readJsonNode(jsonNode, "username").asText(), password.asText(""), readJsonNode(jsonNode, "enabled").asBoolean(), readJsonNode(jsonNode, "accountNonExpired").asBoolean(), readJsonNode(jsonNode, "credentialsNonExpired").asBoolean(), readJsonNode(jsonNode, "accountNonLocked").asBoolean(), authorities ); if (password.asText(null) == null) { result.eraseCredentials(); } return result; }