use of org.springframework.security.core.userdetails.User in project spring-security by spring-projects.
the class UserDeserializer method deserialize.
/**
* This method will create {@link User} object. It will ensure successful object creation even if password key is null in
* serialized json, because credentials may be removed from the {@link User} by invoking {@link User#eraseCredentials()}.
* In that case there won't be any password key in serialized json.
*
* @param jp the JsonParser
* @param ctxt the DeserializationContext
* @return the user
* @throws IOException if a exception during IO occurs
* @throws JsonProcessingException if an error during JSON processing occurs
*/
@Override
public User deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) jp.getCodec();
JsonNode jsonNode = mapper.readTree(jp);
Set<GrantedAuthority> authorities = mapper.convertValue(jsonNode.get("authorities"), new TypeReference<Set<SimpleGrantedAuthority>>() {
});
JsonNode password = readJsonNode(jsonNode, "password");
User result = new User(readJsonNode(jsonNode, "username").asText(), password.asText(""), readJsonNode(jsonNode, "enabled").asBoolean(), readJsonNode(jsonNode, "accountNonExpired").asBoolean(), readJsonNode(jsonNode, "credentialsNonExpired").asBoolean(), readJsonNode(jsonNode, "accountNonLocked").asBoolean(), authorities);
if (password.asText(null) == null) {
result.eraseCredentials();
}
return result;
}
use of org.springframework.security.core.userdetails.User in project spring-security by spring-projects.
the class UserDeserializerTests method deserializeUserWithNullPasswordNoAuthorityTest.
@Test
public void deserializeUserWithNullPasswordNoAuthorityTest() throws Exception {
String userJsonWithoutPasswordString = removeNode(userWithNoAuthoritiesJson(), mapper, "password");
User user = mapper.readValue(userJsonWithoutPasswordString, User.class);
assertThat(user).isNotNull();
assertThat(user.getUsername()).isEqualTo("admin");
assertThat(user.getPassword()).isNull();
assertThat(user.getAuthorities()).isEmpty();
assertThat(user.isEnabled()).isEqualTo(true);
}
use of org.springframework.security.core.userdetails.User in project spring-security by spring-projects.
the class UsernamePasswordAuthenticationTokenMixinTests method deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithUserTest.
@Test
public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithUserTest() throws IOException {
UsernamePasswordAuthenticationToken token = mapper.readValue(AUTHENTICATED_JSON, UsernamePasswordAuthenticationToken.class);
assertThat(token).isNotNull();
assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class);
assertThat(((User) token.getPrincipal()).getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
assertThat(token.isAuthenticated()).isEqualTo(true);
assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
}
use of org.springframework.security.core.userdetails.User in project spring-security by spring-projects.
the class JdbcUserDetailsManagerTests method updateUserChangesDataCorrectlyAndClearsCache.
@Test
public void updateUserChangesDataCorrectlyAndClearsCache() {
insertJoe();
User newJoe = new User("joe", "newpassword", false, true, true, true, AuthorityUtils.createAuthorityList(new String[] { "D", "F", "E" }));
manager.updateUser(newJoe);
UserDetails joe = manager.loadUserByUsername("joe");
assertThat(joe).isEqualTo(newJoe);
assertThat(cache.getUserMap().containsKey("joe")).isFalse();
}
use of org.springframework.security.core.userdetails.User in project spring-security by spring-projects.
the class AnonymousAuthenticationTokenMixinTests method serializeAnonymousAuthenticationTokenMixinAfterEraseCredentialTest.
@Test
public void serializeAnonymousAuthenticationTokenMixinAfterEraseCredentialTest() throws JsonProcessingException, JSONException {
User user = createDefaultUser();
AnonymousAuthenticationToken token = new AnonymousAuthenticationToken(HASH_KEY, user, user.getAuthorities());
token.eraseCredentials();
String actualJson = mapper.writeValueAsString(token);
JSONAssert.assertEquals(ANONYMOUS_JSON.replace(UserDeserializerTests.USER_PASSWORD, "null"), actualJson, true);
}
Aggregations