Spring-security: Jackson Optimization
Summary
There are some performance optimizations we can provide for jackson integration
rwinch
All 5 comments
org.springframework.security.authentication.BadCredentialsException is not whitelisted. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details; nested exception is java.
TanqiZhou
on 23 Dec 2017
Since the error message points to this issue, can it please get a link to documentation on enabling default typing?
chrylis
on 10 Aug 2018
Since the error message points to this issue, can it please get a link to documentation on enabling default typing?
Hi. i have same issue and cant find how to enable default typing. i really appreciate if you provide a link or something else that says how to do it.
miladamery
on 9 Mar 2019
To (de)serialize a BadCredentialsException, use CoreJackson2Module:
@Bean
public ObjectMapper objectMapper() {
ObjectMapper mapper = new ObjectMapper()
mapper.registerModule(new CoreJackson2Module());
// ... your other configuration
return mapper;
}
This calls SecurityJackson2Modules.enableDefaultTyping and adds the BadCredentialsException mixin.
jzheaux
on 12 Mar 2019
Good
TanqiZhou
on 13 Mar 2019
Related issues
berniegp
路
3Comments
unlimitedsola
路
4Comments
joshlong
路
3Comments
lexburner
路
3Comments
silentsnooc
路
3Comments
Most helpful comment
Since the error message points to this issue, can it please get a link to documentation on enabling default typing?