Skip to content
Permalink
Browse files
fix: switch to GSON per security team advice (#586)
* switch to GSON per security team advice

* fix samples

* format

* update Javadoc

* bom version

* google-oauth-client not in BOM
  • Loading branch information
elharo committed Jan 11, 2021
1 parent cc08859 commit 58a1828e8e291c59494893b2632c294dffe98b23
Showing with 42 additions and 49 deletions.
  1. +0 −4 ...c/main/java/com/google/api/client/extensions/appengine/auth/AbstractAppEngineCallbackServlet.java
  2. +0 −4 ...e/src/main/java/com/google/api/client/extensions/appengine/auth/AbstractAppEngineFlowServlet.java
  3. +1 −1 ...pi/client/extensions/appengine/auth/oauth2/AbstractAppEngineAuthorizationCodeCallbackServlet.java
  4. +1 −1 ...google/api/client/extensions/appengine/auth/oauth2/AbstractAppEngineAuthorizationCodeServlet.java
  5. +1 −1 google-oauth-client-java6/pom.xml
  6. +2 −2 ...va6/src/test/java/com/google/api/client/extensions/java6/auth/oauth2/FileCredentialStoreTest.java
  7. +1 −1 ...-servlet/src/main/java/com/google/api/client/extensions/servlet/auth/AbstractCallbackServlet.java
  8. +1 −1 ...-servlet/src/main/java/com/google/api/client/extensions/servlet/auth/AbstractFlowUserServlet.java
  9. +1 −1 ...om/google/api/client/extensions/servlet/auth/oauth2/AbstractAuthorizationCodeCallbackServlet.java
  10. +1 −1 ...n/java/com/google/api/client/extensions/servlet/auth/oauth2/AbstractAuthorizationCodeServlet.java
  11. +1 −1 google-oauth-client/pom.xml
  12. +1 −1 ...e-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.java
  13. +1 −1 ...e-oauth-client/src/main/java/com/google/api/client/auth/oauth2/ClientCredentialsTokenRequest.java
  14. +1 −1 ...-oauth-client/src/main/java/com/google/api/client/auth/oauth2/ClientParametersAuthentication.java
  15. +1 −1 google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/PasswordTokenRequest.java
  16. +1 −1 google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/RefreshTokenRequest.java
  17. +2 −2 google-oauth-client/src/test/java/com/google/api/client/auth/oauth2/AuthenticationTestBase.java
  18. +5 −5 google-oauth-client/src/test/java/com/google/api/client/auth/oauth2/AuthorizationCodeFlowTest.java
  19. +2 −2 google-oauth-client/src/test/java/com/google/api/client/auth/oauth2/CustomTokenRequestTest.java
  20. +2 −2 google-oauth-client/src/test/java/com/google/api/client/auth/oauth2/CustomTokenResponseTest.java
  21. +2 −2 google-oauth-client/src/test/java/com/google/api/client/auth/oauth2/TokenErrorResponseTest.java
  22. +2 −2 google-oauth-client/src/test/java/com/google/api/client/auth/oauth2/TokenRequestTest.java
  23. +2 −2 google-oauth-client/src/test/java/com/google/api/client/auth/oauth2/TokenResponseTest.java
  24. +2 −2 samples/dailymotion-cmdline-sample/pom.xml
  25. +2 −2 ...e-sample/src/main/java/com/google/api/services/samples/dailymotion/cmdline/DailyMotionSample.java
  26. +2 −2 samples/keycloak-pkce-cmdline-sample/pom.xml
  27. +2 −2 ...kce-cmdline-sample/src/main/java/com/google/api/services/samples/keycloak/cmdline/PKCESample.java
  28. +2 −1 samples/snippets/pom.xml
@@ -48,10 +48,6 @@
* {@link
* com.google.api.client.extensions.appengine.auth.oauth2.AbstractAppEngineAuthorizationCodeCallbackServlet}.
*
* <p>Upgrade warning: in version 1.15 there was an implementation of {@link
* #newJsonFactoryInstance()} that used {@code com.google.api.client.json.jackson.JacksonFactory},
* but starting with version 1.16 there is no such implementation.
*
* @author moshenko@google.com (Jacob Moshenko)
* @since 1.4
*/
@@ -29,10 +29,6 @@
* {@link
* com.google.api.client.extensions.appengine.auth.oauth2.AbstractAppEngineAuthorizationCodeServlet}.
*
* <p>Upgrade warning: in version 1.15 there was an implementation of {@link
* #newJsonFactoryInstance()} that used {@code com.google.api.client.json.jackson.JacksonFactory},
* but starting with version 1.16 there is no such implementation.
*
* @author moshenko@google.com (Jacob Moshenko)
* @since 1.4
*/
@@ -70,7 +70,7 @@
* protected AuthorizationCodeFlow initializeFlow() throws IOException {
* return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
* new UrlFetchTransport(),
* new JacksonFactory(),
* new GsonFactory(),
* new GenericUrl("https://server.example.com/token"),
* new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
* "s6BhdRkqt3",
@@ -63,7 +63,7 @@
* protected AuthorizationCodeFlow initializeFlow() throws IOException {
* return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
* new UrlFetchTransport(),
* new JacksonFactory(),
* new GsonFactory(),
* new GenericUrl("https://server.example.com/token"),
* new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
* "s6BhdRkqt3",
@@ -92,7 +92,7 @@
</dependency>
<dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client-jackson2</artifactId>
<artifactId>google-http-client-gson</artifactId>
<scope>test</scope>
</dependency>
<dependency>
@@ -25,7 +25,7 @@
import com.google.api.client.http.LowLevelHttpResponse;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonGenerator;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.testing.http.MockHttpTransport;
import com.google.api.client.testing.http.MockLowLevelHttpRequest;
import com.google.api.client.testing.http.MockLowLevelHttpResponse;
@@ -48,7 +48,7 @@
@Deprecated
public class FileCredentialStoreTest extends TestCase {

static final JsonFactory JSON_FACTORY = new JacksonFactory();
static final JsonFactory JSON_FACTORY = new GsonFactory();
private static final String ACCESS_TOKEN = "abc";
static final String NEW_ACCESS_TOKEN = "def";
private static final GenericUrl TOKEN_SERVER_URL = new GenericUrl("http://example.com/token");
@@ -137,7 +137,7 @@ protected final HttpTransport getHttpTransport() {
* json factory and should be as simple as:
*
* <pre>
* new JacksonFactory();
* new GsonFactory();
* </pre>
*
* @return {@link JsonFactory} instance for your particular environment
@@ -168,7 +168,7 @@ protected final HttpTransport getHttpTransport() {
* json factory and should be as simple as:
*
* <pre>
* new JacksonFactory();
* new GsonFactory();
* </pre>
*
* @return {@link JsonFactory} instance for your particular environment
@@ -67,7 +67,7 @@
* protected AuthorizationCodeFlow initializeFlow() throws IOException {
* return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
* new NetHttpTransport(),
* new JacksonFactory(),
* new GsonFactory(),
* new GenericUrl("https://server.example.com/token"),
* new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
* "s6BhdRkqt3",
@@ -69,7 +69,7 @@
* protected AuthorizationCodeFlow initializeFlow() throws IOException {
* return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
* new NetHttpTransport(),
* new JacksonFactory(),
* new GsonFactory(),
* new GenericUrl("https://server.example.com/token"),
* new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
* "s6BhdRkqt3",
@@ -81,7 +81,7 @@
</dependency>
<dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client-jackson2</artifactId>
<artifactId>google-http-client-gson</artifactId>
<scope>test</scope>
</dependency>
<dependency>
@@ -38,7 +38,7 @@
* static void requestAccessToken() throws IOException {
* try {
* TokenResponse response =
* new AuthorizationCodeTokenRequest(new NetHttpTransport(), new JacksonFactory(),
* new AuthorizationCodeTokenRequest(new NetHttpTransport(), new GsonFactory(),
* new GenericUrl("https://server.example.com/token"), "SplxlOBeZQQYbYS6WxSbIA")
* .setRedirectUri("https://client.example.com/rd")
* .setClientAuthentication(
@@ -36,7 +36,7 @@
* static void requestAccessToken() throws IOException {
* try {
* TokenResponse response =
* new ClientCredentialsTokenRequest(new NetHttpTransport(), new JacksonFactory(),
* new ClientCredentialsTokenRequest(new NetHttpTransport(), new GsonFactory(),
* new GenericUrl("https://server.example.com/token"))
* .setRedirectUri("https://client.example.com/rd")
* .setClientAuthentication(
@@ -37,7 +37,7 @@
* static void requestAccessToken() throws IOException {
* try {
* TokenResponse response = new AuthorizationCodeTokenRequest(new NetHttpTransport(),
* new JacksonFactory(), new GenericUrl("https://server.example.com/token"),
* new GsonFactory(), new GenericUrl("https://server.example.com/token"),
* "SplxlOBeZQQYbYS6WxSbIA").setRedirectUri("https://client.example.com/rd")
* .setClientAuthentication(
* new ClientParametersAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw")).execute();
@@ -39,7 +39,7 @@
* static void requestAccessToken() throws IOException {
* try {
* TokenResponse response =
* new PasswordTokenRequest(new NetHttpTransport(), new JacksonFactory(),
* new PasswordTokenRequest(new NetHttpTransport(), new GsonFactory(),
* new GenericUrl("https://server.example.com/token"), "johndoe", "A3ddj3w")
* .setRedirectUri("https://client.example.com/rd")
* .setClientAuthentication(
@@ -38,7 +38,7 @@
* static void refreshAccessToken() throws IOException {
* try {
* TokenResponse response =
* new RefreshTokenRequest(new NetHttpTransport(), new JacksonFactory(), new GenericUrl(
* new RefreshTokenRequest(new NetHttpTransport(), new GsonFactory(), new GenericUrl(
* "https://server.example.com/token"), "tGzv3JOkF0XG5Qx2TlKWIA")
* .setClientAuthentication(
* new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw")).execute();
@@ -19,7 +19,7 @@
import com.google.api.client.http.LowLevelHttpResponse;
import com.google.api.client.json.Json;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.testing.http.MockHttpTransport;
import com.google.api.client.testing.http.MockLowLevelHttpRequest;
import com.google.api.client.testing.http.MockLowLevelHttpResponse;
@@ -34,7 +34,7 @@
*/
public abstract class AuthenticationTestBase extends TestCase {

protected static final JsonFactory JSON_FACTORY = new JacksonFactory();
protected static final JsonFactory JSON_FACTORY = new GsonFactory();
protected static final String ACCESS_TOKEN = "abc";
protected static final String NEW_ACCESS_TOKEN = "def";
protected static final GenericUrl TOKEN_SERVER_URL = new GenericUrl("http://example.com/token");
@@ -16,7 +16,7 @@

import com.google.api.client.auth.oauth2.AuthorizationCodeFlow.CredentialCreatedListener;
import com.google.api.client.http.BasicAuthentication;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.util.Joiner;
import java.io.IOException;
import java.util.Arrays;
@@ -64,7 +64,7 @@ public void testCredentialCreatedListener() throws IOException {
new AuthorizationCodeFlow.Builder(
BearerToken.queryParameterAccessMethod(),
new AccessTokenTransport(),
new JacksonFactory(),
new GsonFactory(),
TOKEN_SERVER_URL,
new BasicAuthentication(CLIENT_ID, CLIENT_SECRET),
CLIENT_ID,
@@ -84,7 +84,7 @@ public void testRefreshListeners() throws IOException {
new AuthorizationCodeFlow.Builder(
BearerToken.queryParameterAccessMethod(),
new AccessTokenTransport(),
new JacksonFactory(),
new GsonFactory(),
TOKEN_SERVER_URL,
new BasicAuthentication(CLIENT_ID, CLIENT_SECRET),
CLIENT_ID,
@@ -118,7 +118,7 @@ public void subsetTestNewAuthorizationUrl(Collection<String> scopes) {
new AuthorizationCodeFlow.Builder(
BearerToken.queryParameterAccessMethod(),
new AccessTokenTransport(),
new JacksonFactory(),
new GsonFactory(),
TOKEN_SERVER_URL,
new BasicAuthentication(CLIENT_ID, CLIENT_SECRET),
CLIENT_ID,
@@ -139,7 +139,7 @@ public void testPKCE() {
new AuthorizationCodeFlow.Builder(
BearerToken.queryParameterAccessMethod(),
new AccessTokenTransport(),
new JacksonFactory(),
new GsonFactory(),
TOKEN_SERVER_URL,
new BasicAuthentication(CLIENT_ID, CLIENT_SECRET),
CLIENT_ID,
@@ -20,7 +20,7 @@
import com.google.api.client.http.LowLevelHttpRequest;
import com.google.api.client.http.LowLevelHttpResponse;
import com.google.api.client.json.Json;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.testing.http.MockHttpTransport;
import com.google.api.client.testing.http.MockLowLevelHttpRequest;
import com.google.api.client.testing.http.MockLowLevelHttpResponse;
@@ -35,7 +35,7 @@
public class CustomTokenRequestTest extends TestCase {

private static final MockHttpTransport TRANSPORT = new MockHttpTransport();
private static final JacksonFactory JSON_FACTORY = new JacksonFactory();
private static final GsonFactory JSON_FACTORY = new GsonFactory();
private static final GenericUrl AUTHORIZATION_SERVER_URL =
new GenericUrl("https://server.example.com/authorize");
private static final String JWT_ENCODED_CONTENT =
@@ -15,7 +15,7 @@
package com.google.api.client.auth.oauth2;

import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.util.Key;
import junit.framework.TestCase;

@@ -48,7 +48,7 @@ public StringExpiresTokenResponse setExpiresInSeconds(Long expiresInSeconds) {
}

public void testStringExpires() throws Exception {
JsonFactory jsonFactory = new JacksonFactory();
JsonFactory jsonFactory = new GsonFactory();
TokenResponse response = jsonFactory.fromString(JSON, StringExpiresTokenResponse.class);
assertEquals("2YotnFZFEjr1zCsicMWpAA", response.getAccessToken());
assertEquals("example", response.getTokenType());
@@ -15,7 +15,7 @@
package com.google.api.client.auth.oauth2;

import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.json.gson.GsonFactory;
import junit.framework.TestCase;

/**
@@ -31,7 +31,7 @@
+ "\"error_description\":\"error description\"}";

public void test() throws Exception {
JsonFactory jsonFactory = new JacksonFactory();
JsonFactory jsonFactory = new GsonFactory();
TokenErrorResponse response = jsonFactory.fromString(JSON, TokenErrorResponse.class);
assertEquals("invalid_request", response.getError());
assertEquals("http://www.example.com/error", response.getErrorUri());
@@ -15,7 +15,7 @@
package com.google.api.client.auth.oauth2;

import com.google.api.client.http.GenericUrl;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.testing.http.MockHttpTransport;
import junit.framework.TestCase;

@@ -27,7 +27,7 @@
public class TokenRequestTest extends TestCase {

static final MockHttpTransport TRANSPORT = new MockHttpTransport();
static final JacksonFactory JSON_FACTORY = new JacksonFactory();
static final GsonFactory JSON_FACTORY = new GsonFactory();
static final GenericUrl AUTHORIZATION_SERVER_URL =
new GenericUrl("https://server.example.com/authorize");

@@ -15,7 +15,7 @@
package com.google.api.client.auth.oauth2;

import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.json.gson.GsonFactory;
import junit.framework.TestCase;

/**
@@ -32,7 +32,7 @@
+ "\"example_parameter\":\"example_value\"}";

public void test() throws Exception {
JsonFactory jsonFactory = new JacksonFactory();
JsonFactory jsonFactory = new GsonFactory();
TokenResponse response = jsonFactory.fromString(JSON, TokenResponse.class);
assertEquals("2YotnFZFEjr1zCsicMWpAA", response.getAccessToken());
assertEquals("example", response.getTokenType());
@@ -35,7 +35,7 @@
</plugin>
<plugin>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>2.17</version>
<version>3.0.0</version>
<configuration>
<configLocation>../checkstyle.xml</configLocation>
<consoleOutput>true</consoleOutput>
@@ -103,7 +103,7 @@
</dependency>
<dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client-jackson2</artifactId>
<artifactId>google-http-client-gson</artifactId>
</dependency>
</dependencies>
<properties>
@@ -28,7 +28,7 @@
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.util.store.DataStoreFactory;
import com.google.api.client.util.store.FileDataStoreFactory;
import java.io.File;
@@ -60,7 +60,7 @@
private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();

/** Global instance of the JSON factory. */
static final JsonFactory JSON_FACTORY = new JacksonFactory();
static final JsonFactory JSON_FACTORY = new GsonFactory();

private static final String TOKEN_SERVER_URL = "https://api.dailymotion.com/oauth/token";
private static final String AUTHORIZATION_SERVER_URL =
@@ -35,7 +35,7 @@
</plugin>
<plugin>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>2.17</version>
<version>3.0.0</version>
<configuration>
<configLocation>../checkstyle.xml</configLocation>
<consoleOutput>true</consoleOutput>
@@ -103,7 +103,7 @@
</dependency>
<dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client-jackson2</artifactId>
<artifactId>google-http-client-gson</artifactId>
</dependency>
</dependencies>
<properties>
@@ -24,7 +24,7 @@
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.util.store.DataStoreFactory;
import com.google.api.client.util.store.MemoryDataStoreFactory;
import java.io.IOException;
@@ -56,7 +56,7 @@
private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();

/** Global instance of the JSON factory. */
static final JsonFactory JSON_FACTORY = new JacksonFactory();
static final JsonFactory JSON_FACTORY = new GsonFactory();

private static final String TOKEN_SERVER_URL =
"http://127.0.0.1:8080/auth/realms/master/protocol/openid-connect/token";
@@ -30,7 +30,7 @@
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>libraries-bom</artifactId>
<version></version>
<version>16.2.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -41,6 +41,7 @@
<dependency>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client</artifactId>
<version>1.31.2</version>
</dependency>
<!-- [END google-oauth-client_install_with_bom] -->

0 comments on commit 58a1828

Please sign in to comment.