You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I am using postgres database to store sessions. I am trying to store the session attributes in json.
My SessionConfiguration class is as follows
`@Configuration
public class SessionConfiguration implements BeanClassLoaderAware {
}I get the the following exception during the oauth2 login flow. The class with org.springframework.security.web.authentication.WebAuthenticationDetails and name of org.springframework.security.web.authentication.WebAuthenticationDetails is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See #4370 for details (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"]->org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken["details"])` To Reproduce
Expected behavior
It shall deserialize/serialize the security related session attributes properly. Sample
Reports that include a sample will take priority over reports that do not.
At times, we may require a sample, so it is good to try and include a sample up front.
The text was updated successfully, but these errors were encountered:
At this point, this feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.
Thanks for finding the root cause @okohub!
I managed to solve the issue temporarily by setting the MapperFeature.IGNORE_DUPLICATE_MODULE_REGISTRATIONS flag to false in the ObjectMapper.
Describe the bug
I am using postgres database to store sessions. I am trying to store the session attributes in json.
My SessionConfiguration class is as follows
`@Configuration
public class SessionConfiguration implements BeanClassLoaderAware {
}
I get the the following exception during the oauth2 login flow.
The class with org.springframework.security.web.authentication.WebAuthenticationDetails and name of org.springframework.security.web.authentication.WebAuthenticationDetails is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See #4370 for details (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"]->org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken["details"])`To Reproduce
Expected behavior
It shall deserialize/serialize the security related session attributes properly.
Sample
A link to a GitHub repository with a minimal, reproducible sample.
Reports that include a sample will take priority over reports that do not.
At times, we may require a sample, so it is good to try and include a sample up front.
The text was updated successfully, but these errors were encountered: