PreAuthenticatedAuthenticationTokenDeserializer's Jackson 3 implementation doesn't support complex object credentials #18225
Description
Describe the bug
The Jackson 3 version of PreAuthenticatedAuthenticationTokenDeserializer replaced asText() with stringValue() when de-serializing credentials.
However, unlike asText(), stringValue() throws a JsonNodeException if the node value is not a JSON String, which is the case when, e.g., the authentication contains X509Certificate credentials:
java.lang.IllegalArgumentException: 'ObjectNode' method `stringValue()` cannot convert value {...(45 properties}] to `java.lang.String`: value type not String (through reference chain: java.util.LinkedHashMap["java.security.Principal"])
at org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService$AbstractOAuth2AuthorizationRowMapper.parseMap(JdbcOAuth2AuthorizationService.java:708) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
at org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService$AbstractOAuth2AuthorizationRowMapper.mapRow(JdbcOAuth2AuthorizationService.java:572) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
at org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService$JsonMapperOAuth2AuthorizationRowMapper.mapRow(JdbcOAuth2AuthorizationService.java:474) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
at org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService$AbstractOAuth2AuthorizationRowMapper.mapRow(JdbcOAuth2AuthorizationService.java:542) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:110) ~[spring-jdbc-7.0.1.jar:7.0.1]
at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:62) ~[spring-jdbc-7.0.1.jar:7.0.1]
at org.springframework.jdbc.core.JdbcTemplate.lambda$query$0(JdbcTemplate.java:738) ~[spring-jdbc-7.0.1.jar:7.0.1]
at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:669) ~[spring-jdbc-7.0.1.jar:7.0.1]
at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:731) ~[spring-jdbc-7.0.1.jar:7.0.1]
at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:756) ~[spring-jdbc-7.0.1.jar:7.0.1]
at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:808) ~[spring-jdbc-7.0.1.jar:7.0.1]
at org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService.findBy(JdbcOAuth2AuthorizationService.java:354) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
at org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService.findByToken(JdbcOAuth2AuthorizationService.java:325) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
at org.springframework.security.oauth2.server.authorization.authentication.CodeVerifierAuthenticator.authenticate(CodeVerifierAuthenticator.java:86) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
at org.springframework.security.oauth2.server.authorization.authentication.CodeVerifierAuthenticator.authenticateRequired(CodeVerifierAuthenticator.java:67) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
at org.springframework.security.oauth2.server.authorization.authentication.PublicClientAuthenticationProvider.authenticate(PublicClientAuthenticationProvider.java:100) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:183) ~[spring-security-core-7.0.0.jar:7.0.0]
at org.springframework.security.authentication.ObservationAuthenticationManager.lambda$authenticate$1(ObservationAuthenticationManager.java:55) ~[spring-security-core-7.0.0.jar:7.0.0]
at io.micrometer.observation.Observation.observe(Observation.java:564) ~[micrometer-observation-1.16.0.jar:1.16.0]
at org.springframework.security.authentication.ObservationAuthenticationManager.authenticate(ObservationAuthenticationManager.java:54) ~[spring-security-core-7.0.0.jar:7.0.0]
at org.springframework.security.oauth2.server.authorization.web.OAuth2ClientAuthenticationFilter.doFilterInternal(OAuth2ClientAuthenticationFilter.java:141) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:244) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:231) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:141) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter.doFilterInternal(NimbusJwkSetEndpointFilter.java:89) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:244) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:231) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:141) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter.doFilterInternal(OAuth2AuthorizationEndpointFilter.java:178) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:244) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:231) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:141) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter.doFilterInternal(OAuth2AuthorizationServerMetadataEndpointFilter.java:91) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:244) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:231) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:141) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:163) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:244) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:231) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:141) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.saml2.provider.service.web.Saml2WebSsoAuthenticationRequestFilter.doFilterInternal(Saml2WebSsoAuthenticationRequestFilter.java:100) ~[spring-security-saml2-service-provider-7.0.0.jar:7.0.0]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:244) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:231) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:141) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:96) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:244) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:231) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:141) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:118) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:244) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:231) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:141) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:244) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:231) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:141) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization.AuthorizationServerContextFilter.doFilterInternal(AuthorizationServerContextFilter.java:70) ~[spring-security-config-7.0.0.jar:7.0.0]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:244) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:231) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:141) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:244) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:231) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:141) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:244) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:231) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:141) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:244) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:337) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:228) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:141) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:237) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:195) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.web.filter.ServletRequestPathFilter.doFilter(ServletRequestPathFilter.java:52) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebSecurityConfiguration.java:317) ~[spring-security-config-7.0.0.jar:7.0.0]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:355) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:272) ~[spring-web-7.0.1.jar:7.0.1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:107) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-7.0.1.jar:7.0.1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:107) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-7.0.1.jar:7.0.1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:107) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.springframework.web.filter.ServerHttpObservationFilter.doFilterInternal(ServerHttpObservationFilter.java:110) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-7.0.1.jar:7.0.1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:107) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:199) ~[spring-web-7.0.1.jar:7.0.1]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-7.0.1.jar:7.0.1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:107) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:165) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:77) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:113) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:83) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:72) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:397) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:903) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1778) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:946) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:480) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:57) ~[tomcat-embed-core-11.0.14.jar:11.0.14]
at java.base/java.lang.Thread.run(Thread.java:1474) ~[na:na]
Caused by: tools.jackson.databind.exc.JsonNodeException: 'ObjectNode' method `stringValue()` cannot convert value {...(45 properties}] to `java.lang.String`: value type not String (through reference chain: java.util.LinkedHashMap["java.security.Principal"])
at tools.jackson.databind.exc.JsonNodeException.from(JsonNodeException.java:25) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.node.BaseJsonNode._reportCoercionFail(BaseJsonNode.java:655) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.node.BaseJsonNode.stringValue(BaseJsonNode.java:367) ~[jackson-databind-3.0.2.jar:3.0.2]
at org.springframework.security.web.jackson.PreAuthenticatedAuthenticationTokenDeserializer.deserialize(PreAuthenticatedAuthenticationTokenDeserializer.java:64) ~[spring-security-web-7.0.0.jar:7.0.0]
at org.springframework.security.web.jackson.PreAuthenticatedAuthenticationTokenDeserializer.deserialize(PreAuthenticatedAuthenticationTokenDeserializer.java:42) ~[spring-security-web-7.0.0.jar:7.0.0]
at tools.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer._deserializeTypedForId(AsPropertyTypeDeserializer.java:138) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer.deserializeTypedFromObject(AsPropertyTypeDeserializer.java:103) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer.deserializeTypedFromAny(AsPropertyTypeDeserializer.java:203) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.deser.jdk.UntypedObjectDeserializerNR.deserializeWithType(UntypedObjectDeserializerNR.java:98) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.deser.jdk.MapDeserializer._deserializeNoNullChecks(MapDeserializer.java:867) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.deser.jdk.MapDeserializer._readAndBindStringKeyMap(MapDeserializer.java:601) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.deser.jdk.MapDeserializer.deserialize(MapDeserializer.java:428) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.deser.jdk.MapDeserializer.deserialize(MapDeserializer.java:30) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.deser.std.StdConvertingDeserializer.deserialize(StdConvertingDeserializer.java:154) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer._deserializeTypedForId(AsPropertyTypeDeserializer.java:138) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer.deserializeTypedFromObject(AsPropertyTypeDeserializer.java:103) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.deser.jdk.MapDeserializer.deserializeWithType(MapDeserializer.java:471) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.deser.impl.TypeWrappedDeserializer.deserialize(TypeWrappedDeserializer.java:72) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.deser.DeserializationContextExt.readRootValue(DeserializationContextExt.java:265) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:2610) ~[jackson-databind-3.0.2.jar:3.0.2]
at tools.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:1564) ~[jackson-databind-3.0.2.jar:3.0.2]
at org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService$JsonMapperOAuth2AuthorizationRowMapper.readValue(JdbcOAuth2AuthorizationService.java:495) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
at org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService$AbstractOAuth2AuthorizationRowMapper.parseMap(JdbcOAuth2AuthorizationService.java:705) ~[spring-security-oauth2-authorization-server-7.0.0.jar:7.0.0]
... 123 common frames omitted
To Reproduce
Set-up:
Spring Boot 4.0.0 with org.springframework.boot:spring-boot-starter-security-oauth2-authorization-server (Spring Security 7.0.0) using the provided JdbcOAuth2AuthorizationService and a SecurityFilterChain with
http
.oauth2AuthorizationServer(withDefaults())
.x509(...) // with a custom AuthenticationProvider that mostly delegates to a PreAuthenticatedAuthenticationProviderThe OAuth2 authorization end-point then issues an authorization code if the certificate presented by the client fulfils some arbitrary criteria.
The credentials are serilaized as JSON and stored correctly among the oauth2_authorization.attributes in the database.
However, when the PreAuthenticatedAuthenticationTokenDeserializer trys to read them again from the database, the exception mentioned above is thrown.
The necessary java.base/sun.security.* modules are available (--add-opens).
Expected behavior
The credentials should be deserialized without throwing.
Sample
@Test
public void credentialsObjectDeserializationTest() throws JsonProcessingException {
String json = """
{
"@class": "org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken",
"authenticated": true,
"authorities": [
"java.util.Collections$UnmodifiableRandomAccessList",
[
{
"@class": "org.springframework.security.core.authority.SimpleGrantedAuthority",
"authority": "USER"
}
]
],
"credentials": {
"@class": "sun.security.x509.X509CertImpl",
"CRLDistributionPointsExtension": null,
"TBSCertificate": "MIICWaADAgECAhQEC55wtjchWnyT/6JNjtRUp7GpIDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJERTETMBEGA1UECAwKU29tZS1TdGF0ZTEQMA4GA1UECgwHRXhhbXBsZTESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI1MTEyNjEwNTI0MVoXDTI2MTEyNjEwNTI0MVowSDELMAkGA1UEBhMCREUxEzARBgNVBAgMClNvbWUtU3RhdGUxEDAOBgNVBAoMB0V4YW1wbGUxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI391yzaICRR2gTCdV4he5P0QCVedBLXG85JZgqrtV7ry3vUL2BfXhT9so+6dqgpZFBkMG7H5KePnFoA0L23dBTVwgbc3e+V9GptpW+FAip3vM5s9s+jmY+KBK2rfI2uSo3Yqn4CZTzu6H556I2hzvvJjYXMrWn/c/HZsbvw/NJP8uES/gEeFtr0MhKmtMGIY/USnf0uLMpyrXGFWeAssEFAS9hw6IQFfVy0LE+NrujJ5ZZHjTBzCSdCcoT3zRL+xAOPIYK8atafQ8r5i4bxWYrvt2h+6mLc4xha6SUycr6ZJTeenyAgwiYlL7ji7hLKysQEC+vP2/TtCVhtNm+/Za0CAwEAAaNTMFEwHQYDVR0OBBYEFHNWcif0zzHzmgPVAVIuj64DoIXPMB8GA1UdIwQYMBaAFHNWcif0zzHzmgPVAVIuj64DoIXPMA8GA1UdEwEB/wQFMAMBAf8=",
"authKeyId": {
"@class": "sun.security.x509.KeyIdentifier",
"identifier": "c1ZyJ/TPMfOaA9UBUi6PrgOghc8="
},
"authorityInfoAccessExtension": null,
"authorityKeyIdentifierExtension": {
"@class": "sun.security.x509.AuthorityKeyIdentifierExtension",
"authName": null,
"critical": false,
"encodedKeyIdentifier": "BBRzVnIn9M8x85oD1QFSLo+uA6CFzw==",
"extensionId": {},
"extensionValue": "MBaAFHNWcif0zzHzmgPVAVIuj64DoIXP",
"id": "2.5.29.35",
"keyIdentifier": {
"@class": "sun.security.x509.KeyIdentifier",
"identifier": "c1ZyJ/TPMfOaA9UBUi6PrgOghc8="
},
"name": "AuthorityKeyIdentifier",
"serialNumber": null,
"value": "MBaAFHNWcif0zzHzmgPVAVIuj64DoIXP"
},
"basicConstraints": 2147483647,
"basicConstraintsExtension": {
"@class": "sun.security.x509.BasicConstraintsExtension",
"ca": true,
"critical": true,
"extensionId": {},
"extensionValue": "MAMBAf8=",
"id": "2.5.29.19",
"name": "BasicConstraints",
"pathLen": 2147483647,
"value": "MAMBAf8="
},
"certificatePoliciesExtension": null,
"criticalExtensionOIDs": [
"java.util.TreeSet",
[
"2.5.29.19"
]
],
"encoded": "MIIDcTCCAlmgAwIBAgIUBAuecLY3IVp8k/+iTY7UVKexqSAwDQYJKoZIhvcNAQELBQAwSDELMAkGA1UEBhMCREUxEzARBgNVBAgMClNvbWUtU3RhdGUxEDAOBgNVBAoMB0V4YW1wbGUxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yNTExMjYxMDUyNDFaFw0yNjExMjYxMDUyNDFaMEgxCzAJBgNVBAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN/dcs2iAkUdoEwnVeIXuT9EAlXnQS1xvOSWYKq7Ve68t71C9gX14U/bKPunaoKWRQZDBux+Snj5xaANC9t3QU1cIG3N3vlfRqbaVvhQIqd7zObPbPo5mPigStq3yNrkqN2Kp+AmU87uh+eeiNoc77yY2FzK1p/3Px2bG78PzST/LhEv4BHhba9DISprTBiGP1Ep39LizKcq1xhVngLLBBQEvYcOiEBX1ctCxPja7oyeWWR40wcwknQnKE980S/sQDjyGCvGrWn0PK+YuG8VmK77dofupi3OMYWuklMnK+mSU3np8gIMImJS+44u4SysrEBAvrz9v07QlYbTZvv2WtAgMBAAGjUzBRMB0GA1UdDgQWBBRzVnIn9M8x85oD1QFSLo+uA6CFzzAfBgNVHSMEGDAWgBRzVnIn9M8x85oD1QFSLo+uA6CFzzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAwvqhyBBzQKWbnS4mbp8USPKSk/owJcnOPXlW6H5V5X+OJNpsgkA2a1g+jQyWYnqzcqlZNUV+z15V+Fho9jQ11p5thRNJTnl6UNtlXobxWnV0hxtgTmOIGKqPWTsbBkMHC2P/UMupOqwI/8T1SRQCtHJTthqRCI5P0/8cGzbQ7GVrkBhlYiUQa+vEa/HUkKYuK2SLeYx2nTraWNZIv5Mf+2TMQq6Qu43LJMEspcxdnmoHHvFZzchLqGhjlyUG4MSYkc6XcLjki8mw2mjZq/Mc0w13UwdIPYj6VPVS1/QrMbAGOKAI3Eaoya7jzo3aSKe/si72M8uO8AK3AuCcMHYCr",
"encodedInternal": "MIIDcTCCAlmgAwIBAgIUBAuecLY3IVp8k/+iTY7UVKexqSAwDQYJKoZIhvcNAQELBQAwSDELMAkGA1UEBhMCREUxEzARBgNVBAgMClNvbWUtU3RhdGUxEDAOBgNVBAoMB0V4YW1wbGUxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yNTExMjYxMDUyNDFaFw0yNjExMjYxMDUyNDFaMEgxCzAJBgNVBAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN/dcs2iAkUdoEwnVeIXuT9EAlXnQS1xvOSWYKq7Ve68t71C9gX14U/bKPunaoKWRQZDBux+Snj5xaANC9t3QU1cIG3N3vlfRqbaVvhQIqd7zObPbPo5mPigStq3yNrkqN2Kp+AmU87uh+eeiNoc77yY2FzK1p/3Px2bG78PzST/LhEv4BHhba9DISprTBiGP1Ep39LizKcq1xhVngLLBBQEvYcOiEBX1ctCxPja7oyeWWR40wcwknQnKE980S/sQDjyGCvGrWn0PK+YuG8VmK77dofupi3OMYWuklMnK+mSU3np8gIMImJS+44u4SysrEBAvrz9v07QlYbTZvv2WtAgMBAAGjUzBRMB0GA1UdDgQWBBRzVnIn9M8x85oD1QFSLo+uA6CFzzAfBgNVHSMEGDAWgBRzVnIn9M8x85oD1QFSLo+uA6CFzzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAwvqhyBBzQKWbnS4mbp8USPKSk/owJcnOPXlW6H5V5X+OJNpsgkA2a1g+jQyWYnqzcqlZNUV+z15V+Fho9jQ11p5thRNJTnl6UNtlXobxWnV0hxtgTmOIGKqPWTsbBkMHC2P/UMupOqwI/8T1SRQCtHJTthqRCI5P0/8cGzbQ7GVrkBhlYiUQa+vEa/HUkKYuK2SLeYx2nTraWNZIv5Mf+2TMQq6Qu43LJMEspcxdnmoHHvFZzchLqGhjlyUG4MSYkc6XcLjki8mw2mjZq/Mc0w13UwdIPYj6VPVS1/QrMbAGOKAI3Eaoya7jzo3aSKe/si72M8uO8AK3AuCcMHYCr",
"extendedKeyUsage": null,
"extendedKeyUsageExtension": null,
"info": {
"@class": "sun.security.x509.X509CertInfo",
"algorithmId": {
"@class": "sun.security.x509.CertificateAlgorithmId",
"algId": {
"@class": "sun.security.x509.AlgorithmId",
"OID": {},
"encodedParams": null,
"name": "SHA256withRSA",
"parameters": null
}
},
"encodedInfo": "MIICWaADAgECAhQEC55wtjchWnyT/6JNjtRUp7GpIDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJERTETMBEGA1UECAwKU29tZS1TdGF0ZTEQMA4GA1UECgwHRXhhbXBsZTESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI1MTEyNjEwNTI0MVoXDTI2MTEyNjEwNTI0MVowSDELMAkGA1UEBhMCREUxEzARBgNVBAgMClNvbWUtU3RhdGUxEDAOBgNVBAoMB0V4YW1wbGUxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI391yzaICRR2gTCdV4he5P0QCVedBLXG85JZgqrtV7ry3vUL2BfXhT9so+6dqgpZFBkMG7H5KePnFoA0L23dBTVwgbc3e+V9GptpW+FAip3vM5s9s+jmY+KBK2rfI2uSo3Yqn4CZTzu6H556I2hzvvJjYXMrWn/c/HZsbvw/NJP8uES/gEeFtr0MhKmtMGIY/USnf0uLMpyrXGFWeAssEFAS9hw6IQFfVy0LE+NrujJ5ZZHjTBzCSdCcoT3zRL+xAOPIYK8atafQ8r5i4bxWYrvt2h+6mLc4xha6SUycr6ZJTeenyAgwiYlL7ji7hLKysQEC+vP2/TtCVhtNm+/Za0CAwEAAaNTMFEwHQYDVR0OBBYEFHNWcif0zzHzmgPVAVIuj64DoIXPMB8GA1UdIwQYMBaAFHNWcif0zzHzmgPVAVIuj64DoIXPMA8GA1UdEwEB/wQFMAMBAf8=",
"extensions": {
"@class": "sun.security.x509.CertificateExtensions",
"allExtensions": [
"java.util.Collections$SynchronizedCollection",
[
{
"@class": "sun.security.x509.AuthorityKeyIdentifierExtension",
"authName": null,
"critical": false,
"encodedKeyIdentifier": "BBRzVnIn9M8x85oD1QFSLo+uA6CFzw==",
"extensionId": {},
"extensionValue": "MBaAFHNWcif0zzHzmgPVAVIuj64DoIXP",
"id": "2.5.29.35",
"keyIdentifier": {
"@class": "sun.security.x509.KeyIdentifier",
"identifier": "c1ZyJ/TPMfOaA9UBUi6PrgOghc8="
},
"name": "AuthorityKeyIdentifier",
"serialNumber": null,
"value": "MBaAFHNWcif0zzHzmgPVAVIuj64DoIXP"
},
{
"@class": "sun.security.x509.BasicConstraintsExtension",
"ca": true,
"critical": true,
"extensionId": {},
"extensionValue": "MAMBAf8=",
"id": "2.5.29.19",
"name": "BasicConstraints",
"pathLen": 2147483647,
"value": "MAMBAf8="
},
{
"@class": "sun.security.x509.SubjectKeyIdentifierExtension",
"critical": false,
"extensionId": {},
"extensionValue": "BBRzVnIn9M8x85oD1QFSLo+uA6CFzw==",
"id": "2.5.29.14",
"keyIdentifier": {
"@class": "sun.security.x509.KeyIdentifier",
"identifier": "c1ZyJ/TPMfOaA9UBUi6PrgOghc8="
},
"name": "SubjectKeyIdentifier",
"value": "BBRzVnIn9M8x85oD1QFSLo+uA6CFzw=="
}
]
],
"unparseableExtensions": {
"@class": "java.util.Collections$EmptyMap"
}
},
"issuer": {
"@class": "sun.security.x509.X500Name",
"DNQualifier": null,
"IP": null,
"RFC1779Name": "CN=localhost, O=Example, ST=Some-State, C=DE",
"RFC2253CanonicalName": "cn=localhost,o=example,st=some-state,c=de",
"RFC2253Name": "CN=localhost,O=Example,ST=Some-State,C=DE",
"commonName": "localhost",
"country": "DE",
"domain": null,
"empty": false,
"encoded": "MEgxCzAJBgNVBAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3Q=",
"encodedInternal": "MEgxCzAJBgNVBAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3Q=",
"generation": null,
"givenName": null,
"initials": null,
"locality": null,
"name": "CN=localhost, O=Example, ST=Some-State, C=DE",
"organization": "Example",
"organizationalUnit": null,
"state": "Some-State",
"surname": null,
"type": 4
},
"issuerUniqueId": null,
"key": {
"@class": "sun.security.x509.CertificateX509Key",
"key": {
"@class": "sun.security.rsa.RSAPublicKeyImpl",
"algorithm": "RSA",
"algorithmId": {
"@class": "sun.security.x509.AlgorithmId",
"OID": {},
"encodedParams": null,
"name": "RSA",
"parameters": null
},
"encoded": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjf3XLNogJFHaBMJ1XiF7k/RAJV50EtcbzklmCqu1XuvLe9QvYF9eFP2yj7p2qClkUGQwbsfkp4+cWgDQvbd0FNXCBtzd75X0am2lb4UCKne8zmz2z6OZj4oErat8ja5KjdiqfgJlPO7ofnnojaHO+8mNhcytaf9z8dmxu/D80k/y4RL+AR4W2vQyEqa0wYhj9RKd/S4synKtcYVZ4CywQUBL2HDohAV9XLQsT42u6MnllkeNMHMJJ0JyhPfNEv7EA48hgrxq1p9DyvmLhvFZiu+3aH7qYtzjGFrpJTJyvpklN56fICDCJiUvuOLuEsrKxAQL68/b9O0JWG02b79lrQIDAQAB",
"format": "X.509",
"key": {
"@class": "sun.security.util.BitArray"
},
"modulus": [
"java.math.BigInteger",
17924774429916734930672007091861081652017273180720972612484972746691291345234206601372084661113265232125242056272330489356535884041408988693530195505707114813808539391516559905312290095614855100702755964088498718380345505297797303539867946099380089435992417822155236419337158665744822280573498055319007542996548213635420853672738637239343862282200563445468560114559911944645573981661468548565194856671233583877339384788908818555419082362898376230040794596859961796806426186597262198049779298036891881010483837489271306914017237322376977095756350989901483085748669416513609660315534182035872843233867651602153218205101
],
"params": null,
"publicExponent": [
"java.math.BigInteger",
65537
]
}
},
"serialNumber": {
"@class": "sun.security.x509.CertificateSerialNumber",
"serial": {
"@class": "sun.security.x509.SerialNumber",
"number": [
"java.math.BigInteger",
23095073375487256264248254573989370983424829728
]
}
},
"subject": {
"@class": "sun.security.x509.X500Name",
"DNQualifier": null,
"IP": null,
"RFC1779Name": "CN=localhost, O=Example, ST=Some-State, C=DE",
"RFC2253CanonicalName": "cn=localhost,o=example,st=some-state,c=de",
"RFC2253Name": "CN=localhost,O=Example,ST=Some-State,C=DE",
"commonName": "localhost",
"country": "DE",
"domain": null,
"empty": false,
"encoded": "MEgxCzAJBgNVBAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3Q=",
"encodedInternal": "MEgxCzAJBgNVBAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3Q=",
"generation": null,
"givenName": null,
"initials": null,
"locality": null,
"name": "CN=localhost, O=Example, ST=Some-State, C=DE",
"organization": "Example",
"organizationalUnit": null,
"state": "Some-State",
"surname": null,
"type": 4
},
"subjectUniqueId": null,
"validity": {
"@class": "sun.security.x509.CertificateValidity",
"notAfter": [
"java.util.Date",
1795690361000
],
"notBefore": [
"java.util.Date",
1764154361000
]
},
"version": {
"@class": "sun.security.x509.CertificateVersion",
"version": 2
}
},
"issuerAlternativeNameExtension": null,
"issuerAlternativeNames": null,
"issuerDN": {
"@class": "sun.security.x509.X500Name",
"DNQualifier": null,
"IP": null,
"RFC1779Name": "CN=localhost, O=Example, ST=Some-State, C=DE",
"RFC2253CanonicalName": "cn=localhost,o=example,st=some-state,c=de",
"RFC2253Name": "CN=localhost,O=Example,ST=Some-State,C=DE",
"commonName": "localhost",
"country": "DE",
"domain": null,
"empty": false,
"encoded": "MEgxCzAJBgNVBAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3Q=",
"encodedInternal": "MEgxCzAJBgNVBAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3Q=",
"generation": null,
"givenName": null,
"initials": null,
"locality": null,
"name": "CN=localhost, O=Example, ST=Some-State, C=DE",
"organization": "Example",
"organizationalUnit": null,
"state": "Some-State",
"surname": null,
"type": 4
},
"issuerUniqueID": null,
"issuerX500Principal": {
"encoded": "MEgxCzAJBgNVBAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3Q=",
"name": "CN=localhost,O=Example,ST=Some-State,C=DE"
},
"keyUsage": null,
"nameConstraintsExtension": null,
"nonCriticalExtensionOIDs": [
"java.util.TreeSet",
[
"2.5.29.14",
"2.5.29.35"
]
],
"notAfter": [
"java.util.Date",
1795690361000
],
"notBefore": [
"java.util.Date",
1764154361000
],
"policyConstraintsExtension": null,
"policyMappingsExtension": null,
"privateKeyUsageExtension": null,
"publicKey": {
"@class": "sun.security.rsa.RSAPublicKeyImpl",
"algorithm": "RSA",
"algorithmId": {
"@class": "sun.security.x509.AlgorithmId",
"OID": {},
"encodedParams": null,
"name": "RSA",
"parameters": null
},
"encoded": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjf3XLNogJFHaBMJ1XiF7k/RAJV50EtcbzklmCqu1XuvLe9QvYF9eFP2yj7p2qClkUGQwbsfkp4+cWgDQvbd0FNXCBtzd75X0am2lb4UCKne8zmz2z6OZj4oErat8ja5KjdiqfgJlPO7ofnnojaHO+8mNhcytaf9z8dmxu/D80k/y4RL+AR4W2vQyEqa0wYhj9RKd/S4synKtcYVZ4CywQUBL2HDohAV9XLQsT42u6MnllkeNMHMJJ0JyhPfNEv7EA48hgrxq1p9DyvmLhvFZiu+3aH7qYtzjGFrpJTJyvpklN56fICDCJiUvuOLuEsrKxAQL68/b9O0JWG02b79lrQIDAQAB",
"format": "X.509",
"key": {
"@class": "sun.security.util.BitArray"
},
"modulus": [
"java.math.BigInteger",
17924774429916734930672007091861081652017273180720972612484972746691291345234206601372084661113265232125242056272330489356535884041408988693530195505707114813808539391516559905312290095614855100702755964088498718380345505297797303539867946099380089435992417822155236419337158665744822280573498055319007542996548213635420853672738637239343862282200563445468560114559911944645573981661468548565194856671233583877339384788908818555419082362898376230040794596859961796806426186597262198049779298036891881010483837489271306914017237322376977095756350989901483085748669416513609660315534182035872843233867651602153218205101
],
"params": null,
"publicExponent": [
"java.math.BigInteger",
65537
]
},
"serialNumber": [
"java.math.BigInteger",
23095073375487256264248254573989370983424829728
],
"serialNumberObject": {
"@class": "sun.security.x509.SerialNumber",
"number": [
"java.math.BigInteger",
23095073375487256264248254573989370983424829728
]
},
"sigAlg": {
"@class": "sun.security.x509.AlgorithmId",
"OID": {},
"encodedParams": null,
"name": "SHA256withRSA",
"parameters": null
},
"sigAlgName": "SHA256withRSA",
"sigAlgOID": "1.2.840.113549.1.1.11",
"sigAlgParams": null,
"signature": "ML6ocgQc0Clm50uJm6fFEjykpP6MCXJzj15Vuh+VeV/jiTabIJANmtYPo0MlmJ6s3KpWTVFfs9eVfhYaPY0NdaebYUTSU55elDbZV6G8Vp1dIcbYE5jiBiqj1k7GwZDBwtj/1DLqTqsCP/E9UkUArRyU7YakQiOT9P/HBs20Oxla5AYZWIlEGvrxGvx1JCmLitki3mMdp062ljWSL+TH/tkzEKukLuNyyTBLKXMXZ5qBx7xWc3IS6hoY5clBuDEmJHOl3C45IvJsNpo2avzHNMNd1MHSD2I+lT1Utf0KzGwBjigCNxGqMmu486N2kinv7Iu9jPLjvACtwLgnDB2Aqw==",
"subjectAlternativeNameExtension": null,
"subjectAlternativeNames": null,
"subjectDN": {
"@class": "sun.security.x509.X500Name",
"DNQualifier": null,
"IP": null,
"RFC1779Name": "CN=localhost, O=Example, ST=Some-State, C=DE",
"RFC2253CanonicalName": "cn=localhost,o=example,st=some-state,c=de",
"RFC2253Name": "CN=localhost,O=Example,ST=Some-State,C=DE",
"commonName": "localhost",
"country": "DE",
"domain": null,
"empty": false,
"encoded": "MEgxCzAJBgNVBAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3Q=",
"encodedInternal": "MEgxCzAJBgNVBAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3Q=",
"generation": null,
"givenName": null,
"initials": null,
"locality": null,
"name": "CN=localhost, O=Example, ST=Some-State, C=DE",
"organization": "Example",
"organizationalUnit": null,
"state": "Some-State",
"surname": null,
"type": 4
},
"subjectKeyId": {
"@class": "sun.security.x509.KeyIdentifier",
"identifier": "c1ZyJ/TPMfOaA9UBUi6PrgOghc8="
},
"subjectKeyIdentifierExtension": {
"@class": "sun.security.x509.SubjectKeyIdentifierExtension",
"critical": false,
"extensionId": {},
"extensionValue": "BBRzVnIn9M8x85oD1QFSLo+uA6CFzw==",
"id": "2.5.29.14",
"keyIdentifier": {
"@class": "sun.security.x509.KeyIdentifier",
"identifier": "c1ZyJ/TPMfOaA9UBUi6PrgOghc8="
},
"name": "SubjectKeyIdentifier",
"value": "BBRzVnIn9M8x85oD1QFSLo+uA6CFzw=="
},
"subjectUniqueID": null,
"subjectX500Principal": {
"encoded": "MEgxCzAJBgNVBAYTAkRFMRMwEQYDVQQIDApTb21lLVN0YXRlMRAwDgYDVQQKDAdFeGFtcGxlMRIwEAYDVQQDDAlsb2NhbGhvc3Q=",
"name": "CN=localhost,O=Example,ST=Some-State,C=DE"
},
"type": "X.509",
"version": 3
},
"details": {
"@class": "org.springframework.security.web.authentication.WebAuthenticationDetails",
"remoteAddress": "0:0:0:0:0:0:0:1",
"sessionId": null
},
"principal": {
"@class": "org.springframework.security.core.userdetails.User",
"accountNonExpired": true,
"accountNonLocked": true,
"authorities": [
"java.util.Collections$UnmodifiableSet",
[
{
"@class": "org.springframework.security.core.authority.SimpleGrantedAuthority",
"authority": "USER"
}
]
],
"credentialsNonExpired": true,
"enabled": true,
"password": null,
"username": "localhost"
}
}
""";
var mapper2 = new com.fasterxml.jackson.databind.ObjectMapper();
var node2 = mapper2.readTree(json);
var mapper3 = tools.jackson.databind.json.JsonMapper.builder().build();
var node3 = mapper3.readTree(json);
assertDoesNotThrow(() -> node2.get("credentials").asText());
assertDoesNotThrow(() -> node3.get("credentials").stringValue()); // This fails
}