The class with java.sql.Timestamp is not whitelisted. #6601
Description
Summary
Hi. In my project i use spring session with redis to store our session and share it. due to reasons we decided to use json serialization instead of jdk serialization. here is configuration for this based on spring session sample app.
@Configuration
public class SessionConfig implements BeanClassLoaderAware {
private ClassLoader loader;
@Bean
public RedisSerializer<Object> springSessionDefaultRedisSerializer() {
return new GenericJackson2JsonRedisSerializer(objectMapper());
}
/**
* Customized {@link ObjectMapper} to add mix-in for class that doesn't have default
* constructors
*
* @return the {@link ObjectMapper} to use
*/
private ObjectMapper objectMapper() {
ObjectMapper mapper = new ObjectMapper();
SecurityJackson2Modules.enableDefaultTyping(mapper);
mapper.registerModules(SecurityJackson2Modules.getModules(this.loader));
return mapper;
}
/*
* (non-Javadoc)
*
* @see
* org.springframework.beans.factory.BeanClassLoaderAware#setBeanClassLoader(java.lang
* .ClassLoader)
*/
@Override
public void setBeanClassLoader(ClassLoader classLoader) {
this.loader = classLoader;
}
}But i get following error.
com.fasterxml.jackson.databind.JsonMappingException: The class with java.sql.Timestamp and name of java.sql.Timestamp is not whitelisted. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"]->org.baharan.framework.model.security.User["lastVisitDate"])
The thing is that lastVisitDate field type is Date. its not Timestamp. i appreciate it if you help me in this. thanks in advance.
Version
Spring Boot 2.1.1.RELEASE