Add Jackson Support for Objects stored in HttpSession

[jeetmp3]

Hi @rwinch sorry it's got delayed. I've created mix-ins to add Jackson support(#3736).
Please review the code and let me know feedback. I've modified some existing classes

1. DefaultSavedRequest added builder class with private constructor
2. WebAuthenticationDetails added one private constructor to exclude HttpServletRequest dependency in Jackson deserialization.
3. CasAuthenticationToken, RememberMeAuthenticationToken, AnonymousAuthenticationToken added new private constructor to ensure keyHash correctly deserialized and added static methods in AbstractAuthenticationToken which helps in constructing these *AuthenticationToken implementations

PS: I havn't update Apache Licence yet. Need your help in updating the same

• I have signed the CLA

[jeetmp3]

Thanks for the feedback!
I've finish all the changes mentioned in comments and also updated Spring Session Redis Sample.

[rwinch]

Thanks for the PR!

This is now merged into master via d77ca17

You will notice a series of commits 8ad0003 that perform some polish on the Pull Request you submitted. If you are able, please review my changes.

[driverpt]

@rwinch , can this be backported to Spring Security?

[rwinch]

@driverpt Spring Security 4.2 will be out very soon, so I don't think we will be back porting it. What version do you want it to be back ported to?

[driverpt]

@rwinch , thanks for the quick reply. I'm currently using the one used in Spring Boot (4.1.1). Is 4.2.0 M1 a good drop-in replacement for 4.1.1 in Spring Boot ?

[rwinch]

@driverpt Yes it is. You can also just copy paste the necessary classes into your project until Spring Security goes GA. Keep in mind we are making a change to how things are done in order to support newer versions of Jackson. See #4073

[driverpt]

Problem is, Spring Boot uses Jackson 2.8.1

[rwinch]

@driverpt Right. See the PR #4078 that works around the related Jackson regression