From b8c91b7d0b3ef4c54e09c6a4db273bf208b7956a Mon Sep 17 00:00:00 2001 From: Robin Karlsson Date: Mon, 27 Mar 2023 17:40:17 +0200 Subject: [PATCH] Preserve insertion order for JSON claims --- lib/src/main/java/com/auth0/jwt/JWTCreator.java | 4 ++-- .../test/java/com/auth0/jwt/JWTCreatorTest.java | 14 +++++++++----- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/lib/src/main/java/com/auth0/jwt/JWTCreator.java b/lib/src/main/java/com/auth0/jwt/JWTCreator.java index ece589b1..0b0d21e4 100644 --- a/lib/src/main/java/com/auth0/jwt/JWTCreator.java +++ b/lib/src/main/java/com/auth0/jwt/JWTCreator.java @@ -112,7 +112,7 @@ public Builder withHeader(String headerClaimsJson) throws IllegalArgumentExcepti } try { - Map headerClaims = mapper.readValue(headerClaimsJson, HashMap.class); + Map headerClaims = mapper.readValue(headerClaimsJson, LinkedHashMap.class); return withHeader(headerClaims); } catch (JsonProcessingException e) { throw new IllegalArgumentException("Invalid header JSON", e); @@ -508,7 +508,7 @@ public Builder withPayload(String payloadClaimsJson) throws IllegalArgumentExcep } try { - Map payloadClaims = mapper.readValue(payloadClaimsJson, HashMap.class); + Map payloadClaims = mapper.readValue(payloadClaimsJson, LinkedHashMap.class); return withPayload(payloadClaims); } catch (JsonProcessingException e) { throw new IllegalArgumentException("Invalid payload JSON", e); diff --git a/lib/src/test/java/com/auth0/jwt/JWTCreatorTest.java b/lib/src/test/java/com/auth0/jwt/JWTCreatorTest.java index 1dd1c335..cd26e3ee 100644 --- a/lib/src/test/java/com/auth0/jwt/JWTCreatorTest.java +++ b/lib/src/test/java/com/auth0/jwt/JWTCreatorTest.java @@ -3,7 +3,6 @@ import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.interfaces.ECDSAKeyProvider; import com.auth0.jwt.interfaces.RSAKeyProvider; -import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ObjectNode; import org.junit.Rule; @@ -974,7 +973,7 @@ public void withPayloadShouldSupportJsonValueWithNestedDataStructure() { .sign(Algorithm.HMAC256("secret")); assertThat(jwt, is(notNullValue())); - String[] parts = jwt.split("\\."); + String[] parts = jwt.split("\\.") ; String payloadJson = new String(Base64.getUrlDecoder().decode(parts[1]), StandardCharsets.UTF_8); assertThat(payloadJson, JsonMatcher.hasEntry("stringClaim", stringClaim)); @@ -1014,7 +1013,9 @@ public void shouldCreatePayloadWithNullForList() { @Test public void shouldPreserveInsertionOrder() throws Exception { - List headerInsertionOrder = new ArrayList<>(); + String taxonomyJson = "{\"class\": \"mammalia\", \"order\": \"carnivora\", \"family\": \"canidae\", \"genus\": \"vulpes\"}"; + List taxonomyClaims = Arrays.asList("class", "order", "family", "genus"); + List headerInsertionOrder = new ArrayList<>(taxonomyClaims); Map header = new LinkedHashMap<>(); for (int i = 0; i < 10; i++) { String key = "h" + i; @@ -1022,8 +1023,11 @@ public void shouldPreserveInsertionOrder() throws Exception { headerInsertionOrder.add(key); } - List payloadInsertionOrder = new ArrayList<>(); - JWTCreator.Builder builder = JWTCreator.init().withHeader(header); + List payloadInsertionOrder = new ArrayList<>(taxonomyClaims); + JWTCreator.Builder builder = JWTCreator.init() + .withHeader(taxonomyJson) + .withHeader(header) + .withPayload(taxonomyJson); for (int i = 0; i < 10; i++) { String name = "c" + i; builder = builder.withClaim(name, "v" + i);