fix: U…Credentials bean-introspection-module=false

Suppor serialization of UsernamePasswordCredentials for jackson.bean-introspection-module=false

security/src/main/java/io/micronaut/security/authentication/UsernamePasswordCredentials.java

@@ -15,6 +15,7 @@
  */
 package io.micronaut.security.authentication;
 
+import io.micronaut.core.annotation.Creator;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.serde.annotation.Serdeable;
 import jakarta.validation.constraints.NotBlank;
@@ -41,11 +42,18 @@ public class UsernamePasswordCredentials implements Serializable, Authentication
      * @param username e.g. admin
      * @param password raw password
      */
+    @Creator
     public UsernamePasswordCredentials(@Nullable String username, @Nullable String password) {
         this.username = username;
         this.password = password;
     }
 
+    /**
+     * Default constructor.
+     */
+    public UsernamePasswordCredentials() {
+    }
+
     /**
      * username getter.
      * @return e.g. admin

settings.gradle

@@ -36,7 +36,7 @@ include "test-suite-aot"
 include "test-suite-aot-authserver"
 include "test-suite-serde"
 include "test-suite-ldap"
-
+include "test-suite-jackson-databind-bean-introspection-module-false"
 enableFeaturePreview 'TYPESAFE_PROJECT_ACCESSORS'
 
 micronautBuild {

test-suite-jackson-databind-bean-introspection-module-false/build.gradle.kts

@@ -0,0 +1,20 @@
+plugins {
+    id("java-library")
+    id("io.micronaut.build.internal.security-tests")
+}
+dependencies {
+    testAnnotationProcessor(mn.micronaut.inject.java)
+    testImplementation(libs.junit.jupiter.api)
+    testImplementation(mnTest.micronaut.test.junit5)
+    testRuntimeOnly(libs.junit.jupiter.engine)
+
+    testRuntimeOnly(mnLogging.logback.classic)
+    testImplementation(projects.micronautSecurity)
+    testImplementation(projects.micronautSecurityJwt)
+    testImplementation(mn.micronaut.http.client)
+    testImplementation(mn.micronaut.http.server.netty)
+    testImplementation(mn.micronaut.jackson.databind)
+}
+tasks.withType<Test> {
+    useJUnitPlatform()
+}

test-suite-jackson-databind-bean-introspection-module-false/src/test/java/io/micronaut/security/jacksondatabind/beanintrospectionfalse/UsernamePasswordCredentialsBeanIntrospectionModuleFalseTest.java

@@ -0,0 +1,40 @@
+package io.micronaut.security.jacksondatabind.beanintrospectionfalse;
+
+import io.micronaut.context.annotation.Property;
+import io.micronaut.context.annotation.Requires;
+import io.micronaut.core.util.StringUtils;
+import io.micronaut.http.HttpRequest;
+import io.micronaut.http.client.BlockingHttpClient;
+import io.micronaut.http.client.HttpClient;
+import io.micronaut.http.client.annotation.Client;
+import io.micronaut.security.authentication.AuthenticationRequest;
+import io.micronaut.security.authentication.AuthenticationResponse;
+import io.micronaut.security.authentication.provider.HttpRequestAuthenticationProvider;
+import io.micronaut.test.extensions.junit5.annotation.MicronautTest;
+import jakarta.inject.Singleton;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+
+@Property(name = "jackson.bean-introspection-module", value = StringUtils.FALSE)
+@Property(name = "micronaut.security.token.jwt.signatures.secret.generator.secret", value = "pleaseChangeThisSecretForANewOne")
+@Property(name = "micronaut.security.authentication", value = "bearer")
+@Property(name = "spec.name", value = "UsernamePasswordCredentialsBeanIntrospectionModuleFalseTest")
+@MicronautTest
+class UsernamePasswordCredentialsBeanIntrospectionModuleFalseTest {
+
+    @Test
+    void testUsernamePasswordCredentialsDeserializationIfBeanIntrospectionModuleFalse(@Client("/")HttpClient httpClient) {
+        BlockingHttpClient client = httpClient.toBlocking();
+        assertDoesNotThrow(() -> client.exchange(HttpRequest.POST("/login", "{\"username\":\"sherlock\",\"password\":\"password\"}")));
+    }
+
+    @Requires(property = "spec.name", value = "UsernamePasswordCredentialsBeanIntrospectionModuleFalseTest")
+    @Singleton
+    static class CustomAuthenticationProvider<B> implements HttpRequestAuthenticationProvider<B> {
+        @Override
+        public AuthenticationResponse authenticate(HttpRequest<B> requestContext, AuthenticationRequest<String, String> authRequest) {
+            return AuthenticationResponse.success("sherlock");
+        }
+    }
+}

test-suite-jackson-databind-bean-introspection-module-false/src/test/java/io/micronaut/security/jacksondatabind/beanintrospectionfalse/UsernamePasswordCredentialsTest.java

@@ -0,0 +1,41 @@
+package io.micronaut.security.jacksondatabind.beanintrospectionfalse;
+
+import io.micronaut.context.annotation.Property;
+import io.micronaut.context.annotation.Requires;
+import io.micronaut.core.util.StringUtils;
+import io.micronaut.http.HttpRequest;
+import io.micronaut.http.client.BlockingHttpClient;
+import io.micronaut.http.client.HttpClient;
+import io.micronaut.http.client.annotation.Client;
+import io.micronaut.security.authentication.AuthenticationRequest;
+import io.micronaut.security.authentication.AuthenticationResponse;
+import io.micronaut.security.authentication.provider.HttpRequestAuthenticationProvider;
+import io.micronaut.test.extensions.junit5.annotation.MicronautTest;
+import jakarta.inject.Singleton;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+
+@Property(name = "micronaut.security.token.jwt.signatures.secret.generator.secret", value = "pleaseChangeThisSecretForANewOne")
+@Property(name = "micronaut.security.authentication", value = "bearer")
+@Property(name = "spec.name", value = "UsernamePasswordCredentialsTest")
+@MicronautTest
+class UsernamePasswordCredentialsTest {
+
+    @Test
+    void testUsernamePasswordCredentialsDeserializationIfBeanIntrospectionModuleFalse(@Client("/") HttpClient httpClient) {
+        BlockingHttpClient client = httpClient.toBlocking();
+        String json = """
+                {"username":"sherlock","password":"password"}""";
+        assertDoesNotThrow(() -> client.exchange(HttpRequest.POST("/login", json)));
+    }
+
+    @Requires(property = "spec.name", value = "UsernamePasswordCredentialsTest")
+    @Singleton
+    static class CustomAuthenticationProvider<B> implements HttpRequestAuthenticationProvider<B> {
+        @Override
+        public AuthenticationResponse authenticate(HttpRequest<B> requestContext, AuthenticationRequest<String, String> authRequest) {
+            return AuthenticationResponse.success("sherlock");
+        }
+    }
+}

test-suite-jackson-databind-bean-introspection-module-false/src/test/resources/logback.xml

@@ -0,0 +1,11 @@
+<configuration>
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+    </appender>
+    <root level="info">
+        <appender-ref ref="STDOUT" />
+    </root>
+    <logger name="io.micronaut.http.client" level="TRACE"/>
+</configuration>