Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #15749

Closed
tanis138 opened this issue Sep 6, 2024 · 2 comments
Closed

SecurityJackson2Modules.getModules(): Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module #15749

tanis138 opened this issue Sep 6, 2024 · 2 comments
Assignees
@marcusdacoregio
Labels
in: cas An issue in spring-security-cas type: bug A general bug
Milestone
5.8.15

Comments

@tanis138
Copy link

tanis138 commented Sep 6, 2024

Describe the bug
CAS support was removed in Sping Security 6: #10441
But there's a small bug that appears in Spring Security debug logs when adding SecurityJackson2Modules to Jackson ObjectMapper.

To Reproduce

  1. Enable logging.level.org.springframework.security=DEBUG
  2. Add SecurityJackson2Modules.getModules() to ObjectMapper
 final var objectMapper = JsonMapper.builder()
    .addModules(SecurityJackson2Modules.getModules(this.loader))
    .build();
  1. You will see error in logs:
 | DEBUG | .s.s.j.SecurityJackson2Modules: 134 | Cannot load module org.springframework.security.cas.jackson2.CasJackson2Module
java.lang.ClassNotFoundException: org.springframework.security.cas.jackson2.CasJackson2Module
	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
	at java.base/java.lang.Class.forName0(Native Method)
	at java.base/java.lang.Class.forName(Class.java:534)
	at java.base/java.lang.Class.forName(Class.java:513)
	at org.springframework.util.ClassUtils.forName(ClassUtils.java:304)
	at org.springframework.security.jackson2.SecurityJackson2Modules.loadAndGetInstance(SecurityJackson2Modules.java:127)
	at org.springframework.security.jackson2.SecurityJackson2Modules.addToModulesList(SecurityJackson2Modules.java:172)
	at org.springframework.security.jackson2.SecurityJackson2Modules.getModules(SecurityJackson2Modules.java:146)

Expected behavior
No exceptions in logs

To fix
Remove CasJackson2Module from org.springframework.security.jackson2.SecurityJackson2Modules#securityJackson2ModuleClasses

	private static final List<String> securityJackson2ModuleClasses = Arrays.asList(
			"org.springframework.security.jackson2.CoreJackson2Module",
			"org.springframework.security.cas.jackson2.CasJackson2Module",
			"org.springframework.security.web.jackson2.WebJackson2Module",
			"org.springframework.security.web.server.jackson2.WebServerJackson2Module");
@tanis138 tanis138 added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Sep 6, 2024
@marcusdacoregio marcusdacoregio self-assigned this Sep 6, 2024
@marcusdacoregio marcusdacoregio removed the status: waiting-for-triage An issue we've not yet triaged label Sep 6, 2024
@marcusdacoregio
Copy link
Contributor

Hi @tanis138, thanks for the report.

CAs support has been removed in 6.0 but re-added in 6.1.
I believe that if there is no spring-security-cas module then it should refrain from trying to register its module. I'll take a look at this.

@marcusdacoregio marcusdacoregio added the in: cas An issue in spring-security-cas label Sep 6, 2024
@tanis138
Copy link
Author

tanis138 commented Sep 6, 2024
edited
Loading

CAs support has been removed in 6.0 but re-added in 6.1.

Oh, I see. So, the solution would be like:


pivate static final String casJackson2ModuleClass = "org.springframework.security.cas.jackson2.CasJackson2Module";

private static final boolean casPresent;

static {
    casPresent = ClassUtils.isPresent(casJackson2ModuleClass, classLoader);
}

public static List<Module> getModules(ClassLoader loader) {

    if (casPresent ) {
        addToModulesList(loader, modules, casJackson2ModuleClass );
    }

}

@marcusdacoregio marcusdacoregio added this to the 5.8.15 milestone Sep 9, 2024
@marcusdacoregio marcusdacoregio mentioned this issue Sep 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
in: cas An issue in spring-security-cas type: bug A general bug
Projects
Spring Security Team
Status: No status
Milestone
5.8.15
Development

No branches or pull requests
2 participants
@marcusdacoregio @tanis138