This is an automated email from the ASF dual-hosted git repository.
albumenj pushed a commit to branch 3.3
in repository https://gitbox.apache.org/repos/asf/dubbo.git
The following commit(s) were added to refs/heads/3.3 by this push:
new 7fa6695e61 fix spring OAuth2 class serialize (#15414)
7fa6695e61 is described below
commit 7fa6695e61ef0cd3f781b5d2c666e338ba8ebcae
Author: wzkris <[email protected]>
AuthorDate: Tue Jun 24 15:52:39 2025 +0800
fix spring OAuth2 class serialize (#15414)
* fix spring OAuth2 class serialize
* rollback cluster pom edit
* format code
* ensure compile normally if not import Spring-Authorization-Server
* Update pom.xml
---------
Co-authored-by: zrlw <[email protected]>
---
dubbo-plugin/dubbo-spring-security/pom.xml | 7 ++
.../spring/security/jackson/ObjectMapperCodec.java | 7 ++
.../oauth2/AuthorizationGrantTypeMixin.java | 36 ++++++++
.../oauth2/BearerTokenAuthenticationMixin.java | 44 ++++++++++
.../oauth2/ClientAuthenticationMethodMixin.java | 36 ++++++++
.../security/oauth2/ClientSettingsMixin.java | 38 +++++++++
.../oauth2/OAuth2AuthenticatedPrincipalMixin.java | 43 ++++++++++
.../OAuth2ClientAuthenticationTokenMixin.java | 44 ++++++++++
.../security/oauth2/OAuth2SecurityModule.java | 96 ++++++++++++++++++++++
.../security/oauth2/RegisteredClientMixin.java | 56 +++++++++++++
.../spring/security/oauth2/TokenSettingsMixin.java | 38 +++++++++
.../oauth2/UnmodifiableCollectionMixin.java | 37 +++++++++
.../security/jackson/ObjectMapperCodecTest.java | 67 +++++++++++++++
13 files changed, 549 insertions(+)
diff --git a/dubbo-plugin/dubbo-spring-security/pom.xml
b/dubbo-plugin/dubbo-spring-security/pom.xml
index ba5f1ad86c..5d577ea558 100644
--- a/dubbo-plugin/dubbo-spring-security/pom.xml
+++ b/dubbo-plugin/dubbo-spring-security/pom.xml
@@ -29,6 +29,7 @@
<properties>
<skip_maven_deploy>false</skip_maven_deploy>
+ <spring.oauth2.server>1.5.1</spring.oauth2.server>
</properties>
<dependencies>
@@ -65,6 +66,12 @@
<optional>true</optional>
</dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-oauth2-authorization-server</artifactId>
+ <version>${spring.oauth2.server}</version>
+ <optional>true</optional>
+ </dependency>
<!-- spring security -->
<!-- jackson -->
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/jackson/ObjectMapperCodec.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/jackson/ObjectMapperCodec.java
index f85e182e36..7c8cb06af8 100644
---
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/jackson/ObjectMapperCodec.java
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/jackson/ObjectMapperCodec.java
@@ -21,16 +21,19 @@ import org.apache.dubbo.common.logger.ErrorTypeAwareLogger;
import org.apache.dubbo.common.logger.LoggerFactory;
import org.apache.dubbo.common.utils.ClassUtils;
import org.apache.dubbo.common.utils.StringUtils;
+import org.apache.dubbo.spring.security.oauth2.OAuth2SecurityModule;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
import java.util.function.Consumer;
+import com.fasterxml.jackson.databind.Module;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.module.SimpleModule;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import org.springframework.security.jackson2.CoreJackson2Module;
+import org.springframework.security.jackson2.SecurityJackson2Modules;
public class ObjectMapperCodec {
@@ -101,6 +104,10 @@ public class ObjectMapperCodec {
private void registerDefaultModule() {
mapper.registerModule(new CoreJackson2Module());
mapper.registerModule(new JavaTimeModule());
+ mapper.registerModule(new OAuth2SecurityModule());
+ List<Module> securityModules =
+
SecurityJackson2Modules.getModules(this.getClass().getClassLoader());
+ mapper.registerModules(securityModules);
List<String> jacksonModuleClassNameList = new ArrayList<>();
jacksonModuleClassNameList.add(
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/AuthorizationGrantTypeMixin.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/AuthorizationGrantTypeMixin.java
new file mode 100644
index 0000000000..724e8efa54
--- /dev/null
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/AuthorizationGrantTypeMixin.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@JsonAutoDetect(
+ fieldVisibility = JsonAutoDetect.Visibility.ANY,
+ getterVisibility = JsonAutoDetect.Visibility.NONE,
+ isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+ creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class AuthorizationGrantTypeMixin {
+
+ @JsonCreator
+ public AuthorizationGrantTypeMixin(@JsonProperty("value") String value) {}
+}
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/BearerTokenAuthenticationMixin.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/BearerTokenAuthenticationMixin.java
new file mode 100644
index 0000000000..ca2d80f5f9
--- /dev/null
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/BearerTokenAuthenticationMixin.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import java.util.Collection;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
+
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@JsonAutoDetect(
+ fieldVisibility = JsonAutoDetect.Visibility.ANY,
+ getterVisibility = JsonAutoDetect.Visibility.NONE,
+ isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+ creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class BearerTokenAuthenticationMixin {
+
+ @JsonCreator
+ public BearerTokenAuthenticationMixin(
+ @JsonProperty("principal") OAuth2AuthenticatedPrincipal principal,
+ @JsonProperty("credentials") OAuth2AccessToken credentials,
+ @JsonProperty("authorities") Collection<? extends
GrantedAuthority> authorities) {}
+}
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/ClientAuthenticationMethodMixin.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/ClientAuthenticationMethodMixin.java
new file mode 100644
index 0000000000..4d43671357
--- /dev/null
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/ClientAuthenticationMethodMixin.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@JsonAutoDetect(
+ fieldVisibility = JsonAutoDetect.Visibility.ANY,
+ getterVisibility = JsonAutoDetect.Visibility.NONE,
+ isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+ creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class ClientAuthenticationMethodMixin {
+
+ @JsonCreator
+ public ClientAuthenticationMethodMixin(@JsonProperty("value") String
value) {}
+}
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/ClientSettingsMixin.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/ClientSettingsMixin.java
new file mode 100644
index 0000000000..4ca8dae66b
--- /dev/null
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/ClientSettingsMixin.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import java.util.Map;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@JsonAutoDetect(
+ fieldVisibility = JsonAutoDetect.Visibility.ANY,
+ getterVisibility = JsonAutoDetect.Visibility.NONE,
+ isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+ creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class ClientSettingsMixin {
+
+ @JsonCreator
+ public ClientSettingsMixin(@JsonProperty("settings") Map<String, Object>
settings) {}
+}
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/OAuth2AuthenticatedPrincipalMixin.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/OAuth2AuthenticatedPrincipalMixin.java
new file mode 100644
index 0000000000..8626a6e7f9
--- /dev/null
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/OAuth2AuthenticatedPrincipalMixin.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import java.util.Collection;
+import java.util.Map;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import org.springframework.security.core.GrantedAuthority;
+
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@JsonAutoDetect(
+ fieldVisibility = JsonAutoDetect.Visibility.ANY,
+ getterVisibility = JsonAutoDetect.Visibility.NONE,
+ isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+ creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class OAuth2AuthenticatedPrincipalMixin {
+
+ @JsonCreator
+ public OAuth2AuthenticatedPrincipalMixin(
+ @JsonProperty("name") String name,
+ @JsonProperty("attributes") Map<String, Object> attributes,
+ @JsonProperty("authorities") Collection<? extends
GrantedAuthority> authorities) {}
+}
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/OAuth2ClientAuthenticationTokenMixin.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/OAuth2ClientAuthenticationTokenMixin.java
new file mode 100644
index 0000000000..b864fa0d41
--- /dev/null
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/OAuth2ClientAuthenticationTokenMixin.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import java.util.Map;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import org.springframework.lang.Nullable;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@JsonAutoDetect(
+ fieldVisibility = JsonAutoDetect.Visibility.ANY,
+ getterVisibility = JsonAutoDetect.Visibility.NONE,
+ isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+ creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class OAuth2ClientAuthenticationTokenMixin {
+
+ @JsonCreator
+ public OAuth2ClientAuthenticationTokenMixin(
+ @JsonProperty("clientId") String clientId,
+ @JsonProperty("clientAuthenticationMethod")
ClientAuthenticationMethod clientAuthenticationMethod,
+ @JsonProperty("credentials") @Nullable Object credentials,
+ @JsonProperty("additionalParameters") @Nullable Map<String,
Object> additionalParameters) {}
+}
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/OAuth2SecurityModule.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/OAuth2SecurityModule.java
new file mode 100644
index 0000000000..93be4aef61
--- /dev/null
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/OAuth2SecurityModule.java
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import org.apache.dubbo.common.utils.ClassUtils;
+
+import java.util.ArrayList;
+import java.util.Collections;
+
+import com.fasterxml.jackson.databind.module.SimpleModule;
+
+public class OAuth2SecurityModule extends SimpleModule {
+
+ public OAuth2SecurityModule() {
+ super(OAuth2SecurityModule.class.getName());
+ }
+
+ @Override
+ public void setupModule(SetupContext context) {
+ setMixInAnnotations(
+ context,
+
"org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal",
+
"org.apache.dubbo.spring.security.oauth2.OAuth2AuthenticatedPrincipalMixin");
+ setMixInAnnotations(
+ context,
+
"org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal",
+
"org.apache.dubbo.spring.security.oauth2.OAuth2AuthenticatedPrincipalMixin");
+ setMixInAnnotations(
+ context,
+
"org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication",
+
"org.apache.dubbo.spring.security.oauth2.BearerTokenAuthenticationMixin");
+ setMixInAnnotations(
+ context,
+
"org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken",
+
"org.apache.dubbo.spring.security.oauth2.OAuth2ClientAuthenticationTokenMixin");
+ setMixInAnnotations(
+ context,
+
"org.springframework.security.oauth2.core.ClientAuthenticationMethod",
+ ClientAuthenticationMethodMixin.class);
+ setMixInAnnotations(
+ context,
+
"org.springframework.security.oauth2.server.authorization.client.RegisteredClient",
+
"org.apache.dubbo.spring.security.oauth2.RegisteredClientMixin");
+ setMixInAnnotations(
+ context,
+
"org.springframework.security.oauth2.core.AuthorizationGrantType",
+ AuthorizationGrantTypeMixin.class);
+ setMixInAnnotations(
+ context,
+
"org.springframework.security.oauth2.server.authorization.settings.ClientSettings",
+ ClientSettingsMixin.class);
+ setMixInAnnotations(
+ context,
+
"org.springframework.security.oauth2.server.authorization.settings.TokenSettings",
+ TokenSettingsMixin.class);
+ context.setMixInAnnotations(
+ Collections.unmodifiableCollection(new
ArrayList<>()).getClass(), UnmodifiableCollectionMixin.class);
+ }
+
+ private void setMixInAnnotations(SetupContext context, String
oauth2ClassName, String mixinClassName) {
+ Class<?> oauth2Class = loadClassIfPresent(oauth2ClassName);
+ if (oauth2Class != null) {
+ context.setMixInAnnotations(oauth2Class,
loadClassIfPresent(mixinClassName));
+ }
+ }
+
+ private void setMixInAnnotations(SetupContext context, String
oauth2ClassName, Class<?> mixinClass) {
+ Class<?> oauth2Class = loadClassIfPresent(oauth2ClassName);
+ if (oauth2Class != null) {
+ context.setMixInAnnotations(oauth2Class, mixinClass);
+ }
+ }
+
+ private Class<?> loadClassIfPresent(String oauth2ClassName) {
+ try {
+ return ClassUtils.forName(oauth2ClassName,
OAuth2SecurityModule.class.getClassLoader());
+
+ } catch (Throwable ignored) {
+ }
+ return null;
+ }
+}
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/RegisteredClientMixin.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/RegisteredClientMixin.java
new file mode 100644
index 0000000000..d8c4e97872
--- /dev/null
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/RegisteredClientMixin.java
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import java.time.Instant;
+import java.util.Set;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+import
org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
+import
org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
+
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@JsonAutoDetect(
+ fieldVisibility = JsonAutoDetect.Visibility.ANY,
+ getterVisibility = JsonAutoDetect.Visibility.NONE,
+ isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+ creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class RegisteredClientMixin {
+
+ @JsonCreator
+ public RegisteredClientMixin(
+ @JsonProperty("id") String id,
+ @JsonProperty("clientId") String clientId,
+ @JsonProperty("clientIdIssuedAt") Instant clientIdIssuedAt,
+ @JsonProperty("clientSecret") String clientSecret,
+ @JsonProperty("clientSecretExpiresAt") Instant
clientSecretExpiresAt,
+ @JsonProperty("clientName") String clientName,
+ @JsonProperty("clientAuthenticationMethods")
Set<ClientAuthenticationMethod> clientAuthenticationMethods,
+ @JsonProperty("authorizationGrantTypes")
Set<AuthorizationGrantType> authorizationGrantTypes,
+ @JsonProperty("redirectUris") Set<String> redirectUris,
+ @JsonProperty("postLogoutRedirectUris") Set<String>
postLogoutRedirectUris,
+ @JsonProperty("scopes") Set<String> scopes,
+ @JsonProperty("clientSettings") ClientSettings clientSettings,
+ @JsonProperty("tokenSettings") TokenSettings tokenSettings) {}
+}
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/TokenSettingsMixin.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/TokenSettingsMixin.java
new file mode 100644
index 0000000000..093f68e7fb
--- /dev/null
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/TokenSettingsMixin.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import java.util.Map;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@JsonAutoDetect(
+ fieldVisibility = JsonAutoDetect.Visibility.ANY,
+ getterVisibility = JsonAutoDetect.Visibility.NONE,
+ isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+ creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class TokenSettingsMixin {
+
+ @JsonCreator
+ public TokenSettingsMixin(@JsonProperty("settings") Map<String, Object>
settings) {}
+}
diff --git
a/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/UnmodifiableCollectionMixin.java
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/UnmodifiableCollectionMixin.java
new file mode 100644
index 0000000000..1c1097b659
--- /dev/null
+++
b/dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/UnmodifiableCollectionMixin.java
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import
org.apache.dubbo.spring.security.oauth2.UnmodifiableCollectionMixin.UnmodifiableCollectionConverter;
+
+import java.util.Collection;
+import java.util.Collections;
+
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import com.fasterxml.jackson.databind.util.StdConverter;
+
+@JsonDeserialize(converter = UnmodifiableCollectionConverter.class)
+abstract class UnmodifiableCollectionMixin {
+
+ public static class UnmodifiableCollectionConverter extends
StdConverter<Collection<Object>, Collection<Object>> {
+
+ @Override
+ public Collection<Object> convert(Collection<Object> value) {
+ return Collections.unmodifiableCollection(value);
+ }
+ }
+}
diff --git
a/dubbo-plugin/dubbo-spring-security/src/test/java/org/apache/dubbo/spring/security/jackson/ObjectMapperCodecTest.java
b/dubbo-plugin/dubbo-spring-security/src/test/java/org/apache/dubbo/spring/security/jackson/ObjectMapperCodecTest.java
index ea2d613ec6..96b93bc4ed 100644
---
a/dubbo-plugin/dubbo-spring-security/src/test/java/org/apache/dubbo/spring/security/jackson/ObjectMapperCodecTest.java
+++
b/dubbo-plugin/dubbo-spring-security/src/test/java/org/apache/dubbo/spring/security/jackson/ObjectMapperCodecTest.java
@@ -18,14 +18,24 @@ package org.apache.dubbo.spring.security.jackson;
import java.time.Duration;
import java.time.Instant;
+import java.util.Collections;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import
org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+import
org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType;
+import
org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
+import
org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
+import
org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
+import
org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
+import
org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
+import
org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
public class ObjectMapperCodecTest {
@@ -44,6 +54,63 @@ public class ObjectMapperCodecTest {
Assertions.assertNotNull(deserialize);
}
+ @Test
+ public void bearerTokenAuthenticationTest() {
+ BearerTokenAuthentication bearerTokenAuthentication = new
BearerTokenAuthentication(
+ new DefaultOAuth2AuthenticatedPrincipal(
+ "principal-name",
+ Collections.singletonMap("name", "kali"),
+ Collections.singleton(new
SimpleGrantedAuthority("1"))),
+ new OAuth2AccessToken(TokenType.BEARER, "111", Instant.MIN,
Instant.MAX),
+ Collections.emptyList());
+ String content = mapper.serialize(bearerTokenAuthentication);
+
+ BearerTokenAuthentication deserialize =
mapper.deserialize(content.getBytes(), BearerTokenAuthentication.class);
+
+ Assertions.assertNotNull(deserialize);
+ }
+
+ @Test
+ public void oAuth2ClientAuthenticationTokenTest() {
+ OAuth2ClientAuthenticationToken oAuth2ClientAuthenticationToken = new
OAuth2ClientAuthenticationToken(
+ "client-id", ClientAuthenticationMethod.CLIENT_SECRET_POST,
"111", Collections.emptyMap());
+
+ String content = mapper.serialize(oAuth2ClientAuthenticationToken);
+
+ OAuth2ClientAuthenticationToken deserialize =
+ mapper.deserialize(content.getBytes(),
OAuth2ClientAuthenticationToken.class);
+
+ Assertions.assertNotNull(deserialize);
+ }
+
+ @Test
+ public void registeredClientTest() {
+ RegisteredClient registeredClient = RegisteredClient.withId("id")
+ .clientId("client-id")
+ .clientName("client-name")
+
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
+ .redirectUri("https://example.com";)
+
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_JWT)
+ .clientSecret("client-secret")
+ .clientIdIssuedAt(Instant.MIN)
+ .clientSecretExpiresAt(Instant.MAX)
+ .tokenSettings(TokenSettings.builder()
+ .accessTokenFormat(OAuth2TokenFormat.REFERENCE)
+ .accessTokenTimeToLive(Duration.ofSeconds(1000))
+ .build())
+ .clientSettings(ClientSettings.builder()
+ .setting("name", "value")
+ .requireProofKey(true)
+ .build())
+ .build();
+
+ String content = mapper.serialize(registeredClient);
+
+ RegisteredClient deserialize = mapper.deserialize(content.getBytes(),
RegisteredClient.class);
+
+ Assertions.assertNotNull(deserialize);
+ }
+
public static ClientRegistration.Builder clientRegistration() {
// @formatter:off
return ClientRegistration.withRegistrationId("registration-id")
