[
https://issues.apache.org/jira/browse/CXF-6573?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14728108#comment-14728108
]
Karl von Randow commented on CXF-6573:
--------------------------------------
Ah right. Maybe it's possible to have the {{OAuthJSONProvider}} registered as a
provider and used in preference to the other JSON providers, as it only
serialises the classes it recognises... I haven't tried that, as I'm not sure
how the ordering will work. Perhaps the intention is to have it in its own
JAX-RS Application?
Yes, it is possible to use annotations to get the Jackson serialisation to
match {{OAuthJSONProvider}}. I am using a Jackson mix-in to achieve this at the
moment (so please excuse the abstract modifiers, they're a feature of doing
this as a Jackson ObjectMapper mixin):
{code:java}
@JsonInclude(value = Include.NON_NULL)
public abstract class AccessTokenMixin extends AccessToken {
@Override
@JsonProperty(OAuthConstants.ACCESS_TOKEN_TYPE)
abstract public String getTokenType();
@Override
@JsonProperty(OAuthConstants.ACCESS_TOKEN)
abstract public String getTokenKey();
@Override
@JsonProperty(OAuthConstants.REFRESH_TOKEN)
abstract public String getRefreshToken();
@Override
@JsonAnyGetter
abstract public Map<String, String> getParameters();
@Override
@JsonProperty(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN)
@JsonInclude(value = Include.NON_DEFAULT)
abstract public long getExpiresIn();
@Override
@JsonIgnore
abstract public long getIssuedAt();
}
{code}
These annotations could go into {{AccessToken}}. Also we should add the
following method to support deserialisation:
{code:java}
@JsonAnySetter
public void add(String key, String value) {
getParameters().put(key, value);
}
{code}
This omits {{expires_in}} when its the default value (-1), so no need to change
anything there. I've annotated {{getIssuedAt}} with {{@JsonIgnore}} so it
doesn't get included.
Similarly for {{ClientAccessToken}}:
{code:java}
public abstract class ClientAccessTokenMixin extends ClientAccessToken {
@Override
@JsonProperty(OAuthConstants.SCOPE)
abstract public String getApprovedScope();
}
{code}
Similar things could be done for {{OAuthError}}.
If this looks good to you, I'm happy to create a pull request with this and add
it to this issue.
> AccessToken doesn't serialize with snake-case
> ---------------------------------------------
>
> Key: CXF-6573
> URL: https://issues.apache.org/jira/browse/CXF-6573
> Project: CXF
> Issue Type: Wish
> Components: JAX-RS Security
> Affects Versions: 3.1.2
> Reporter: Karl von Randow
> Priority: Minor
>
> The org.apache.cxf.rs.security.oauth2.common.AccessToken class doesn't
> declare and JAXB (or other) annotations to influence how it is serialized. So
> it uses the default serialization style of the JAXB context.
> In my case this is camel case.
> This means that the AccessToken response from the AccessTokenService uses
> camel case. The OAuth docs _appear_ (I'm not a scholar of them) to indicate
> that it should be snake case.
> Is that true? Is this a thing? Would it be something you'd consider, adding
> `@XmlElement(name = "token_key")` annotations? That would be a breaking
> change for existing users...
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
