cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl von Randow (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-6573) AccessToken doesn't serialize with snake-case
Date Wed, 02 Sep 2015 22:07:45 GMT

    [ https://issues.apache.org/jira/browse/CXF-6573?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14728108#comment-14728108
] 

Karl von Randow commented on CXF-6573:
--------------------------------------

Ah right. Maybe it's possible to have the {{OAuthJSONProvider}} registered as a provider and
used in preference to the other JSON providers, as it only serialises the classes it recognises...
I haven't tried that, as I'm not sure how the ordering will work. Perhaps the intention is
to have it in its own JAX-RS Application?

Yes, it is possible to use annotations to get the Jackson serialisation to match {{OAuthJSONProvider}}.
I am using a Jackson mix-in to achieve this at the moment (so please excuse the abstract modifiers,
they're a feature of doing this as a Jackson ObjectMapper mixin):

{code:java}
@JsonInclude(value = Include.NON_NULL)
public abstract class AccessTokenMixin extends AccessToken {

    @Override
    @JsonProperty(OAuthConstants.ACCESS_TOKEN_TYPE)
    abstract public String getTokenType();

    @Override
    @JsonProperty(OAuthConstants.ACCESS_TOKEN)
    abstract public String getTokenKey();

    @Override
    @JsonProperty(OAuthConstants.REFRESH_TOKEN)
    abstract public String getRefreshToken();

    @Override
    @JsonAnyGetter
    abstract public Map<String, String> getParameters();

    @Override
    @JsonProperty(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN)
    @JsonInclude(value = Include.NON_DEFAULT)
    abstract public long getExpiresIn();

    @Override
    @JsonIgnore
    abstract public long getIssuedAt();

}
{code}

These annotations could go into {{AccessToken}}. Also we should add the following method to
support deserialisation:

{code:java}
    @JsonAnySetter
    public void add(String key, String value) {
        getParameters().put(key, value);
    }
{code}

This omits {{expires_in}} when its the default value (-1), so no need to change anything there.
I've annotated {{getIssuedAt}} with {{@JsonIgnore}} so it doesn't get included.

Similarly for {{ClientAccessToken}}:

{code:java}
public abstract class ClientAccessTokenMixin extends ClientAccessToken {

    @Override
    @JsonProperty(OAuthConstants.SCOPE)
    abstract public String getApprovedScope();

}
{code}

Similar things could be done for {{OAuthError}}.

If this looks good to you, I'm happy to create a pull request with this and add it to this
issue.

> AccessToken doesn't serialize with snake-case
> ---------------------------------------------
>
>                 Key: CXF-6573
>                 URL: https://issues.apache.org/jira/browse/CXF-6573
>             Project: CXF
>          Issue Type: Wish
>          Components: JAX-RS Security
>    Affects Versions: 3.1.2
>            Reporter: Karl von Randow
>            Priority: Minor
>
> The org.apache.cxf.rs.security.oauth2.common.AccessToken class doesn't declare and JAXB
(or other) annotations to influence how it is serialized. So it uses the default serialization
style of the JAXB context.
> In my case this is camel case.
> This means that the AccessToken response from the AccessTokenService uses camel case.
The OAuth docs _appear_ (I'm not a scholar of them) to indicate that it should be snake case.
> Is that true? Is this a thing? Would it be something you'd consider, adding `@XmlElement(name
= "token_key")` annotations? That would be a breaking change for existing users...



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message