From b042821aa6fefb837cc03910994d3d8e68d149d0 Mon Sep 17 00:00:00 2001 From: Daniel DeGroff Date: Mon, 29 May 2023 22:09:07 -0600 Subject: [PATCH] Add de-serializer configuration so that you can de-serialize this w/ any Jackson ObjectMapper w/out having to register the handlers yourself. --- .gitignore | 3 ++- CHANGES | 5 +++++ README.md | 8 ++++---- build.savant | 2 +- src/main/java/io/fusionauth/jwt/domain/JWT.java | 9 +++++++-- 5 files changed, 19 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index cf83389..b344a6a 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ build *.iws .idea target -.DS_Store \ No newline at end of file +.DS_Store +.savant/cache diff --git a/CHANGES b/CHANGES index eda664e..39ad2f8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,10 @@ FusionAuth JWT Changes +Changes in 5.2.4 + + * Bind a deserializer using @JsonDeserialize the JWT object for all ZoneDateTime objects. This allows + you to use any Jackson Object Mapper w/out explicitly binding these deserializers. + Changes in 5.2.3 * Upgraded Jackson Core to 2.14.0 diff --git a/README.md b/README.md index 7e8a886..3d0d7e0 100644 --- a/README.md +++ b/README.md @@ -41,23 +41,23 @@ We are very interested in compensating anyone that can identify a security relat io.fusionauth fusionauth-jwt - 5.2.3 + 5.2.4 ``` ### Gradle ```groovy -implementation 'io.fusionauth:fusionauth-jwt:5.2.3' +implementation 'io.fusionauth:fusionauth-jwt:5.2.4' ``` ### Gradle Kotlin ```kotlin -implementation("io.fusionauth:fusionauth-jwt:5.2.3") +implementation("io.fusionauth:fusionauth-jwt:5.2.4") ``` ### Savant ```groovy -dependency(id: "io.fusionauth:fusionauth-jwt:5.2.3") +dependency(id: "io.fusionauth:fusionauth-jwt:5.2.4") ``` For others see [https://search.maven.org](https://search.maven.org/artifact/io.fusionauth/fusionauth-jwt/4.0.1/jar). diff --git a/build.savant b/build.savant index b103b7c..c6fecaa 100644 --- a/build.savant +++ b/build.savant @@ -16,7 +16,7 @@ jacksonVersion = "2.14.0" -project(group: "io.fusionauth", name: "fusionauth-jwt", version: "5.2.3", licenses: ["ApacheV2_0"]) { +project(group: "io.fusionauth", name: "fusionauth-jwt", version: "5.2.4", licenses: ["ApacheV2_0"]) { workflow { fetch { diff --git a/src/main/java/io/fusionauth/jwt/domain/JWT.java b/src/main/java/io/fusionauth/jwt/domain/JWT.java index 28e5161..f315af7 100644 --- a/src/main/java/io/fusionauth/jwt/domain/JWT.java +++ b/src/main/java/io/fusionauth/jwt/domain/JWT.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016-2022, FusionAuth, All Rights Reserved + * Copyright (c) 2016-2023, FusionAuth, All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,11 +20,13 @@ import com.fasterxml.jackson.annotation.JsonAnySetter; import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.databind.annotation.JsonSerialize; import io.fusionauth.jwt.JWTDecoder; import io.fusionauth.jwt.JWTEncoder; import io.fusionauth.jwt.TimeMachineJWTDecoder; import io.fusionauth.jwt.json.Mapper; +import io.fusionauth.jwt.json.ZonedDateTimeDeserializer; import io.fusionauth.jwt.json.ZonedDateTimeSerializer; import java.math.BigDecimal; @@ -71,6 +73,7 @@ public class JWT { * processing. The expiration time is expected to provided in UNIX time, or the number of seconds since Epoch. */ @JsonProperty("exp") + @JsonDeserialize(using = ZonedDateTimeDeserializer.class) @JsonSerialize(using = ZonedDateTimeSerializer.class) public ZonedDateTime expiration; @@ -81,6 +84,7 @@ public class JWT { * UNIX time, or the number of seconds since Epoch. */ @JsonProperty("iat") + @JsonDeserialize(using = ZonedDateTimeDeserializer.class) @JsonSerialize(using = ZonedDateTimeSerializer.class) public ZonedDateTime issuedAt; @@ -97,9 +101,10 @@ public class JWT { * Registered Claim nbf as defined by RFC 7519 Section 4.1.5. Use of this claim is OPTIONAL. *

* This claim identifies the time before which the JWT MUST NOT be accepted for processing. The not before value is - * expected to provided in UNIX time, or the number of seconds since Epoch. + * expected to be provided in UNIX time, or the number of seconds since Epoch. */ @JsonProperty("nbf") + @JsonDeserialize(using = ZonedDateTimeDeserializer.class) @JsonSerialize(using = ZonedDateTimeSerializer.class) public ZonedDateTime notBefore;