fix spring OAuth2 class serialize (#15414)

* fix spring OAuth2 class serialize

* rollback cluster pom edit

* format code

* ensure compile normally if not import Spring-Authorization-Server

* Update pom.xml

---------

Co-authored-by: zrlw <zrlw@sina.com>

Author: wzkris

dubbo-plugin/dubbo-spring-security/pom.xml

@@ -29,6 +29,7 @@
 
   <properties>
     <skip_maven_deploy>false</skip_maven_deploy>
+    <spring.oauth2.server>1.5.1</spring.oauth2.server>
   </properties>
 
   <dependencies>
@@ -65,6 +66,12 @@
       <optional>true</optional>
     </dependency>
 
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-oauth2-authorization-server</artifactId>
+      <version>${spring.oauth2.server}</version>
+      <optional>true</optional>
+    </dependency>
     <!-- spring security -->
 
     <!-- jackson -->

dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/jackson/ObjectMapperCodec.java

@@ -21,16 +21,19 @@
 import org.apache.dubbo.common.logger.LoggerFactory;
 import org.apache.dubbo.common.utils.ClassUtils;
 import org.apache.dubbo.common.utils.StringUtils;
+import org.apache.dubbo.spring.security.oauth2.OAuth2SecurityModule;
 
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.function.Consumer;
 
+import com.fasterxml.jackson.databind.Module;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.module.SimpleModule;
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import org.springframework.security.jackson2.CoreJackson2Module;
+import org.springframework.security.jackson2.SecurityJackson2Modules;
 
 public class ObjectMapperCodec {
 
@@ -101,6 +104,10 @@ public ObjectMapperCodec configureMapper(Consumer<ObjectMapper> objectMapperConf
     private void registerDefaultModule() {
         mapper.registerModule(new CoreJackson2Module());
         mapper.registerModule(new JavaTimeModule());
+        mapper.registerModule(new OAuth2SecurityModule());
+        List<Module> securityModules =
+                SecurityJackson2Modules.getModules(this.getClass().getClassLoader());
+        mapper.registerModules(securityModules);
 
         List<String> jacksonModuleClassNameList = new ArrayList<>();
         jacksonModuleClassNameList.add(

dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/AuthorizationGrantTypeMixin.java

@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@JsonAutoDetect(
+        fieldVisibility = JsonAutoDetect.Visibility.ANY,
+        getterVisibility = JsonAutoDetect.Visibility.NONE,
+        isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+        creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class AuthorizationGrantTypeMixin {
+
+    @JsonCreator
+    public AuthorizationGrantTypeMixin(@JsonProperty("value") String value) {}
+}

dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/BearerTokenAuthenticationMixin.java

@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import java.util.Collection;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
+
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@JsonAutoDetect(
+        fieldVisibility = JsonAutoDetect.Visibility.ANY,
+        getterVisibility = JsonAutoDetect.Visibility.NONE,
+        isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+        creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class BearerTokenAuthenticationMixin {
+
+    @JsonCreator
+    public BearerTokenAuthenticationMixin(
+            @JsonProperty("principal") OAuth2AuthenticatedPrincipal principal,
+            @JsonProperty("credentials") OAuth2AccessToken credentials,
+            @JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {}
+}

dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/ClientAuthenticationMethodMixin.java

@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@JsonAutoDetect(
+        fieldVisibility = JsonAutoDetect.Visibility.ANY,
+        getterVisibility = JsonAutoDetect.Visibility.NONE,
+        isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+        creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class ClientAuthenticationMethodMixin {
+
+    @JsonCreator
+    public ClientAuthenticationMethodMixin(@JsonProperty("value") String value) {}
+}

dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/ClientSettingsMixin.java

@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import java.util.Map;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@JsonAutoDetect(
+        fieldVisibility = JsonAutoDetect.Visibility.ANY,
+        getterVisibility = JsonAutoDetect.Visibility.NONE,
+        isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+        creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class ClientSettingsMixin {
+
+    @JsonCreator
+    public ClientSettingsMixin(@JsonProperty("settings") Map<String, Object> settings) {}
+}

dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/OAuth2AuthenticatedPrincipalMixin.java

@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import java.util.Collection;
+import java.util.Map;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import org.springframework.security.core.GrantedAuthority;
+
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@JsonAutoDetect(
+        fieldVisibility = JsonAutoDetect.Visibility.ANY,
+        getterVisibility = JsonAutoDetect.Visibility.NONE,
+        isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+        creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class OAuth2AuthenticatedPrincipalMixin {
+
+    @JsonCreator
+    public OAuth2AuthenticatedPrincipalMixin(
+            @JsonProperty("name") String name,
+            @JsonProperty("attributes") Map<String, Object> attributes,
+            @JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {}
+}

dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/OAuth2ClientAuthenticationTokenMixin.java

@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import java.util.Map;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import org.springframework.lang.Nullable;
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
+
+@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@JsonAutoDetect(
+        fieldVisibility = JsonAutoDetect.Visibility.ANY,
+        getterVisibility = JsonAutoDetect.Visibility.NONE,
+        isGetterVisibility = JsonAutoDetect.Visibility.NONE,
+        creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@JsonIgnoreProperties(ignoreUnknown = true)
+abstract class OAuth2ClientAuthenticationTokenMixin {
+
+    @JsonCreator
+    public OAuth2ClientAuthenticationTokenMixin(
+            @JsonProperty("clientId") String clientId,
+            @JsonProperty("clientAuthenticationMethod") ClientAuthenticationMethod clientAuthenticationMethod,
+            @JsonProperty("credentials") @Nullable Object credentials,
+            @JsonProperty("additionalParameters") @Nullable Map<String, Object> additionalParameters) {}
+}

dubbo-plugin/dubbo-spring-security/src/main/java/org/apache/dubbo/spring/security/oauth2/OAuth2SecurityModule.java

@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.dubbo.spring.security.oauth2;
+
+import org.apache.dubbo.common.utils.ClassUtils;
+
+import java.util.ArrayList;
+import java.util.Collections;
+
+import com.fasterxml.jackson.databind.module.SimpleModule;
+
+public class OAuth2SecurityModule extends SimpleModule {
+
+    public OAuth2SecurityModule() {
+        super(OAuth2SecurityModule.class.getName());
+    }
+
+    @Override
+    public void setupModule(SetupContext context) {
+        setMixInAnnotations(
+                context,
+                "org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal",
+                "org.apache.dubbo.spring.security.oauth2.OAuth2AuthenticatedPrincipalMixin");
+        setMixInAnnotations(
+                context,
+                "org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal",
+                "org.apache.dubbo.spring.security.oauth2.OAuth2AuthenticatedPrincipalMixin");
+        setMixInAnnotations(
+                context,
+                "org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication",
+                "org.apache.dubbo.spring.security.oauth2.BearerTokenAuthenticationMixin");
+        setMixInAnnotations(
+                context,
+                "org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken",
+                "org.apache.dubbo.spring.security.oauth2.OAuth2ClientAuthenticationTokenMixin");
+        setMixInAnnotations(
+                context,
+                "org.springframework.security.oauth2.core.ClientAuthenticationMethod",
+                ClientAuthenticationMethodMixin.class);
+        setMixInAnnotations(
+                context,
+                "org.springframework.security.oauth2.server.authorization.client.RegisteredClient",
+                "org.apache.dubbo.spring.security.oauth2.RegisteredClientMixin");
+        setMixInAnnotations(
+                context,
+                "org.springframework.security.oauth2.core.AuthorizationGrantType",
+                AuthorizationGrantTypeMixin.class);
+        setMixInAnnotations(
+                context,
+                "org.springframework.security.oauth2.server.authorization.settings.ClientSettings",
+                ClientSettingsMixin.class);
+        setMixInAnnotations(
+                context,
+                "org.springframework.security.oauth2.server.authorization.settings.TokenSettings",
+                TokenSettingsMixin.class);
+        context.setMixInAnnotations(
+                Collections.unmodifiableCollection(new ArrayList<>()).getClass(), UnmodifiableCollectionMixin.class);
+    }
+
+    private void setMixInAnnotations(SetupContext context, String oauth2ClassName, String mixinClassName) {
+        Class<?> oauth2Class = loadClassIfPresent(oauth2ClassName);
+        if (oauth2Class != null) {
+            context.setMixInAnnotations(oauth2Class, loadClassIfPresent(mixinClassName));
+        }
+    }
+
+    private void setMixInAnnotations(SetupContext context, String oauth2ClassName, Class<?> mixinClass) {
+        Class<?> oauth2Class = loadClassIfPresent(oauth2ClassName);
+        if (oauth2Class != null) {
+            context.setMixInAnnotations(oauth2Class, mixinClass);
+        }
+    }
+
+    private Class<?> loadClassIfPresent(String oauth2ClassName) {
+        try {
+            return ClassUtils.forName(oauth2ClassName, OAuth2SecurityModule.class.getClassLoader());
+
+        } catch (Throwable ignored) {
+        }
+        return null;
+    }
+}