1

I’m using spring-security-oauth2-client in my web application. I want to use custom user type. But got error when Insteate OAuthUser using request body that authentication server sent.

The reason why I use custom user type is because I want to use string value inside of hashmap as nameAttributeKey instead of string value.

SecurityConfig

    http.oauth2Login()
      .userInfoEndpoint()
        .customUserType(NaverOAuth2User.class, "naver");

NaverOAuth2User

public class NaverOAuth2User implements OAuth2User {

   public NaverOAuth2User(Collection<? extends GrantedAuthority> authorities, Map<String, Object> attributes, String nameAttributeKey) {
           ...
   }

   ...

}

I expect NaverOAuth2User's constructor called, but error caused before serialization.

Caused by: com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Cannot construct instance of `com.rw.springsecurity.vo.NaverOAuth2User` (no Creators, like default construct, exist): cannot deserialize from Object value (no delegate- or property-based Creator)
 at [Source: (PushbackInputStream); line: 1, column: 2]
    at com.fasterxml.jackson.databind.exc.InvalidDefinitionException.from(InvalidDefinitionException.java:67) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at com.fasterxml.jackson.databind.DeserializationContext.reportBadDefinition(DeserializationContext.java:1452) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at com.fasterxml.jackson.databind.DeserializationContext.handleMissingInstantiator(DeserializationContext.java:1028) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1297) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:326) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:159) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4014) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3085) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.readJavaType(AbstractJackson2HttpMessageConverter.java:239) ~[spring-web-5.1.10.RELEASE.jar:5.1.10.RELEASE]

I assume that constructor parameter is wrong.

hyejin
  • 11
  • 4

1 Answers1

0

Behind the scenes Spring Security uses RestTemplate to deserialize data coming from userInfo endpoint into the custom type we specify which needs to have default constructor.

You can check this logic in org.springframework.security.oauth2.client.userinfo.CustomUserTypesOAuth2UserService.

K. Siva Prasad Reddy
  • 11,786
  • 12
  • 68
  • 95