前言
最近在配置redis序列化问题的时候,使用fastjson来进行序列化,报异常:
com.alibaba.fastjson.JSONException: autoType is not support. org.springframework.security.core.authority.SimpleGrantedAuthority
com.alibaba.fastjson2.JSONException: autoType is not support. org.springframework.security.core.authority.SimpleGrantedAuthority
等等问题
本次出现问题是在fastjson反序列化springsecurity的UserDetails时出现的问题,报错代码如下
环境
java 17
springboot 3.0.4
fastjson 2.0.22
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>2.0.22</version>
</dependency>
寻找问题根源
提示问题出现在ObjectReaderProvider.java:734行,这里autoTypeSupport默认是true
大致意思是,类型没有在白名单范围之内,找了很多个博主的帖子,都没有可行的解决方案,可能是我用的版本比较高fastjson 2.0.22吧,其他博主的帖子都是fastjson1.x的。
这下面是我的Redis配置
import com.alibaba.fastjson.support.spring.GenericFastJsonRedisSerializer;
import org.springframework.cache.annotation.CachingConfigurerSupport;
import org.springframework.cache.annotation.EnableCaching;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.StringRedisSerializer;
/**
* @description 缓存配置类
* @author ouyang
* @version 1.0
* @date 2023-03-14 8:25
*/
@Configuration
@EnableCaching
public class RedisConfig extends CachingConfigurerSupport {
@Bean
@SuppressWarnings(value = { "unchecked", "rawtypes" })
public RedisTemplate<Object, Object> redisTemplate(RedisConnectionFactory connectionFactory) {
RedisTemplate<Object, Object> template = new RedisTemplate<>();
template.setConnectionFactory(connectionFactory);
GenericFastJsonRedisSerializer serializer = new GenericFastJsonRedisSerializer();
// 使用GenericFastJsonRedisSerializer来序列化和反序列化redis的key值
template.setKeySerializer(new StringRedisSerializer());
template.setValueSerializer(serializer);
// Hash的key也采用StringRedisSerializer的序列化方式
template.setHashKeySerializer(new StringRedisSerializer());
template.setHashValueSerializer(serializer);
template.afterPropertiesSet();
return template;
}
}
现在只需要给fastjson添加白名单就行了
尝试1(高版本不支持)
通过修改全局对象的方式进行白名单设置
尝试2(高版本不支持)
配置jvm启动参数,上面都不支持,这个应该也不支持
尝试3(成功)
查看GenericFastJsonRedisSerializer源码,发现里面有两个构造函数,一个无参(我现在用的),另一个是contextFilter我也不知道是干嘛的,但是发现参数名竟然是acceptNames,理解意思大概是支持的名称?
于是我就尝试了有参构造序列化
import com.alibaba.fastjson.support.spring.GenericFastJsonRedisSerializer;
import org.springframework.cache.annotation.CachingConfigurerSupport;
import org.springframework.cache.annotation.EnableCaching;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.StringRedisSerializer;
/**
* @description 缓存配置类
* @author ouyang
* @version 1.0
* @date 2023-03-14 8:25
*/
@Configuration
@EnableCaching
public class RedisConfig extends CachingConfigurerSupport {
@Bean
@SuppressWarnings(value = { "unchecked", "rawtypes" })
public RedisTemplate<Object, Object> redisTemplate(RedisConnectionFactory connectionFactory) {
RedisTemplate<Object, Object> template = new RedisTemplate<>();
template.setConnectionFactory(connectionFactory);
// 解决autoType is not support.xxxx.xx的问题
String[] acceptNames = {"org.springframework.security.core.authority.SimpleGrantedAuthority"};
GenericFastJsonRedisSerializer serializer = new GenericFastJsonRedisSerializer(acceptNames);
// 使用GenericFastJsonRedisSerializer来序列化和反序列化redis的key值
template.setKeySerializer(new StringRedisSerializer());
template.setValueSerializer(serializer);
// Hash的key也采用StringRedisSerializer的序列化方式
template.setHashKeySerializer(new StringRedisSerializer());
template.setHashValueSerializer(serializer);
template.afterPropertiesSet();
return template;
}
}
重启服务后发现成功了!
总结
在redis序列化配置中使用带参数的GenericFastJsonRedisSerializer,然后添加不支持的类名即可
添加不支持的类名文章来源:https://www.toymoban.com/news/detail-469046.html
String[] acceptNames = {"org.springframework.security.core.authority.SimpleGrantedAuthority"};
使用带参序列化对象文章来源地址https://www.toymoban.com/news/detail-469046.html
GenericFastJsonRedisSerializer serializer = new GenericFastJsonRedisSerializer(acceptNames);
到了这里,关于解决com.alibaba.fastjson.JSONException:autoType is not support问题,Redis FastJson的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!