前言
最近在配置redis序列化问题的时候,使用fastjson来进行序列化,报异常:
com.alibaba.fastjson.JSONException: autoType is not support. org.springframework.security.core.authority.SimpleGrantedAuthority
com.alibaba.fastjson2.JSONException: autoType is not support. org.springframework.security.core.authority.SimpleGrantedAuthority
等等问题
本次出现问题是在fastjson反序列化springsecurity的UserDetails时出现的问题,报错代码如下
环境
java 17
springboot 3.0.4
fastjson 2.0.22
com.alibaba fastjson 2.0.22
寻找问题根源
提示问题出现在ObjectReaderProvider.java:734行,这里autoTypeSupport默认是true
大致意思是,类型没有在白名单范围之内,找了很多个博主的帖子,都没有可行的解决方案,可能是我用的版本比较高fastjson 2.0.22吧,其他博主的帖子都是fastjson1.x的。
这下面是我的Redis配置
import com.alibaba.fastjson.support.spring.GenericFastJsonRedisSerializer;import org.springframework.cache.annotation.CachingConfigurerSupport;import org.springframework.cache.annotation.EnableCaching;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.data.redis.connection.RedisConnectionFactory;import org.springframework.data.redis.core.RedisTemplate;import org.springframework.data.redis.serializer.StringRedisSerializer;@Configuration@EnableCachingpublic class RedisConfig extends CachingConfigurerSupport { @Bean @SuppressWarnings(value = { "unchecked", "rawtypes" }) public RedisTemplate
现在只需要给fastjson添加白名单就行了
尝试1(高版本不支持)
通过修改全局对象的方式进行白名单设置
尝试2(高版本不支持)
配置jvm启动参数,上面都不支持,这个应该也不支持
尝试3(成功)
查看GenericFastJsonRedisSerializer源码,发现里面有两个构造函数,一个无参(我现在用的),另一个是contextFilter我也不知道是干嘛的,但是发现参数名竟然是acceptNames,理解意思大概是支持的名称?
于是我就尝试了有参构造序列化
import com.alibaba.fastjson.support.spring.GenericFastJsonRedisSerializer;import org.springframework.cache.annotation.CachingConfigurerSupport;import org.springframework.cache.annotation.EnableCaching;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.data.redis.connection.RedisConnectionFactory;import org.springframework.data.redis.core.RedisTemplate;import org.springframework.data.redis.serializer.StringRedisSerializer;@Configuration@EnableCachingpublic class RedisConfig extends CachingConfigurerSupport { @Bean @SuppressWarnings(value = { "unchecked", "rawtypes" }) public RedisTemplate redisTemplate(RedisConnectionFactory connectionFactory) { RedisTemplate template = new RedisTemplate<>(); template.setConnectionFactory(connectionFactory); // 解决autoType is not support.xxxx.xx的问题 String[] acceptNames = {"org.springframework.security.core.authority.SimpleGrantedAuthority"}; GenericFastJsonRedisSerializer serializer = new GenericFastJsonRedisSerializer(acceptNames); // 使用GenericFastJsonRedisSerializer来序列化和反序列化redis的key值 template.setKeySerializer(new StringRedisSerializer()); template.setValueSerializer(serializer); // Hash的key也采用StringRedisSerializer的序列化方式 template.setHashKeySerializer(new StringRedisSerializer()); template.setHashValueSerializer(serializer); template.afterPropertiesSet(); return template; }}
重启服务后发现成功了!
总结
在redis序列化配置中使用带参数的GenericFastJsonRedisSerializer,然后添加不支持的类名即可
添加不支持的类名
String[] acceptNames = {"org.springframework.security.core.authority.SimpleGrantedAuthority"};
使用带参序列化对象
GenericFastJsonRedisSerializer serializer = new GenericFastJsonRedisSerializer(acceptNames);
来源地址:https://blog.csdn.net/djouyang9090/article/details/129612739