解决com.alibaba.fastjson.JSONException:autoType is not support问题,Redis FastJson
前言
最近在配置redis序列化问题的时候,使用fastjson来进行序列化,报异常:
com.alibaba.fastjson.JSONException: autoType is not support. org.springframework.security.core.authority.SimpleGrantedAuthority
com.alibaba.fastjson2.JSONException: autoType is not support. org.springframework.security.core.authority.SimpleGrantedAuthority
等等问题
本次出现问题是在fastjson反序列化springsecurity的UserDetails时出现的问题,报错代码如下
环境
java 17
springboot 3.0.4
fastjson 2.0.22
<dependency><groupId>com.alibaba</groupId><artifactId>fastjson</artifactId><version>2.0.22</version></dependency>
寻找问题根源
提示问题出现在ObjectReaderProvider.java:734行,这里autoTypeSupport默认是true
大致意思是,类型没有在白名单范围之内,找了很多个博主的帖子,都没有可行的解决方案,可能是我用的版本比较高fastjson 2.0.22吧,其他博主的帖子都是fastjson1.x的。
这下面是我的Redis配置
import com.alibaba.fastjson.support.spring.GenericFastJsonRedisSerializer;import org.springframework.cache.annotation.CachingConfigurerSupport;import org.springframework.cache.annotation.EnableCaching;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.data.redis.connection.RedisConnectionFactory;import org.springframework.data.redis.core.RedisTemplate;import org.springframework.data.redis.serializer.StringRedisSerializer;/*** @description 缓存配置类* @author ouyang* @version 1.0* @date 2023-03-14 8:25*/@Configuration@EnableCachingpublic class RedisConfig extends CachingConfigurerSupport {@Bean@SuppressWarnings(value = { "unchecked", "rawtypes" })public RedisTemplate<Object, Object> redisTemplate(RedisConnectionFactory connectionFactory) {RedisTemplate<Object, Object> template = new RedisTemplate<>();template.setConnectionFactory(connectionFactory);GenericFastJsonRedisSerializer serializer = new GenericFastJsonRedisSerializer();// 使用GenericFastJsonRedisSerializer来序列化和反序列化redis的key值template.setKeySerializer(new StringRedisSerializer());template.setValueSerializer(serializer);// Hash的key也采用StringRedisSerializer的序列化方式template.setHashKeySerializer(new StringRedisSerializer());template.setHashValueSerializer(serializer);template.afterPropertiesSet();return template;}}
现在只需要给fastjson添加白名单就行了
尝试1(高版本不支持)
通过修改全局对象的方式进行白名单设置
尝试2(高版本不支持)
配置jvm启动参数,上面都不支持,这个应该也不支持
尝试3(成功)
查看GenericFastJsonRedisSerializer源码,发现里面有两个构造函数,一个无参(我现在用的),另一个是contextFilter我也不知道是干嘛的,但是发现参数名竟然是acceptNames,理解意思大概是支持的名称?
于是我就尝试了有参构造序列化
import com.alibaba.fastjson.support.spring.GenericFastJsonRedisSerializer;import org.springframework.cache.annotation.CachingConfigurerSupport;import org.springframework.cache.annotation.EnableCaching;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.data.redis.connection.RedisConnectionFactory;import org.springframework.data.redis.core.RedisTemplate;import org.springframework.data.redis.serializer.StringRedisSerializer;/*** @description 缓存配置类* @author ouyang* @version 1.0* @date 2023-03-14 8:25*/@Configuration@EnableCachingpublic class RedisConfig extends CachingConfigurerSupport {@Bean@SuppressWarnings(value = { "unchecked", "rawtypes" })public RedisTemplate<Object, Object> redisTemplate(RedisConnectionFactory connectionFactory) {RedisTemplate<Object, Object> template = new RedisTemplate<>();template.setConnectionFactory(connectionFactory);// 解决autoType is not support.xxxx.xx的问题String[] acceptNames = {"org.springframework.security.core.authority.SimpleGrantedAuthority"};GenericFastJsonRedisSerializer serializer = new GenericFastJsonRedisSerializer(acceptNames);// 使用GenericFastJsonRedisSerializer来序列化和反序列化redis的key值template.setKeySerializer(new StringRedisSerializer());template.setValueSerializer(serializer);// Hash的key也采用StringRedisSerializer的序列化方式template.setHashKeySerializer(new StringRedisSerializer());template.setHashValueSerializer(serializer);template.afterPropertiesSet();return template;}}
重启服务后发现成功了!
总结
在redis序列化配置中使用带参数的GenericFastJsonRedisSerializer,然后添加不支持的类名即可
添加不支持的类名
String[] acceptNames = {“org.springframework.security.core.authority.SimpleGrantedAuthority”};
使用带参序列化对象
GenericFastJsonRedisSerializer serializer = new GenericFastJsonRedisSerializer(acceptNames);
朴灿烈づ我的快乐病毒、
╰+哭是因爲堅強的太久メ
向右看齐
忘是亡心i
骑猪看日落
还没有评论,来说两句吧...