Merge pull request #918 from AzureAD/avdunn/jackson-databind-removal

Replace jackson-databind with azure-json in HTTP response classes

Author: Avery-Dunn

msal4j-sdk/pom.xml

@@ -60,6 +60,11 @@
             <version>1.18.36</version>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>com.azure</groupId>
+            <artifactId>azure-json</artifactId>
+            <version>1.4.0</version>
+        </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java

@@ -120,19 +120,13 @@ static Set<String> getAliases(String host) {
 
     static AadInstanceDiscoveryResponse parseInstanceDiscoveryMetadata(String instanceDiscoveryJson) {
 
-        AadInstanceDiscoveryResponse aadInstanceDiscoveryResponse;
         try {
-            aadInstanceDiscoveryResponse = JsonHelper.convertJsonToObject(
-                    instanceDiscoveryJson,
-                    AadInstanceDiscoveryResponse.class);
-
+            return JsonHelper.convertJsonStringToJsonSerializableObject(instanceDiscoveryJson, AadInstanceDiscoveryResponse::fromJson);
         } catch (Exception ex) {
             throw new MsalClientException("Error parsing instance discovery response. Data must be " +
                     "in valid JSON format. For more information, see https://aka.ms/msal4j-instance-discovery",
                     AuthenticationErrorCode.INVALID_INSTANCE_DISCOVERY_METADATA);
         }
-
-        return aadInstanceDiscoveryResponse;
     }
 
     static void cacheInstanceDiscoveryResponse(String host,
@@ -150,14 +144,9 @@ static void cacheInstanceDiscoveryResponse(String host,
     }
 
     static void cacheInstanceDiscoveryMetadata(String host) {
-        cache.putIfAbsent(host, InstanceDiscoveryMetadataEntry.builder().
-                preferredCache(host).
-                preferredNetwork(host).
-                aliases(Collections.singleton(host)).
-                build());
+        cache.putIfAbsent(host, new InstanceDiscoveryMetadataEntry(host, host, Collections.singleton(host)));
     }
 
-
     private static boolean shouldUseRegionalEndpoint(MsalRequest msalRequest){
         if (((AbstractClientApplicationBase) msalRequest.application()).azureRegion() != null
                 || ((AbstractClientApplicationBase) msalRequest.application()).autoDetectRegion()){
@@ -184,11 +173,7 @@ static void cacheRegionInstanceMetadata(String originalHost, String regionalHost
         Set<String> aliases = new HashSet<>();
         aliases.add(originalHost);
 
-        cache.putIfAbsent(regionalHost, InstanceDiscoveryMetadataEntry.builder().
-                preferredCache(originalHost).
-                preferredNetwork(regionalHost).
-                aliases(aliases).
-                build());
+        cache.putIfAbsent(regionalHost,  new InstanceDiscoveryMetadataEntry(regionalHost, originalHost, aliases));
     }
 
     private static String getRegionalizedHost(String host, String region) {
@@ -248,10 +233,10 @@ static AadInstanceDiscoveryResponse sendInstanceDiscoveryRequest(URL authorityUr
 
         IHttpResponse httpResponse = executeRequest(instanceDiscoveryRequestUrl, msalRequest.headers().getReadonlyHeaderMap(), msalRequest, serviceBundle);
 
-        AadInstanceDiscoveryResponse response = JsonHelper.convertJsonToObject(httpResponse.body(), AadInstanceDiscoveryResponse.class);
+        AadInstanceDiscoveryResponse response = JsonHelper.convertJsonStringToJsonSerializableObject(httpResponse.body(), AadInstanceDiscoveryResponse::fromJson);
 
         if (httpResponse.statusCode() != HttpHelper.HTTP_STATUS_200) {
-            if(httpResponse.statusCode() == HttpHelper.HTTP_STATUS_400 && response.error().equals("invalid_instance")){
+            if (httpResponse.statusCode() == HttpHelper.HTTP_STATUS_400 && response.error().equals("invalid_instance")) {
                 // instance discovery failed due to an invalid authority, throw an exception.
                 throw MsalServiceExceptionFactory.fromHttpResponse(httpResponse);
             }

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryResponse.java

@@ -3,30 +3,71 @@
 
 package com.microsoft.aad.msal4j;
 
-import com.fasterxml.jackson.annotation.JsonProperty;
+import com.azure.json.JsonReader;
+import com.azure.json.JsonSerializable;
+import com.azure.json.JsonToken;
+import com.azure.json.JsonWriter;
 import lombok.AccessLevel;
 import lombok.Getter;
 import lombok.experimental.Accessors;
 
+import java.io.IOException;
+import java.util.List;
+
 @Accessors(fluent = true)
 @Getter(AccessLevel.PACKAGE)
-class AadInstanceDiscoveryResponse {
+class AadInstanceDiscoveryResponse implements JsonSerializable<AadInstanceDiscoveryResponse> {
 
-    @JsonProperty("tenant_discovery_endpoint")
     private String tenantDiscoveryEndpoint;
-
-    @JsonProperty("metadata")
-    private InstanceDiscoveryMetadataEntry[] metadata;
-
-    @JsonProperty("error_description")
+    private List<InstanceDiscoveryMetadataEntry> metadata;
     private String errorDescription;
-
-    @JsonProperty("error_codes")
-    private long[] errorCodes;
-
-    @JsonProperty("error")
+    private List<Long> errorCodes;
     private String error;
-
-    @JsonProperty("correlation_id")
     private String correlationId;
-}
+
+    public static AadInstanceDiscoveryResponse fromJson(JsonReader jsonReader) throws IOException {
+        AadInstanceDiscoveryResponse response = new AadInstanceDiscoveryResponse();
+        return jsonReader.readObject(reader -> {
+            while (reader.nextToken() != JsonToken.END_OBJECT) {
+                String fieldName = reader.getFieldName();
+                reader.nextToken();
+                switch (fieldName) {
+                    case "tenant_discovery_endpoint":
+                        response.tenantDiscoveryEndpoint = reader.getString();
+                        break;
+                    case "metadata":
+                        response.metadata = reader.readArray(InstanceDiscoveryMetadataEntry::fromJson);
+                        break;
+                    case "error_description":
+                        response.errorDescription = reader.getString();
+                        break;
+                    case "error_codes":
+                        response.errorCodes = reader.readArray(JsonReader::getLong);
+                        break;
+                    case "error":
+                        response.error = reader.getString();
+                        break;
+                    case "correlation_id":
+                        response.correlationId = reader.getString();
+                        break;
+                    default:
+                        reader.skipChildren();
+                        break;
+                }
+            }
+            return response;
+        });
+    }
+
+    public JsonWriter toJson(JsonWriter jsonWriter) throws IOException {
+        jsonWriter.writeStartObject();
+        jsonWriter.writeStringField("tenant_discovery_endpoint", tenantDiscoveryEndpoint);
+        jsonWriter.writeArrayField("metadata", metadata, JsonWriter::writeJson);
+        jsonWriter.writeStringField("error_description", errorDescription);
+        jsonWriter.writeArrayField("error_codes", errorCodes, JsonWriter::writeLong);
+        jsonWriter.writeStringField("error", error);
+        jsonWriter.writeStringField("correlation_id", correlationId);
+        jsonWriter.writeEndObject();
+        return jsonWriter;
+    }
+}

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractManagedIdentitySource.java

@@ -101,8 +101,7 @@ public ManagedIdentityResponse handleResponse(
 
     protected ManagedIdentityResponse getSuccessfulResponse(IHttpResponse response) {
 
-        ManagedIdentityResponse managedIdentityResponse = JsonHelper
-                .convertJsonToObject(response.body(), ManagedIdentityResponse.class);
+        ManagedIdentityResponse managedIdentityResponse = JsonHelper.convertJsonStringToJsonSerializableObject(response.body(), ManagedIdentityResponse::fromJson);
 
         if (managedIdentityResponse == null || managedIdentityResponse.getAccessToken() == null
                 || managedIdentityResponse.getAccessToken().isEmpty() || managedIdentityResponse.getExpiresOn() == null

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java

@@ -3,25 +3,58 @@
 
 package com.microsoft.aad.msal4j;
 
-import com.fasterxml.jackson.annotation.JsonProperty;
+import com.azure.json.JsonReader;
+import com.azure.json.JsonSerializable;
+import com.azure.json.JsonToken;
+import com.azure.json.JsonWriter;
 import lombok.*;
 import lombok.experimental.Accessors;
 
+import java.io.IOException;
 import java.util.*;
 
 @Accessors(fluent = true)
 @Getter(AccessLevel.PACKAGE)
 @Builder
 @NoArgsConstructor
 @AllArgsConstructor
-class InstanceDiscoveryMetadataEntry {
+class InstanceDiscoveryMetadataEntry implements JsonSerializable<InstanceDiscoveryMetadataEntry> {
 
-    @JsonProperty("preferred_network")
     String preferredNetwork;
-
-    @JsonProperty("preferred_cache")
     String preferredCache;
-
-    @JsonProperty("aliases")
     Set<String> aliases;
+
+    public static InstanceDiscoveryMetadataEntry fromJson(JsonReader jsonReader) throws IOException {
+        InstanceDiscoveryMetadataEntry entry = new InstanceDiscoveryMetadataEntry();
+        return jsonReader.readObject(reader -> {
+            while (reader.nextToken() != JsonToken.END_OBJECT) {
+                String fieldName = reader.getFieldName();
+                reader.nextToken();
+                switch (fieldName) {
+                    case "preferred_network":
+                        entry.preferredNetwork = reader.getString();
+                        break;
+                    case "preferred_cache":
+                        entry.preferredCache = reader.getString();
+                        break;
+                    case "aliases":
+                        entry.aliases = new HashSet<>(reader.readArray(JsonReader::getString));
+                        break;
+                    default:
+                        reader.skipChildren();
+                        break;
+                }
+            }
+            return entry;
+        });
+    }
+
+    public JsonWriter toJson(JsonWriter jsonWriter) throws IOException {
+        jsonWriter.writeStartObject();
+        jsonWriter.writeStringField("preferred_network", preferredNetwork);
+        jsonWriter.writeStringField("preferred_cache", preferredCache);
+        jsonWriter.writeArrayField("aliases", aliases, JsonWriter::writeString);
+        jsonWriter.writeEndObject();
+        return jsonWriter;
+    }
 }

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/JsonHelper.java

@@ -3,6 +3,10 @@
 
 package com.microsoft.aad.msal4j;
 
+import com.azure.json.JsonProviders;
+import com.azure.json.JsonReader;
+import com.azure.json.JsonSerializable;
+import com.azure.json.ReadValueCallback;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.databind.DeserializationFeature;
@@ -36,6 +40,17 @@ static <T> T convertJsonToObject(final String json, final Class<T> tClass) {
         }
     }
 
+    //This method is used to convert a JSON string to an object which implements the JsonSerializable interface from com.azure.json
+    static <T extends JsonSerializable<T>> T convertJsonStringToJsonSerializableObject(String jsonResponse, ReadValueCallback<JsonReader, T> readFunction) {
+        try (JsonReader jsonReader = JsonProviders.createReader(jsonResponse)) {
+            return readFunction.read(jsonReader);
+        } catch (IOException e) {
+            throw new MsalClientException(e.getMessage(), AuthenticationErrorCode.INVALID_JSON);
+        } catch (Exception e) {
+            throw new MsalClientException("Error parsing JSON response: " + e.getMessage(), AuthenticationErrorCode.INVALID_JSON);
+        }
+    }
+
     /**
      * Throws exception if given String does not follow JSON syntax
      */

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ManagedIdentityResponse.java

@@ -3,42 +3,67 @@
 
 package com.microsoft.aad.msal4j;
 
-import com.fasterxml.jackson.annotation.JsonCreator;
-import com.fasterxml.jackson.annotation.JsonProperty;
+import com.azure.json.JsonReader;
+import com.azure.json.JsonSerializable;
+import com.azure.json.JsonToken;
+import com.azure.json.JsonWriter;
 import lombok.Getter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.io.IOException;
+
 @Getter
-class ManagedIdentityResponse {
+class ManagedIdentityResponse implements JsonSerializable<ManagedIdentityResponse> {
 
     private static final Logger LOG = LoggerFactory.getLogger(ManagedIdentityResponse.class);
 
-    @JsonProperty(value = "token_type")
     String tokenType;
-
-    @JsonProperty(value = "access_token")
     String accessToken;
-
-    @JsonProperty(value = "expires_on")
     String expiresOn;
-
     String resource;
-
-    @JsonProperty(value = "client_id")
     String clientId;
 
-    /**
-     * Creates an access token instance.
-     *
-     * @param token the token string.
-     * @param expiresOn the expiration time.
-     */
-    @JsonCreator
-    private ManagedIdentityResponse(
-            @JsonProperty(value = "access_token") String token,
-            @JsonProperty(value = "expires_on") String expiresOn) {
-        this.accessToken = token;
-        this.expiresOn =  expiresOn;
+    public static ManagedIdentityResponse fromJson(JsonReader jsonReader) throws IOException {
+        ManagedIdentityResponse response = new ManagedIdentityResponse();
+        return jsonReader.readObject(reader -> {
+            while (reader.nextToken() != JsonToken.END_OBJECT) {
+                String fieldName = reader.getFieldName();
+                reader.nextToken();
+                switch (fieldName) {
+                    case "token_type":
+                        response.tokenType = reader.getString();
+                        break;
+                    case "access_token":
+                        response.accessToken = reader.getString();
+                        break;
+                    case "expires_on":
+                        response.expiresOn = reader.getString();
+                        break;
+                    case "resource":
+                        response.resource = reader.getString();
+                        break;
+                    case "client_id":
+                        response.clientId = reader.getString();
+                        break;
+                    default:
+                        reader.skipChildren();
+                        break;
+                }
+            }
+            return response;
+        });
+    }
+
+    @Override
+    public JsonWriter toJson(JsonWriter jsonWriter) throws IOException {
+        jsonWriter.writeStartObject();
+        jsonWriter.writeStringField("token_type", tokenType);
+        jsonWriter.writeStringField("access_token", accessToken);
+        jsonWriter.writeStringField("expires_on", expiresOn);
+        jsonWriter.writeStringField("resource", resource);
+        jsonWriter.writeStringField("client_id", clientId);
+        jsonWriter.writeEndObject();
+        return jsonWriter;
     }
-}
+}

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OidcDiscoveryProvider.java

@@ -12,7 +12,7 @@ static OidcDiscoveryResponse performOidcDiscovery(OidcAuthority authority, Abstr
 
         IHttpResponse httpResponse = ((HttpHelper)clientApplication.serviceBundle.getHttpHelper()).executeHttpRequest(httpRequest);
 
-        OidcDiscoveryResponse response = JsonHelper.convertJsonToObject(httpResponse.body(), OidcDiscoveryResponse.class);
+        OidcDiscoveryResponse response = JsonHelper.convertJsonStringToJsonSerializableObject(httpResponse.body(), OidcDiscoveryResponse::fromJson);
 
         if (httpResponse.statusCode() != HttpHelper.HTTP_STATUS_200) {
             throw MsalServiceExceptionFactory.fromHttpResponse(httpResponse);