Replaced Jackson 2 JSON Serializer with GSON to check whether GSON can

be used as a drop-in replacement to Jackson 2.

Author: Manish Baxi

api/pom.xml

@@ -54,6 +54,10 @@
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
     </dependency>
+    <dependency>
+      <groupId>com.google.code.gson</groupId>
+      <artifactId>gson</artifactId>
+    </dependency>
     <dependency>
       <groupId>commons-logging</groupId>
       <artifactId>commons-logging</artifactId>

api/src/main/java/org/springframework/http/converter/json/GsonHttpMessageConverter.java

@@ -0,0 +1,220 @@
+/*
+ * Copyright 2002-2013 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.http.converter.json;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.Reader;
+import java.lang.reflect.Type;
+import java.nio.charset.Charset;
+
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpInputMessage;
+import org.springframework.http.HttpOutputMessage;
+import org.springframework.http.MediaType;
+import org.springframework.http.converter.AbstractHttpMessageConverter;
+import org.springframework.http.converter.HttpMessageNotReadableException;
+import org.springframework.http.converter.HttpMessageNotWritableException;
+import org.springframework.util.Assert;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonIOException;
+import com.google.gson.JsonParseException;
+import com.google.gson.JsonSyntaxException;
+
+/**
+ * @author Roy Clarkson
+ * @since 1.0
+ */
+public class GsonHttpMessageConverter extends AbstractHttpMessageConverter<Object>
+{
+
+  public static final Charset DEFAULT_CHARSET = Charset.forName("UTF-8");
+
+  private Gson                gson;
+
+  private Type                type            = null;
+
+  private boolean             prefixJson      = false;
+
+  /**
+   * Construct a new {@code GsonHttpMessageConverter} with a default
+   * {@link Gson#Gson() Gson}.
+   */
+  public GsonHttpMessageConverter()
+  {
+    this(new Gson());
+  }
+
+  /**
+   * Construct a new {@code GsonHttpMessageConverter}.
+   *
+   * @param serializeNulls true to generate json for null values
+   */
+  public GsonHttpMessageConverter(boolean serializeNulls)
+  {
+    this(serializeNulls ? new GsonBuilder().serializeNulls().create() : new Gson());
+  }
+
+  /**
+   * Construct a new {@code GsonHttpMessageConverter}.
+   *
+   * @param gson a customized {@link Gson#Gson() Gson}
+   */
+  public GsonHttpMessageConverter(Gson gson)
+  {
+    super(new MediaType("application", "json", DEFAULT_CHARSET));
+    setGson(gson);
+  }
+
+  /**
+   * Sets the {@code Gson} for this view. If not set, a default
+   * {@link Gson#Gson() Gson} is used.
+   * <p>
+   * Setting a custom-configured {@code Gson} is one way to take further control
+   * of the JSON serialization process.
+   *
+   * @throws IllegalArgumentException if gson is null
+   */
+  public void setGson(Gson gson)
+  {
+    Assert.notNull(gson, "'gson' must not be null");
+    this.gson = gson;
+  }
+
+  public void setType(Type type)
+  {
+    this.type = type;
+  }
+
+  public Type getType()
+  {
+    return type;
+  }
+
+  /**
+   * Indicates whether the JSON output by this view should be prefixed with
+   * "{} &&". Default is false.
+   * <p>
+   * Prefixing the JSON string in this manner is used to help prevent JSON
+   * Hijacking. The prefix renders the string syntactically invalid as a script
+   * so that it cannot be hijacked. This prefix does not affect the evaluation
+   * of JSON, but if JSON validation is performed on the string, the prefix
+   * would need to be ignored.
+   */
+  public void setPrefixJson(boolean prefixJson)
+  {
+    this.prefixJson = prefixJson;
+  }
+
+  @Override
+  public boolean canRead(Class<?> clazz, MediaType mediaType)
+  {
+    return canRead(mediaType);
+  }
+
+  @Override
+  public boolean canWrite(Class<?> clazz, MediaType mediaType)
+  {
+    return canWrite(mediaType);
+  }
+
+  @Override
+  protected boolean supports(Class<?> clazz)
+  {
+    // should not be called, since we override canRead/Write instead
+    throw new UnsupportedOperationException();
+  }
+
+  @Override
+  protected Object readInternal(Class<?> clazz, HttpInputMessage inputMessage)
+    throws IOException, HttpMessageNotReadableException
+  {
+
+    Reader json = new InputStreamReader(inputMessage.getBody(), getCharset(inputMessage.getHeaders()));
+
+    try
+    {
+      Type typeOfT = getType();
+      if (typeOfT != null)
+      {
+        return this.gson.fromJson(json, typeOfT);
+      }
+      else
+      {
+        return this.gson.fromJson(json, clazz);
+      }
+    }
+    catch (JsonSyntaxException ex)
+    {
+      throw new HttpMessageNotReadableException("Could not read JSON: " + ex.getMessage(), ex);
+    }
+    catch (JsonIOException ex)
+    {
+      throw new HttpMessageNotReadableException("Could not read JSON: " + ex.getMessage(), ex);
+    }
+    catch (JsonParseException ex)
+    {
+      throw new HttpMessageNotReadableException("Could not read JSON: " + ex.getMessage(), ex);
+    }
+  }
+
+  @Override
+  protected void writeInternal(Object o, HttpOutputMessage outputMessage)
+    throws IOException, HttpMessageNotWritableException
+  {
+
+    OutputStreamWriter writer = new OutputStreamWriter(outputMessage.getBody(), getCharset(outputMessage.getHeaders()));
+
+    try
+    {
+      if (this.prefixJson)
+      {
+        writer.append("{} && ");
+      }
+      Type typeOfSrc = getType();
+      if (typeOfSrc != null)
+      {
+        this.gson.toJson(o, typeOfSrc, writer);
+      }
+      else
+      {
+        this.gson.toJson(o, writer);
+      }
+      writer.close();
+    }
+    catch (JsonIOException ex)
+    {
+      throw new HttpMessageNotWritableException("Could not write JSON: " + ex.getMessage(), ex);
+    }
+  }
+
+  // helpers
+
+  private Charset getCharset(HttpHeaders headers)
+  {
+    if (headers != null && headers.getContentType() != null
+      && headers.getContentType().getCharSet() != null)
+    {
+      return headers.getContentType().getCharSet();
+    }
+    return DEFAULT_CHARSET;
+  }
+
+}

api/src/main/resources/springAPIContext.xml

@@ -21,8 +21,7 @@
   <context:component-scan base-package="org.example.api" />
   <mvc:annotation-driven>
     <mvc:message-converters>
-      <bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
-        <property name="prettyPrint" value="true" />
+      <bean class="org.springframework.http.converter.json.GsonHttpMessageConverter">
         <property name="supportedMediaTypes" value="application/json" />
       </bean>
     </mvc:message-converters>

api/src/main/scala/org/example/api/UserAuthenticationController.scala

@@ -1,15 +1,14 @@
 package org.example.api
 
 import javax.servlet.http.{ HttpServletRequest, HttpServletResponse }
-
 import org.example.transfer.Response
-
 import org.springframework.beans.factory.annotation.{ Autowired, Qualifier }
 import org.springframework.security.authentication.{ AuthenticationManager, InternalAuthenticationServiceException, UsernamePasswordAuthenticationToken }
 import org.springframework.security.core.{ Authentication, AuthenticationException }
 import org.springframework.security.core.context.SecurityContextHolder
 import org.springframework.security.web.context.SecurityContextRepository
 import org.springframework.web.bind.annotation.{ RequestMapping, ResponseBody, RestController, RequestParam, RequestMethod }
+import scala.beans.BeanProperty
 
 /**
  * User Authentication controller.
@@ -44,7 +43,8 @@ class UserAuthenticationController {
         authenticationResponse.addError("Unable to authenticate the user.")
       } else {
         // Add an authentication token to the response.
-        authenticationResponse.token = authenticationResult.getDetails.asInstanceOf[String]
+         println("%% " + authenticationResult.getDetails)
+         authenticationResponse.token = authenticationResult.getDetails.asInstanceOf[String]
 
         // Save the authentication token in the security context.
         SecurityContextHolder.getContext.setAuthentication(authenticationResult)
@@ -72,6 +72,7 @@ class UserAuthenticationController {
 /**
  * Represents an API authentication response.
  */
-class UserAuthenticationResponse(val username: String) extends Response {
+class UserAuthenticationResponse(@transient val username: String) extends Response {
+  @BeanProperty
   var token: String = _
 }

api/src/main/scala/org/example/api/security/APIAuthenticationToken.scala

@@ -13,12 +13,12 @@ import org.springframework.security.core.context.SecurityContextHolder;
  * authentication and authorization information for a person.
  */
 final class APIAuthenticationToken(user: UserAuthenticationResponse) extends Authentication with CredentialsContainer {
-  private val authorities: Set[GrantedAuthority] = new HashSet[GrantedAuthority](1)
+  private[this] val authorities: Set[GrantedAuthority] = new HashSet[GrantedAuthority](1)
   authorities.add(new SimpleGrantedAuthority(user.role.name))
-  private val name = user.name
+  private[this] val name = user.name
   private val principal = user.username
-  private val role = user.role
-  private val token = TokenGenerator.generateToken
+  private[this] val role = user.role
+  private[this] val token = TokenGenerator.generateToken
 
   /**
    * @see org.springframework.security.core.CredentialsContainer#eraseCredentials()
@@ -38,7 +38,7 @@ final class APIAuthenticationToken(user: UserAuthenticationResponse) extends Aut
   /**
    * @see org.springframework.security.core.Authentication#getDetails()
    */
-  override def getDetails = null
+  override def getDetails = this.token
 
   /**
    * @see java.security.Principal#getName()

api/src/main/scala/org/example/api/security/UsernamePasswordAuthenticationProvider.scala

@@ -23,6 +23,11 @@ class UsernamePasswordAuthenticationProvider extends AuthenticationProvider {
   override def authenticate(authentication: Authentication): Authentication = {
     val authenticationResponse = this.userService.authenticate(new UserAuthenticationRequest(authentication.getName, authentication.getCredentials.asInstanceOf[String]))
 
+    println("## " + authenticationResponse.firstName)
+    println("## " + authenticationResponse.lastName)
+    println("## " + authenticationResponse.role)
+    println("## " + authenticationResponse.username)
+
     if (authenticationResponse.isSuccess) {
       SecurityContextHolder.getContext.setAuthentication(new APIAuthenticationToken(authenticationResponse))
 

pom.xml

@@ -85,6 +85,11 @@
         <artifactId>jackson-databind</artifactId>
         <version>${jackson.version}</version>
       </dependency>
+      <dependency>
+        <groupId>com.google.code.gson</groupId>
+        <artifactId>gson</artifactId>
+        <version>${gson.version}</version>
+      </dependency>
       <dependency>
         <groupId>commons-logging</groupId>
         <artifactId>commons-logging</artifactId>
@@ -285,6 +290,7 @@
     <cglib.version>3.0</cglib.version>
     <ehcache.version>2.6.6</ehcache.version>
     <freemarker.version>2.3.20</freemarker.version>
+    <gson.version>2.2.4</gson.version>
     <hamcrest.version>1.3</hamcrest.version>
     <jackson.version>2.3.1</jackson.version>
     <junit.version>4.11</junit.version>