diff --git a/CHANGELOG.md b/CHANGELOG.md index 57561b43e..ccd614adc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ ## Release Notes +### 0.10.2 + +This is a minor patch release that ensures the `OrgJsonSerializer` and `OrgJsonDeserializer` implementations are +compatible with Android's older `org.json` API. Previously JJWT used newer `org.json` APIs that are not +available on Android. + ### 0.10.1 This is a minor point release that ensures the BouncyCastle dependency is optional and not pulled in as a transitive diff --git a/README.md b/README.md index 383674c15..0bbb20455 100644 --- a/README.md +++ b/README.md @@ -179,18 +179,18 @@ If you're building a (non-Android) JDK project, you will want to define the foll io.jsonwebtoken jjwt-api - 0.10.1 + 0.10.2 io.jsonwebtoken jjwt-impl - 0.10.1 + 0.10.2 runtime io.jsonwebtoken jjwt-jackson - 0.10.1 + 0.10.2 runtime ``` @@ -1201,7 +1201,7 @@ scope which is the typical JJWT default). That is: ```groovy dependencies { - compile 'io.jsonwebtoken:jjwt-jackson:0.10.1' + compile 'io.jsonwebtoken:jjwt-jackson:0.10.2' } ``` diff --git a/api/pom.xml b/api/pom.xml index 2438d5a89..2cffb8170 100644 --- a/api/pom.xml +++ b/api/pom.xml @@ -21,7 +21,7 @@ io.jsonwebtoken jjwt-root - 0.10.1 + 0.10.2-SNAPSHOT ../pom.xml diff --git a/extensions/jackson/pom.xml b/extensions/jackson/pom.xml index 811293358..6acf5d3de 100644 --- a/extensions/jackson/pom.xml +++ b/extensions/jackson/pom.xml @@ -21,7 +21,7 @@ io.jsonwebtoken jjwt-root - 0.10.1 + 0.10.2-SNAPSHOT ../../pom.xml diff --git a/extensions/orgjson/pom.xml b/extensions/orgjson/pom.xml index f5b28c1f6..8fd1b3451 100644 --- a/extensions/orgjson/pom.xml +++ b/extensions/orgjson/pom.xml @@ -21,7 +21,7 @@ io.jsonwebtoken jjwt-root - 0.10.1 + 0.10.2-SNAPSHOT ../../pom.xml diff --git a/extensions/orgjson/src/main/java/io/jsonwebtoken/io/OrgJsonDeserializer.java b/extensions/orgjson/src/main/java/io/jsonwebtoken/io/OrgJsonDeserializer.java index bd8e70688..e6ede8a18 100644 --- a/extensions/orgjson/src/main/java/io/jsonwebtoken/io/OrgJsonDeserializer.java +++ b/extensions/orgjson/src/main/java/io/jsonwebtoken/io/OrgJsonDeserializer.java @@ -8,6 +8,7 @@ import org.json.JSONTokener; import java.util.ArrayList; +import java.util.Iterator; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; @@ -46,7 +47,7 @@ private Object parse(String json) throws JSONException { if (c == '{') { //json object JSONObject o = new JSONObject(tokener); return toMap(o); - } else if ( c == '[' ) { + } else if (c == '[') { JSONArray a = new JSONArray(tokener); return toList(a); } else { @@ -58,7 +59,10 @@ private Object parse(String json) throws JSONException { private Map toMap(JSONObject o) { Map map = new LinkedHashMap<>(); - for (String key : o.keySet()) { + // https://github.com/jwtk/jjwt/issues/380: use .keys() and *not* .keySet() for Android compatibility: + Iterator iterator = o.keys(); + while (iterator.hasNext()) { + String key = iterator.next(); Object value = o.get(key); value = convertIfNecessary(value); map.put(key, value); @@ -67,8 +71,11 @@ private Map toMap(JSONObject o) { } private List toList(JSONArray a) { - List list = new ArrayList<>(a.length()); - for (Object value : a.toList()) { + int length = a.length(); + List list = new ArrayList<>(length); + // https://github.com/jwtk/jjwt/issues/380: use a.get(i) and *not* a.toList() for Android compatibility: + for( int i = 0; i < length; i++) { + Object value = a.get(i); value = convertIfNecessary(value); list.add(value); } diff --git a/extensions/orgjson/src/main/java/io/jsonwebtoken/io/OrgJsonSerializer.java b/extensions/orgjson/src/main/java/io/jsonwebtoken/io/OrgJsonSerializer.java index 66797cf40..dd42b7597 100644 --- a/extensions/orgjson/src/main/java/io/jsonwebtoken/io/OrgJsonSerializer.java +++ b/extensions/orgjson/src/main/java/io/jsonwebtoken/io/OrgJsonSerializer.java @@ -118,7 +118,22 @@ private JSONArray toJSONArray(Collection c) { @SuppressWarnings("WeakerAccess") //for testing protected byte[] toBytes(Object o) { - String s = JSONWriter.valueToString(o); + String s; + // https://github.com/jwtk/jjwt/issues/380 for Android compatibility (Android doesn't have org.json.JSONWriter): + // This instanceof check is a sneaky (hacky?) heuristic: A JwtBuilder only ever provides Map + // instances to its serializer instances, so by the time this method is invoked, 'o' will always be a + // JSONObject. + // + // This is sufficient for all JJWT-supported scenarios on Android since Android users shouldn't ever use + // JJWT's internal Serializer implementation for general JSON serialization. That is, its intended use + // is within the context of JwtBuilder execution and not for application use outside of that. + if (o instanceof JSONObject) { + s = o.toString(); + } else { + // we still call JSONWriter for all other values 'just in case', and this works for all valid JSON values + // This would fail on Android unless they include the newer org.json dependency and ignore Android's. + s = JSONWriter.valueToString(o); + } return s.getBytes(Strings.UTF_8); } } diff --git a/extensions/pom.xml b/extensions/pom.xml index 7b534fd4f..21b34b66d 100644 --- a/extensions/pom.xml +++ b/extensions/pom.xml @@ -21,7 +21,7 @@ io.jsonwebtoken jjwt-root - 0.10.1 + 0.10.2-SNAPSHOT ../pom.xml diff --git a/impl/pom.xml b/impl/pom.xml index f5d42c430..b70ce5417 100644 --- a/impl/pom.xml +++ b/impl/pom.xml @@ -21,7 +21,7 @@ io.jsonwebtoken jjwt-root - 0.10.1 + 0.10.2-SNAPSHOT ../pom.xml diff --git a/pom.xml b/pom.xml index 36371bb7d..9c65a9f83 100644 --- a/pom.xml +++ b/pom.xml @@ -25,7 +25,7 @@ io.jsonwebtoken jjwt-root - 0.10.1 + 0.10.2-SNAPSHOT JJWT JSON Web Token support for the JVM and Android pom @@ -43,7 +43,7 @@ scm:git:https://github.com/jwtk/jjwt.git scm:git:git@github.com:jwtk/jjwt.git git@github.com:jwtk/jjwt.git - 0.10.1 + 0.10.2-SNAPSHOT GitHub Issues