Spring Boot ResponseBody is not Serializing to JSON after implementing Spring Security

Question

After adding Spring Security (without really configuring it to do anything) to my Spring Boot project, the integration tests have been failing with the following error:

java.lang.AssertionError: Response body was not valid JSON: <CustomResponse><content><id>dde6fd40-0ca3-482b-9a8e-b05fdab1b7b6</id><domain>somedomain.com</domain></content></CustomResponse>

Before adding Spring Security to the project, my response bodies have been appropriately serialized to JSON.

I've been scouring the Spring Security docs to see what is going on between any response body and the client, but I couldn't figure out why Spring Security might be interfering with how the RestController serializes it.

Here is a sample of my RestController:

@RestController
@RequestMapping("example-mapping")
@AllArgsConstructor
public class ExampleController {

  private final ExampleService exampleService;

  @GetMapping("/example")
  public CustomResponse<ExampleDTO> checkOut(@RequestParam("domain") String domain) {

    ExampleEntity result = exampleService.checkOut(domain);

    return new CustomResponse<>(new ExampleDTO(result));
  }
}

Here is my barebones, nothing Security Config:

@Configuration
@AllArgsConstructor
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

  private AuthenticationFilter authenticationFilter;

  protected void configure(HttpSecurity http) throws Exception {
    http
        .addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class)
        .httpBasic().disable();
  }
}

Here is my barebones, nothing auth filter:

@Component
@AllArgsConstructor
public class AuthenticationFilter extends OncePerRequestFilter {

  private ObjectMapper objectMapper; // injecting a global object mapper to read headers

  @Override
  protected void doFilterInternal(
      HttpServletRequest request,
      HttpServletResponse response,
      FilterChain filterChain) throws ServletException, IOException {

    // Read some headers, but currently not doing anything

    filterChain.doFilter(request, response);
  }
}

EDIT: After looking at the Content-Type of the response, its application/xml (DUH). So the question is, where is the the auth filter setting the response as XML?

EDIT: Changing @GetMapping("/example") to @GetMapping(value = "/example", produces = "application/json") fixes the serialization problem. Is there a way to have them all produce JSON by default?

Answer 1

JSON is already the default content-type when you set up a project with spring-web . It shouldn't matter if there is also spring-security in the classpath. I created an example project with a minimum of dependencies:

<dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

My TestController returns by default JSON:

@RestController
public class TestController {

    @GetMapping("/hello")
    public Map<String, String> getGreeting() {
        final HashMap<String, String> result = new HashMap<>();
        result.put("value", "hello");
        return result;
    }

}

{
  "value": "hello"
}

So there might be a problem with your dependencies.