Open
Description
Since Spring Session defines its own types to be serialized and, therefore, has different needs than Spring Security, we should provide a Jackson Module that registers the required mixins.
See:
- Newly created session message can not be deserialized by RedisIndexedSessionRepository correctly when using GenericJackson2JsonRedisSerializer #2227
- Whitelist for Jackson security is too strict and doesn't work well with Redis sessions in spring-session spring-security#4889
- Allow java.lang.Long in whitelist for Jackson security spring-security#12294