根据JSON Vulnerability Protection,我为 JSON 响应添加前缀:
@Bean
public MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter() {
MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
converter.setJsonPrefix(")]}',\n");
return converter;
}
它适用于 AngularJS,但不适用于@EnableOAuth2Resource
-App,因为 Jackson 无法解析来自授权服务器的响应。此外,我无法覆盖
@Bean
public TokenStore jwtTokenStore() {
return new JwtTokenStore(jwtTokenEnhancer());
}
org.springframework.cloud.security.oauth2.resource.ResourceServerTokenServicesConfiguration.JwtTokenServicesConfiguration
由于自动配置排序和SPR-13980 ,定义从配置 ObjectMapper/RestTemplate 。
也许我缺少解决方案?