2

根据JSON Vulnerability Protection,我为 JSON 响应添加前缀:

@Bean
public MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter() {
    MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
    converter.setJsonPrefix(")]}',\n");
    return converter;
}

它适用于 AngularJS,但不适用于@EnableOAuth2Resource-App,因为 Jackson 无法解析来自授权服务器的响应。此外,我无法覆盖

    @Bean
    public TokenStore jwtTokenStore() {
        return new JwtTokenStore(jwtTokenEnhancer());
    }

org.springframework.cloud.security.oauth2.resource.ResourceServerTokenServicesConfiguration.JwtTokenServicesConfiguration由于自动配置排序和SPR-13980 ,定义从配置 ObjectMapper/RestTemplate 。

也许我缺少解决方案?

4

0 回答 0