Spring Cloud Security Resource Server and JSON Vulnerability Protection

Asked Apr 08 '16 at 10:27

Active Apr 15 '16 at 10:02

Viewed 232 times

According to JSON Vulnerability Protection I prefix JSON responses:

@Bean
public MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter() {
    MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
    converter.setJsonPrefix(")]}',\n");
    return converter;
}

It works fine with AngularJS, but not with @EnableOAuth2Resource-App, because Jackson can't parse response from Authorization Server. Firthermore, I can't override

    @Bean
    public TokenStore jwtTokenStore() {
        return new JwtTokenStore(jwtTokenEnhancer());
    }

definition from org.springframework.cloud.security.oauth2.resource.ResourceServerTokenServicesConfiguration.JwtTokenServicesConfiguration to configure ObjectMapper/RestTemplate because of autoconfiguration ordering and SPR-13980.

Maybe I'm missing a solution?

edited Apr 08 '16 at 10:31

M. Deinum

115,695
22
220
224

asked Apr 08 '16 at 10:27

Anton Bessonov

9,208
3
35
38

Don't use the auto configuration, copy and override what you need. – M. Deinum Apr 08 '16 at 10:30

Spring Cloud Security Resource Server and JSON Vulnerability Protection

0 Answers0