Spring Security OAuth2接受JSON

Spring Security OAuth2接受JSON

解决方案（不确定是否正确，但表明它正在工作）：

资源服务器配置：

@Configurationpublic class ServerEndpointsConfiguration extends ResourceServerConfigurerAdapter {    @Autowired    JsonToUrlEnpredAuthenticationFilter jsonFilter;    @Override    public void configure(HttpSecurity http) throws Exception {        http .addFilterBefore(jsonFilter, ChannelProcessingFilter.class) .csrf().and().httpBasic().disable() .authorizeRequests() .antMatchers("/test").permitAll() .antMatchers("/secured").authenticated();    }}

过滤：

@Component@Order(value = Integer.MIN_VALUE)public class JsonToUrlEnpredAuthenticationFilter implements Filter {    @Override    public void init(FilterConfig filterConfig) throws ServletException {    }    @Override    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {        if (Objects.equals(request.getContentType(), "application/json") && Objects.equals(((RequestFacade) request).getServletPath(), "/oauth/token")) { InputStream is = request.getInputStream(); ByteArrayOutputStream buffer = new ByteArrayOutputStream(); int nRead; byte[] data = new byte[16384]; while ((nRead = is.read(data, 0, data.length)) != -1) {     buffer.write(data, 0, nRead); } buffer.flush(); byte[] json = buffer.toByteArray(); HashMap<String, String> result = new ObjectMapper().readValue(json, HashMap.class); HashMap<String, String[]> r = new HashMap<>(); for (String key : result.keySet()) {     String[] val = new String[1];     val[0] = result.get(key);     r.put(key, val); } String[] val = new String[1]; val[0] = ((RequestFacade) request).getMethod(); r.put("_method", val); HttpServletRequest s = new MyServletRequestWrapper(((HttpServletRequest) request), r); chain.doFilter(s, response);        } else { chain.doFilter(request, response);        }    }    @Override    public void destroy() {    }}

请求包装器：

public class MyServletRequestWrapper extends HttpServletRequestWrapper {    private final HashMap<String, String[]> params;    public MyServletRequestWrapper(HttpServletRequest request, HashMap<String, String[]> params) {        super(request);        this.params = params;    }    @Override    public String getParameter(String name) {        if (this.params.containsKey(name)) { return this.params.get(name)[0];        }        return "";    }    @Override    public Map<String, String[]> getParameterMap() {        return this.params;    }    @Override    public Enumeration<String> getParameterNames() {        return new Enumerator<>(params.keySet());    }    @Override    public String[] getParameterValues(String name) {        return params.get(name);    }}

授权服务器配置（对/ oauth / token端点禁用基本身份验证：

    @Configurationpublic class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {    ...    @Override    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {        oauthServer.allowFormAuthenticationForClients(); // Disable /oauth/token Http Basic Auth    }    ...}