Spring JSON污染了JacksonMessageConverter的响应 [英] Spring JSON tainting response from JacksonMessageConverter

问题描述

我的Spring应用程序中有一个JacksonMessageConverter用于返回JSON响应。
但是在返回JSON之前，我想要污染JSON，如 Ajax安全性 - 防止JSON劫持。使用消息转换器时是否可以这样做？

I have a JacksonMessageConverter in my Spring application for returning JSON response. But before the JSON is returned, I would like to taint the JSON as given in Ajax Security - Preventing JSON hijacking. Is it possible to do so when using a message converter?

更新

我正在寻找类似于 spring prefixjson with responsebody 的解决方案，但我已经配置了配置正确。 PFB

Am looking for a solution similar to this spring prefixjson with responsebody but I already have the configuration set up correctly. PFB

<bean id="jacksonMessageConverter"
class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter">
    <property name="prefixJson" value="true" />
    <property name="supportedMediaTypes" value = "text/plain;charset=UTF-8" />
</bean>
<bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter">
    <property name="messageConverters">
        <list>
            <ref bean="jacksonMessageConverter"/>
        </list>
    </property>
</bean>

但返回的JSON仍然没有&& {}前缀。

But still the returned JSON is not prefixed with "&&{}".

注意：我想为JSON使用不同的前缀，如 Ajax安全 - 防止JSON劫持
但是杰克逊提供的默认支持似乎不起作用。任何想法？

NOTE : I would like to use a different prefix for the JSON as explained in Ajax Security - Preventing JSON hijacking but even the default support provided in Jackson does not seem to work. Any ideas?

推荐答案

尝试调试MappingJacksonHttpMessageConverter，看看，如果 prefixJson 等于 true 。
如果没有，那么你的豆子不会被注入。
如果是，请查看MappingJacksonHttpMessageConverter类的 writeInternal（）方法。 IT显然可以满足您的需求：

Try to debug MappingJacksonHttpMessageConverter to see, if prefixJson equals true. If not, then your bean not injected propely. If yes, look in the writeInternal() method of MappingJacksonHttpMessageConverter class. IT clearly do what you need:

try {
        if (this.prefixJson) {
            jsonGenerator.writeRaw("{} && ");
        }
        this.objectMapper.writeValue(jsonGenerator, o);
    }

如果你想添加自定义前缀，你需要覆盖 writeInternal（）并在那里完成。

If you want to add custom prefix, you need to override writeInternal() and do it there.

这篇关于Spring JSON污染了JacksonMessageConverter的响应的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！