fastjson配置发出来，
错误的json和正确的也发出来。

# 集成 fastjson 的配置如下:

@configuration
public class WebMvcConfigurer extends WebMvcConfigurerAdapter {
...
/**

• 使用 FastJson 替换 Jackson
• @param converters
  */
  @OverRide
  public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
  FastJsonHttpMessageConverter converter = new FastJsonHttpMessageConverter();
  FastJsonConfig config = new FastJsonConfig();
  config.setSerializerFeatures(
  SerializerFeature.DisableCircularReferenceDetect
  );
  converter.setFastJsonConfig(config);
  converters.add(converter);
  log.info("FastJSON enabled");
  }
  ...
  }

# /oauth/token 获取到的报文如下（其中 value 即是 access token）:

{
"expiration": 1513752144897,
"expired": false,
"expiresIn": 604799,
"refreshToken": {
"expiration": 1515739344897,
"value": "dae50004-939c-40f2-98d8-4882374e08c7"
},
"scope": [
"api"
],
"tokenType": "bearer",
"value": "1e2c4181-01be-4aa1-8042-c2d2f74008d0"
}

# 而不集成 fastjson 时，获取到的报文如下：

{
"access_token": "d83156d4-cec3-4aa9-b9dc-78612ce3cd92",
"token_type": "bearer",
"refresh_token": "37d7638a-8ee2-4a74-8194-cf9673ab1689",
"expires_in": 604799,
"scope": "api"
}

多谢！

这个bug我也遇到了，目前是把FastJsonHttpMessageConverter去掉了。

请问这个问题解决了吗？

You can Autowired ObjectMapper
Just like this:

@Component
public class***AuthenticationSuccessHandler implements AuthenticationSuccessHandler {

        private final ObjectMapper objectMapper;

	@Autowired
	public**AuthenticationSuccessHandler(
			ObjectMapper objectMapper) {
		this.objectMapper = objectMapper;
	}
        @Override
	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
			Authentication authentication) throws IOException, ServletException {
		***
                response.getWriter().write(objectMapper.writeValueAsString(oAuth2AccessToken));
        }
}

我跟你碰到的问题一样 请问你最后怎么解决的

我也遇到了，这个问题怎么解决呢？ 现在我是在每个spring boot项目的启动文件中单独设置。

貌似还没解决，就因为这个，换回去用 jackson 了

我也遇到了，目前只能把FastJsonHttpMessageConverter先去掉

可以考虑手动生成token流程，并在最后序列化的时候使用Jackson的ObjectMapper进行序列化并返回给客户端。（之前我的回复过于模糊，实在抱歉）

import java.io.IOException;
import java.util.Base64;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.collections4.MapUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.TokenRequest;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;

/**
 * authentication success handler.
 * 
 * @author johnniang
 *
 */
@Component
public class***AuthenticationSuccessHandler implements AuthenticationSuccessHandler {

	private Logger logger = LoggerFactory.getLogger(getClass());

	private String credentialsCharset = "UTF-8";

	private final ClientDetailsService clientDetailsService;

	private final AuthorizationServerTokenServices authorizationServerTokenServices;

	private final PasswordEncoder passwordEncode;

	private final ObjectMapper objectMapper;

	@Autowired
	public***AuthenticationSuccessHandler(ClientDetailsService clientDetailsService,
			AuthorizationServerTokenServices authorizationServerTokenServices, PasswordEncoder passwordEncode,
			ObjectMapper objectMapper) {
		this.clientDetailsService = clientDetailsService;
		this.authorizationServerTokenServices = authorizationServerTokenServices;
		this.passwordEncode = passwordEncode;
		this.objectMapper = objectMapper;
	}

	@Override
	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
			Authentication authentication) throws IOException, ServletException {
		logger.info("login successfully.");
		String header = request.getHeader("Authorization");

		if (header == null || !header.startsWith("Basic ")) {
			throw new UnapprovedClientAuthenticationException("There is not client information.");
		}

		String[] tokens = extractAndDecodeHeader(header, request);
		assert tokens.length == 2;

		String clientId = tokens[0];
		String clientSecret = tokens[1];

		if (logger.isDebugEnabled()) {
			logger.debug("Client Id		: {}", clientId);
			logger.debug("Client Secret	: {}", clientSecret);
		}

		ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);

		if (clientDetails == null) {
			throw new UnapprovedClientAuthenticationException("Client information was not found: " + clientId);
		}
		if (!passwordEncode.matches(clientSecret, clientDetails.getClientSecret())) {
			throw new UnapprovedClientAuthenticationException("Client secret was not matched: " + clientId);
		}

		@SuppressWarnings("unchecked")
		TokenRequest tokenRequest = new TokenRequest(MapUtils.EMPTY_SORTED_MAP, clientId, clientDetails.getScope(),
				"custom");

		// create a OAuth2Request
		OAuth2Request oAuth2Request = tokenRequest.createOAuth2Request(clientDetails);

		// create a OAuth2Authentication
		OAuth2Authentication oAuth2Authorization = new OAuth2Authentication(oAuth2Request, authentication);

		// produce a token
		OAuth2AccessToken oAuth2AccessToken = authorizationServerTokenServices.createAccessToken(oAuth2Authorization);

		response.setStatus(HttpStatus.OK.value());
		response.setContentType("application/json;charset=UTF-8");

		// write date as timestamp
		objectMapper.enable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
		response.getWriter().write(objectMapper.writeValueAsString(oAuth2AccessToken));
	}

	/**
	 * Decodes the header into a username and password.
	 *
	 * @throws BadCredentialsException
	 *             if the Basic header is not present or is not valid Base64
	 */
	private String[] extractAndDecodeHeader(String header, HttpServletRequest request) throws IOException {

		byte[] base64Token = header.substring(6).getBytes("UTF-8");
		byte[] decoded;
		try {
			decoded = Base64.getDecoder().decode(base64Token);
		} catch (IllegalArgumentException e) {
			throw new BadCredentialsException("Failed to decode basic authentication token");
		}

		String token = new String(decoded, credentialsCharset);

		int delim = token.indexOf(":");

		if (delim == -1) {
			throw new BadCredentialsException("Invalid basic authentication token");
		}
		return new String[] { token.substring(0, delim), token.substring(delim + 1) };
	}
}

/**
 * OAuth2 resource server config
 * 
 * @author johnniang
 *
 */
@Component
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {

        private final AuthenticationSuccessHandler authenticationSuccessHandler;
        public OAuth2ResourceServerConfig(
			AuthenticationSuccessHandler authenticationSuccessHandler)
		this.authenticationSuccessHandler = authenticationSuccessHandler;
	}

	@Override
	public void configure(HttpSecurity http) throws Exception {
		http //
				.formLogin() //
				.loginProcessingUrl("/login") //
				.successHandler(authenticationSuccessHandler) //
				.permitAll() //
				.and() //
				.logout() //
                              ***
        }
}

希望能够解决你们的问题

我也碰到这类问题，最后通过fastjson 自定了一个SerializeFilter进行处理DefaultOAuth2AccessToken的序列化

public class CustomSerializeFilter extends BeforeFilter implements PropertyPreFilter {

    @Override
    public void writeBefore(Object object) {
        /**

* DefaultOAuth2AccessToken 默认格式
* {
* "access_token": "763d17ee-7847-4d8b-b3e8-207110d094c9",
* "token_type": "bearer",
* "refresh_token": "68d85c17-e817-4582-95dd-169dce4a3264",
* "expires_in": 7199,
* "scope": "read write"
* }
* /

        if (object instanceof DefaultOAuth2AccessToken) {
            DefaultOAuth2AccessToken accessToken = (DefaultOAuth2AccessToken) object;
            writeKeyValue("access_token", accessToken.getValue());
            writeKeyValue("token_type", accessToken.getTokenType());
            writeKeyValue("refresh_token", accessToken.getRefreshToken().getValue());
            writeKeyValue("expires_in", accessToken.getExpiresIn());
            writeKeyValue("scope", String.join(" ", accessToken.getScope()));
        }
    }

    @Override
    public boolean apply(JSONSerializer serializer, Object object, String name) {
        // DefaultOAuth2AccessToken、DefaultExpiringOAuth2RefreshToken
        // 原先的所有属性都不进行序列化
        return !(object instanceof DefaultOAuth2AccessToken
                || object instanceof DefaultExpiringOAuth2RefreshToken);
    }
}

FastJsonHttpMessageConverter中加入自定义的SerializeFilter
后面又发现FormOAuth2AccessTokenMessageConverter的实现，可以把这个加进去测试一下

这个就太坑了 如果这样改 后续岂不是还有很多其他错误可能发生？有一套整体的解决方案不

已经提供了解决方案，将FormOAuth2AccessTokenMessageConverter这个加入HttpMessageConverter中即可

你好，可以详细讲一下。如何把这个FormOAuth2AccessTokenMessageConverter 加到 HttpMessageConverter中的方案吗？非常感谢

不好意思，当时我看错了，这段时间比较忙没看这个问题，你需要自行写个HttpMessageConverter来转换OAuth2AccessToken，fastjson本身也意识到这个问题，但是FormOAuth2AccessTokenMessageConverter这个类的writeInternal方法没有进行实现，你需要自行实现转换

public class OAuth2AccessTokenMessageConverter extends AbstractHttpMessageConverter<OAuth2AccessToken> {

    private final FastJsonHttpMessageConverter delegateMessageConverter;

    public OAuth2AccessTokenMessageConverter() {
        super(MediaType.APPLICATION_JSON);
        this.delegateMessageConverter = new FastJsonHttpMessageConverter();
    }

    @Override
    protected boolean supports(Class<?> clazz) {
        return OAuth2AccessToken.class.isAssignableFrom(clazz);
    }

    @Override
    protected OAuth2AccessToken readInternal(Class<? extends OAuth2AccessToken> clazz, HttpInputMessage inputMessage)
            throws IOException, HttpMessageNotReadableException {
        throw new UnsupportedOperationException(
                "This converter is only used for converting from externally aqcuired form data");
    }

    @Override
    protected void writeInternal(OAuth2AccessToken accessToken, HttpOutputMessage outputMessage) throws IOException,
            HttpMessageNotWritableException {
        Map<String, Object> data = new HashMap<>(8);
        data.put(OAuth2AccessToken.ACCESS_TOKEN, accessToken.getValue());
        data.put(OAuth2AccessToken.TOKEN_TYPE, accessToken.getTokenType());
        data.put(OAuth2AccessToken.EXPIRES_IN, accessToken.getExpiresIn());
        data.put(OAuth2AccessToken.SCOPE, String.join(" ", accessToken.getScope()));
        OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
        if (Objects.nonNull(refreshToken)) {
            data.put(OAuth2AccessToken.REFRESH_TOKEN, refreshToken.getValue());
        }
        delegateMessageConverter.write(data, MediaType.APPLICATION_JSON, outputMessage);
    }

}

加入MessageConverters

@Configuration
public class Oauth2WebMvcConfigurer implements WebMvcConfigurer {

    @Override
    public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
       converters.add(0, new FastJsonHttpMessageConverter());
       converters.add(0, new OAuth2AccessTokenMessageConverter());
    }
}

你可以参考OAuth2AccessToken这个序列化类OAuth2AccessTokenJackson2Serializer进行编写相应的代码