Configuring resource server with RemoteTokenServices in Spring Security Oauth2

后端未结

关注

 4  2057

臣服心动 2021-01-03 06:58

I\'m trying to implement a authorization server and a resource server using spring security oauth2. So far i\'ve managed to setup the authorization server and since i dont w

4条回答

轻奢々 (楼主)

2021-01-03 07:45

/oauth/check_token must configure permission separately, it is 'denyAll' by default. If you add logging.level.org.springframework.security=DEBUG in properties, you can found the following logging lines:

2017-09-14 14:52:01.379  INFO 15591 --- [           main] b.a.s.AuthenticationManagerConfiguration : 
Using default security password: f1f7e508-4a30-4aad-914f-d0e90da6079a
2017-09-14 14:52:01.775 DEBUG 15591 --- [           main] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'fullyAuthenticated', for Ant [pattern='/oauth/token']
2017-09-14 14:52:01.872 DEBUG 15591 --- [           main] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'denyAll()', for Ant [pattern='/oauth/token_key']
2017-09-14 14:52:01.879 DEBUG 15591 --- [           main] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'denyAll()', for Ant [pattern='/oauth/check_token']

I don't know how to permit it in xml, but by javaconfig as follow

@Configuration
@EnableAuthorizationServer
public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {
    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.checkTokenAccess("isAuthenticated()");
        // security.checkTokenAccess("permitAll");
    }
}

I found How to enable /oauth/check_token with Spring Security Oauth2 using XML. Maybe help.

0 讨论(0)

查看其它4个回答