我有服务器的依赖和配置,因为它提到Minimal OAuth2 Boot Configuration:
安全配置使用@EnableResourceServer
注释。
属性包含:
spring:
security:
oauth2:
resource:
token-info-uri: https://token-validation-url/example
当我执行请求curl -H "Authorization: xyz" http://localhost:8080/my-endpoint
时,我得到401,但我没有看到将执行令牌验证的HTTP调用。
如果我从属性中删除spring前缀,我仍然得到401,但它尝试HTTP POST到https://token-validation-url/example
:
security:
oauth2:
resource:
token-info-uri: https://token-validation-url/example
如果我采取相同的标记并尝试手动HTTP GET https://token-validation-url/example?otoken=xyz
,它返回它是有效的。
如何指定otoken
查询参数?为什么服务器尝试使用HTTP POST
而不是HTTP GET
来验证令牌?
注意到HTTP POST https://token-validation-url/example?otoken=xyz
验证与使用的GET相同:
security:
oauth2:
resource:
token-info-uri: https://token-validation-url/example
只需要设置令牌名称:
@SpringBootApplication
public class ExampleApplication {
public static void main(String[] args) {
ConfigurableApplicationContext context = SpringApplication.run(ExampleApplication.class, args);
RemoteTokenServices remoteTokenServices = context.getBean(RemoteTokenServices.class);
remoteTokenServices.setTokenName("otoken");
}
}
配置RemoteTokenServices
的其他方法:Configuring resource server with RemoteTokenServices in Spring Security Oauth2