我有服务器的依赖和配置,因为它提到Minimal OAuth2 Boot Configuration:
安全配置使用@EnableResourceServer注释。
属性包含:
spring:
security:
oauth2:
resource:
token-info-uri: https://token-validation-url/example
当我执行请求curl -H "Authorization: xyz" http://localhost:8080/my-endpoint时,我得到401,但我没有看到将执行令牌验证的HTTP调用。
如果我从属性中删除spring前缀,我仍然得到401,但它尝试HTTP POST到https://token-validation-url/example:
security:
oauth2:
resource:
token-info-uri: https://token-validation-url/example
如果我采取相同的标记并尝试手动HTTP GET https://token-validation-url/example?otoken=xyz,它返回它是有效的。
如何指定otoken查询参数?为什么服务器尝试使用HTTP POST而不是HTTP GET来验证令牌?
注意到HTTP POST https://token-validation-url/example?otoken=xyz验证与使用的GET相同:
security:
oauth2:
resource:
token-info-uri: https://token-validation-url/example
只需要设置令牌名称:
@SpringBootApplication
public class ExampleApplication {
public static void main(String[] args) {
ConfigurableApplicationContext context = SpringApplication.run(ExampleApplication.class, args);
RemoteTokenServices remoteTokenServices = context.getBean(RemoteTokenServices.class);
remoteTokenServices.setTokenName("otoken");
}
}
配置RemoteTokenServices的其他方法:Configuring resource server with RemoteTokenServices in Spring Security Oauth2