Spring Security OAuth2 check_token 端点 [英] Spring Security OAuth2 check_token endpoint
问题描述
我正在尝试设置一个资源服务器以使用 spring security oauth 与单独的授权服务器一起工作.我正在使用需要 /check_token
端点的 RemoteTokenServices
.
I'm trying to setup a resource server to work with separate authorization server using spring security oauth. I'm using RemoteTokenServices
which requires /check_token
endpoint.
我可以看到 /oauth/check_token
端点在使用 @EnableAuthorizationServer
时默认启用.但是,默认情况下无法访问端点.
I could see that /oauth/check_token
endpoint is enabled by default when @EnableAuthorizationServer
is used. However the endpoint is not accessible by default.
是否应该手动添加以下条目以将此端点列入白名单?
Should the following entry be added manually to whitelist this endpoint?
http.authorizeRequests().antMatchers("/oauth/check_token").permitAll();
这将使所有人都可以访问此端点,这是所需的行为吗?或者我错过了什么.
This will make this endpoint accessible to all, is this the desired behavior? Or am I missing something.
提前致谢,
推荐答案
你必须
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception
{
oauthServer.checkTokenAccess("permitAll()");
}
有关这方面的更多信息::
For more information on this ::
这篇关于Spring Security OAuth2 check_token 端点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!