Spring Security OAuth2 check_token端点 [英] Spring Security OAuth2 check_token endpoint
问题描述
我正在尝试使用Spring Security oauth设置资源服务器以与单独的授权服务器一起使用.我正在使用需要/check_token
端点的RemoteTokenServices
.
I'm trying to setup a resource server to work with separate authorization server using spring security oauth. I'm using RemoteTokenServices
which requires /check_token
endpoint.
我看到使用@EnableAuthorizationServer
时默认启用了/oauth/check_token
端点.但是,默认情况下无法访问该端点.
I could see that /oauth/check_token
endpoint is enabled by default when @EnableAuthorizationServer
is used. However the endpoint is not accessible by default.
是否应手动添加以下条目以将此端点列入白名单?
Should the following entry be added manually to whitelist this endpoint?
http.authorizeRequests().antMatchers("/oauth/check_token").permitAll();
这将使所有人均可访问此端点,这是否是所需的行为?还是我错过了一些东西.
This will make this endpoint accessible to all, is this the desired behavior? Or am I missing something.
谢谢,
推荐答案
您必须
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception
{
oauthServer.checkTokenAccess("permitAll()");
}
有关此的更多信息::
For more information on this ::
这篇关于Spring Security OAuth2 check_token端点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!