如何使用XML使用Spring Security Oauth2启用/oauth/check_token [英] How to enable /oauth/check_token with Spring Security Oauth2 using XML

问题描述

我已经使用spring-security 3.2.*和javaconfig成功启用了'/oauth/check_token'终结点，但是目前我仅限于spring-security 3.1.4，然后又坚持使用XML config. '/oauth/token'端点按我的意愿工作，但是我无法启用check_token端点，也找不到任何(非javaconfig)文档来说明如何做.

I have successfully enabled the '/oauth/check_token' endpoint using spring-security 3.2.* and javaconfig but currently I'm restricted to spring-security 3.1.4 and then i'm stucked to XML config. '/oauth/token' endpoint is working as i wish but I can't get the check_token endpoint to be enabled and I can't find any (non javaconfig) documentation explaining what to do.

Vanila授权服务器配置:

Vanila Authorization server config:

<oauth:authorization-server 
        client-details-service-ref="client-service" 
        token-services-ref="tokenServices" >
    <oauth:refresh-token disabled="false" />
    <oauth:client-credentials disabled="false" />
    <oauth:password authentication-manager-ref="userAuthenticationManager"  />       
</oauth:authorization-server>

http安全配置:

<sec:http 
        auto-config="true"
        pattern="/oauth/token" 
        create-session="stateless"
        authentication-manager-ref="clientAuthenticationManager">
    <sec:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
    <sec:anonymous enabled="false"/>
    <sec:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
</sec:http>

我尝试添加以下http配置，但没有成功.

I've tried to add following http config without success.

<sec:http 
        auto-config="true"
        pattern="/oauth/check_token" 
        create-session="stateless"
        authentication-manager-ref="clientAuthenticationManager">
    <sec:intercept-url pattern="/oauth/check_token" access="IS_AUTHENTICATED_FULLY" />
    <sec:anonymous enabled="false"/>
    <sec:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
</sec:http>

请提出任何建议.一个可行的例子将是很好的.

please, any suggestions. A working example would be great.

最佳 ./Kristofer

best ./Kristofer

推荐答案

使用spring oauth2的最新版本:

Use the last version of spring oauth2:

<dependency>
  <groupId>org.springframework.security.oauth</groupId>
  <artifactId>spring-security-oauth2</artifactId>
  <version>2.0.10.RELEASE</version>
</dependency>

确保在Spring Security oauth文件配置中使用了正确的xsd版本:

Ensure what the correct version of xsd is in use in spring security oauth file configuration:

http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd

在选项authorization-server中插入选项check-token-enabled="true":

<oauth:authorization-server ... check-token-enabled="true">
... 
</oauth:authorization-server>

这篇关于如何使用XML使用Spring Security Oauth2启用/oauth/check_token的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！