如何更改Spring安全OAuth2默认令牌端点？ [英] How to change spring security oauth2 default token endpoint?

问题描述

我们有基于Spring Security OAuth2的应用程序。一切都运行得很好。但我无法将默认令牌终结点从"/OAuth/Token"更改为"/External/OAuth/Token"。

我的Spring-servlet.xml

<http pattern="/external/oauth/token" create-session="stateless" 
       authentication-manager-ref="clientAuthenticationManager"
       use-expressions="true" xmlns="http://www.springframework.org/schema/security">
      <intercept-url pattern="/external/oauth/token" access="isFullyAuthenticated()" />
      <anonymous enabled="false" />
      <http-basic entry-point-ref="clientAuthenticationEntryPoint" />
      <!-- include this only if you need to authenticate clients via request parameters -->
      <custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" />
      <access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>

<oauth:authorization-server client-details-service-ref="clientDetails" 
        token-services-ref="tokenServices" 
        user-approval-handler-ref="userApprovalHandler" token-endpoint-url="/external/oauth/token">
        <oauth:authorization-code />
        <oauth:implicit />
        <oauth:refresh-token />
        <oauth:client-credentials />
        <oauth:password />
</oauth:authorization-server>

但我访问此终结点时的结果是

{
    error: "unauthorized"
    error_description: "An Authentication object was not found in the SecurityContext"
}

我错过了什么吗？请提出建议。

推荐答案

使用Spring-SECURITY-OAuth2的2.0.5.RELEASE或更高版本

在经过测试并正常工作的基于Java的配置中的一行中，它以某种方式覆盖了TokenEndpoint类的RequestMaping值。

@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {      

        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            endpoints
                .pathMapping("/oauth/token", "<your custom endpoint>")
        }
}

这篇关于如何更改Spring安全OAuth2默认令牌端点？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！