java – HTTP标头中的Spring OAuth2访问令牌
发布时间:2020-12-15 04:27:45 所属栏目:Java 来源:网络整理
导读:我试图在一个应用程序中使用Authorization Server实现 Spring Oauth2设置,在单独的应用程序中实现Resource Server. 我将从一开始就说,由于当前的系统限制,我被迫使用旧版本的Spring / Spring Security,直到我们可以计划进行系统升级: 春天:3.1.1春天 安全
我试图在一个应用程序中使用Authorization Server实现
Spring Oauth2设置,在单独的应用程序中实现Resource Server.
我将从一开始就说,由于当前的系统限制,我被迫使用旧版本的Spring / Spring Security,直到我们可以计划进行系统升级: >春天:3.1.1春天 我有一切工作,但是,当我从资源服务器请求受限资源时,我必须提供access_token作为查询参数. 我更愿意将其作为HTTP标头提供. Spring Security Oauth中是否有内置功能? 资源服务器配置 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:oauth="http://www.springframework.org/schema/security/oauth2" xmlns:sec="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd"> <!-- Resource Server Filter --> <oauth:resource-server id="resourceServerFilter" resource-id="someResourceId" token-services-ref="tokenServices"/> <!-- END Resource Server Filter --> <!-- Protected resources --> <http pattern="/rest/BasicService/**" create-session="stateless" xmlns="http://www.springframework.org/schema/security" entry-point-ref="oauthAuthenticationEntryPoint"> <anonymous enabled="false"/> <intercept-url pattern="/rest/BasicService/**" access="ROLE_USER"/> <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/> <access-denied-handler ref="oauthAccessDeniedHandler"/> </http> <!-- END Protected resources --> <!-- Authentication --> <sec:authentication-manager xmlns="http://www.springframework.org/schema/security" /> <bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" xmlns="http://www.springframework.org/schema/beans"/> <bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/> <!-- END Authentication --> <!-- Token Store --> <bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.JdbcTokenStore"> <constructor-arg ref="myJdbcTokenStore" /> </bean> <bean id="myJdbcTokenStore" class="org.springframework.jndi.JndiObjectFactoryBean"> <property name="jndiName" value="java:comp/env/jdbc/someJNDIDatabaseName"/> </bean> <bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices"> <property name="tokenStore" ref="tokenStore"/> </bean> <!-- END Token Store --> </beans> 解决方法
正如prtk_shah的评论中所提到的,需要将令牌类型添加到Authorization标头中.
授权:持票人 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
推荐文章
站长推荐
热点阅读