我需要允许用户通过grant_type = password并使用GET而不是POST来获取OAuth令牌。 TokenEndpoint的默认实现如下:
public class TokenEndpoint extends AbstractEndpoint {
private OAuth2RequestValidator oAuth2RequestValidator = new DefaultOAuth2RequestValidator();
private Set<HttpMethod> allowedRequestMethods = new HashSet<HttpMethod>(Arrays.asList(HttpMethod.POST));
@RequestMapping(value = "/oauth/token", method=RequestMethod.GET)
public ResponseEntity<OAuth2AccessToken> getAccessToken(Principal principal, @RequestParam
Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
if (!allowedRequestMethods.contains(HttpMethod.GET)) {
throw new HttpRequestMethodNotSupportedException("GET");
}
return postAccessToken(principal, parameters);
}
如您所见,默认允许仅为POST。我正在使用XML配置(而不是注释)。如何添加到Set the HttpMethod.GET?
答案 0 :(得分:1)
以下配置有效:
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.requestFactory(defaultOAuth2RequestFactory)
.authenticationManager(myUserAuthenticationManager)
.tokenStore(myTokenStore)
.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST);// to allow get for password grant
;
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security
.realm(REALM)
.allowFormAuthenticationForClients()// to let users do password grant with username/ password on get
;
}
答案 1 :(得分:0)
只使用XML配置,就无法配置允许的令牌端点方法。
这给你留下了两个选择:
@PostConstruct方法,以完成工作。Java配置可能就是你应该用于新应用程序的内容,但是如果你有一个使用XML配置的旧应用程序,那么这样的东西就可以工作:
@Configuration
public class AllowedMethodConfig {
@Autowired
private TokenEndpoint tokenEndpoint;
@PostConstruct
public void reconfigure() {
Set<HttpMethod> allowedMethods =
new HashSet<>(Arrays.asList(HttpMethod.GET, HttpMethod.POST));
tokenEndpoint.setAllowedRequestMethods(allowedMethods);
}
}