我已经有一个spring oauth2认证服务器,并且我打算制造另一个资源服务器。但是,在为资源服务器配置了resourceid之后,我发现实际经过身份验证的resourceid仍然是身份验证服务器中的id。我该怎么办?有人遇到过类似的问题吗?
身份验证服务器
clientDetails.setClientId(clientId);
clientDetails.setClientSecret("secret");
String[] agt = "password".split(",");
clientDetails.setAuthorizedGrantTypes(Arrays.asList(agt));
String[] spe = "server".split(",");
clientDetails.setScope(Arrays.asList(spe));
clientDetails.setAccessTokenValiditySeconds(60);
clientDetails.setResourceIds(Arrays.asList("resource-web","myresources"));
return clientDetails;
资源服务器
@EnableGlobalMethodSecurity(securedEnabled = true)
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
private static final String DEMO_RESOURCE_ID = "resource-api";
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources
.resourceId(DEMO_RESOURCE_ID).stateless(true);
}
// OAuth2AuthenticationProcessingFilter
@Override
public void configure(HttpSecurity http) throws Exception {
http.requestMatchers().anyRequest()
.and()
.authorizeRequests()
.antMatchers("/api/USER/**").hasAuthority("ROLE_USER")
.antMatchers("/api/ADMIN/**").hasAuthority("ADMIN");
}
}