Spring Security在每个请求上请求一个新令牌

Question

我有一个应用程序，该应用程序从stackexchange api请求oauth访问令牌。我希望它仅在调用“ / login”时请求一次访问令牌，但是即使调用“ / content”或任何其他受限制的/ ** URL并重定向到/ callback，它也要求一个新令牌。但是我希望它只为每个用户请求一次令牌。请指导我。

这是application.properties文件

security.oauth2.client.client-id=XXXXXXXX
security.oauth2.client.client-secret= XXXXXXX
security.oauth2.client.access-token-uri=https://stackoverflow.com/oauth/access_token
security.oauth2.client.user-authorization-uri=https://stackoverflow.com/oauth/dialog
security.oauth2.client.token-name=oauth_token
security.oauth2.client.authentication-scheme=query
security.oauth2.client.client-authentication-scheme=form
security.oauth2.resource.user-info-uri=https://api.stackexchange.com/2.2/me?order=desc&sort=reputation&site=stackoverflow

security.oauth2.client.pre-established-redirect-uri=http://localhost:8080/callback
security.oauth2.client.useCurrentUri=false


spring.mvc.view.suffix=.jsp

这是oauth的配置类

import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

    @EnableOAuth2Sso
    @Configuration
    public class OAuth2Configuration extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .antMatcher("/**")
                    .authorizeRequests()
                    .antMatchers("/", "/login**", "/callback", "/error**")
                    .permitAll()
                    .anyRequest()
                    .authenticated();
        }
    }

这是MVC控制器类

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import java.security.Principal;

@Controller
public class HomeController {
    @RequestMapping("/user")
    public Principal getUser(Principal user) {
        return user;
    }

    @RequestMapping("/login")
    public String login() {
        return "login";
    }

    @RequestMapping("/callback{ans}")
    public String callback(@PathVariable String ans) {
        System.out.println("hi"+ans);
        return "callback";
    }

    @RequestMapping("/")
    public String home() {
        return "home";
    }

    @RequestMapping("/content")
    public String content() {
        return "content";
    }
}

我的pom.xml具有以下依赖性

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.apache.tomcat</groupId>
            <artifactId>jasper</artifactId>
            <version>6.0.53</version>
        </dependency>

        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>jstl</artifactId>
            <version>1.2</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security.oauth.boot</groupId>
            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
            <version>2.1.13.RELEASE</version>
        </dependency>