我正在开发一个简单的 Spring Boot application ,我传递client_id和secret以获取访问令牌,它获取刷新和访问令牌 .
但是当我尝试使用该令牌(使用此URL:curl -H "Authorization: Bearer ead8ba5d-88ad-4531-a821-db08bf25e888" localhost:8081 / my-end-point)访问资源(我的REST API)时,它对我不起作用并且给我以下错误 -
{"error":"invalid_token","error_description":"Invalid access token: ead8ba5d-4531-db08bf2fe888"}
这就是我的终点的样子 -
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import java.security.Principal;
@RestController
@RequestMapping(path = "/my-end-point")
public class PrincipalResource {
@RequestMapping(method = RequestMethod.POST)
public Principal oauth(Principal principal) {
/*
* Translate the incoming request, which has an access token
* Spring security takes the incoming request and injects the Java Security Principal
* The converter inside Spring Security will handle the to json method which the Spring Security
* Oauth client will know how to read
*
* The @EnableResourceServer on the application entry point is what makes all this magic happen.
* If there is an incoming request token it will check the token validity and handle it accordingly
*
*
*/
return principal;
}
} `
1 回答
确保在你的 AuthServerOAuth2Config
security.allowFormAuthenticationForClients().checkTokenAccess("permitAll()");
并通过在URL处向您的服务器发出 POST 请求来开始生成一些令牌: localhost:yourport/oauth/token
例如:
它会返回令牌
从响应数据中复制 access_token 并创建新 POST 请求http://localhost:8085/account
我希望它对你有所帮助