如何使用XML对Spring Security Oauth2启用/ oauth/check_token

Question

我已经使用spring-security 3.2.*和javaconfig成功启用了'/ oauth/check_token'端点,但是目前我只限于spring-security 3.1.4,然后我坚持使用XML配置.'/ oauth/token'端点正在按照我的意愿工作,但我无法启用check_token端点,我找不到任何(非javaconfig)文档来解释要做什么.

Vanila授权服务器配置:

<oauth:authorization-server 
        client-details-service-ref="client-service" 
        token-services-ref="tokenServices" >
    <oauth:refresh-token disabled="false" />
    <oauth:client-credentials disabled="false" />
    <oauth:password authentication-manager-ref="userAuthenticationManager"  />       
</oauth:authorization-server>

http安全配置:

<sec:http 
        auto-config="true"
        pattern="/oauth/token" 
        create-session="stateless"
        authentication-manager-ref="clientAuthenticationManager">
    <sec:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
    <sec:anonymous enabled="false"/>
    <sec:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
</sec:http>

我试图添加以下http配置但没有成功.

<sec:http 
        auto-config="true"
        pattern="/oauth/check_token" 
        create-session="stateless"
        authentication-manager-ref="clientAuthenticationManager">
    <sec:intercept-url pattern="/oauth/check_token" access="IS_AUTHENTICATED_FULLY" />
    <sec:anonymous enabled="false"/>
    <sec:http-basic entry-point-ref="clientAuthenticationEntryPoint" />
</sec:http>

拜托,任何建议.一个工作的例子会很棒.

最好./Kristofer

Answer 1

您需要创建一个type CheckTokenEndpoint(org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint)的bean .