我已经配置了一个spring cloud配置服务器来使用oAuth2来提高安全性.除加密终点外,一切运行良好.当我尝试访问时,/encrypt我得到403 Forbidden.我在标题中包含授权承载令牌.有没有办法允许在使用oAuth保护服务器时调用加密端点,或者它是否始终被阻止?如果您想查看此服务器的任何配置文件,请告诉我.
仅供参考,以下是有效的方法.
/encrypt/status产生{"status":"OK"}oAuth身份验证正在与Google合作,因为它会引导我完成登录过程.
这是弹簧安全设置.
security:
require-ssl: true
auth2:
client:
clientId: PROVIDED BY GOOGLE
clientSecret: PROVIDED BY GOOGLE
accessTokenUri: https://www.googleapis.com/oauth2/v4/token
userAuthorizationUri: https://accounts.google.com/o/oauth2/v2/auth
scope:
- openid
- email
- profile
resource:
userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo
preferTokenInfo: true
server:
port: 8443
ssl:
key-store-type: PKCS12
key-store: /spring-config-server/host/tomcat-keystore.p12
key-alias: tomcat
key-store-password: ${KEYSTORE_PASSWORD}
这是我从POM文件中的依赖项,因此您可以看到我正在使用的库的版本.
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.0.RELEASE</version>
<relativePath/>
<!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<spring-cloud.version>Finchley.M8</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-config-server</artifactId>
</dependency> …