我正在尝试将Spring OAuth2安全性添加到我的应用程序中以保护我的REST端点,即Spring RestControllers.目前我只是试图让基本的部分到位.但是,OAuth2提供程序的某些内容正在生成oauth2AuthorizationEndpoint bean方法的模糊映射.
我正在使用spring-security-web:3.2.8.RELEASE和pring-security-oauth2:2.0.7.RELEASE在启动时我收到以下错误:
java.lang.RuntimeException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'oauth2HandlerMapping': Invocation of init method failed; nested exception is java.lang.IllegalStateException: Ambiguous mapping found. Cannot map 'authorizationEndpoint' bean method
public org.springframework.web.servlet.ModelAndView org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.authorize(java.util.Map<java.lang.String, java.lang.Object>,java.util.Map<java.lang.String, java.lang.String>,org.springframework.web.bind.support.SessionStatus,java.security.Principal)
to {[/oauth/authorize],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}: There is already 'oauth2AuthorizationEndpoint' bean method
我的配置是:
<security:http pattern="/api/**" entry-point-ref="oauth2EntryPoint"
access-decision-manager-ref="affirmativeBasedDecisionManager">
<security:intercept-url pattern="/api/mobile/survey/**" access="ROLE_CANVASSER"/>
<security:intercept-url pattern="/api/mobile/monitor/**" access="ROLE_MONITOR"/>
<security:intercept-url pattern="/api/**" access="ROLE_GEM_USER"/>
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER"/>
<security:access-denied-handler ref="oauthAccessDeniedHandler"/>
</security:http>
<oauth:authorization-server
client-details-service-ref="gemUserClientDetailsService" token-services-ref="tokenServices">
<oauth:authorization-code />
<oauth:implicit/>
<oauth:refresh-token/>
<oauth:client-credentials />
<oauth:password authentication-manager-ref="authenticationManager"/>
</oauth:authorization-server>
<bean id="defaultOAuth2UserApprovalHandler" class="org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler"/>
<bean id="tokenServices" …