spring-security-oauth2 - 如何更改 spring security oauth2 默认 token 端点？

Question

我们有基于 spring security oauth2 的应用程序。一切正常。但是我无法将默认 token 端点从“/oauth/token”更改为“/external/oauth/token”。

我的 spring-servlet.xml

<http pattern="/external/oauth/token" create-session="stateless" 
       authentication-manager-ref="clientAuthenticationManager"
       use-expressions="true" xmlns="http://www.springframework.org/schema/security">
      <intercept-url pattern="/external/oauth/token" access="isFullyAuthenticated()" />
      <anonymous enabled="false" />
      <http-basic entry-point-ref="clientAuthenticationEntryPoint" />
      <!-- include this only if you need to authenticate clients via request parameters -->
      <custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" />
      <access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>

<oauth:authorization-server client-details-service-ref="clientDetails" 
        token-services-ref="tokenServices" 
        user-approval-handler-ref="userApprovalHandler" token-endpoint-url="/external/oauth/token">
        <oauth:authorization-code />
        <oauth:implicit />
        <oauth:refresh-token />
        <oauth:client-credentials />
        <oauth:password />
</oauth:authorization-server>

但是当我访问这个端点时的结果是

{
    error: "unauthorized"
    error_description: "An Authentication object was not found in the SecurityContext"
}

我错过了什么吗？请建议。

Answer 1

使用 spring-security-oauth2 2.0.5.RELEASE 或以上版本

在基于 Java 的配置中的一行中，经过测试并且工作正常，不知何故它覆盖了 TokenEndpoint 类的 RequestMapping 值。

@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {      

        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
            endpoints
                .pathMapping("/oauth/token", "<your custom endpoint>")
        }
}