当Authorization Server也是资源服务器时，如何配置oAuth2

我正在尝试使用授权代码授权或隐式授权在spring boot 2.xx中设置一个非常基本的oAuth2身份验证，但我似乎无法访问资源服务器（它与授权服务器位于相同的spring引导应用程序中）获得令牌后。

以下是WebSecurityConfigurerAdapter的配置

@EnableWebSecurity
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    private static final String[] IGNORE_URIS = {
            "/swagger-resources/**",
            "/swagger-ui.html",
            "/v2/api-docs",
            "/webjars/**",
            "/resources/**",
            "/h2-console/**",
            "/common/**",
            "/configuration/ui",
            "/configuration/security",
            "/error"
    };

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }


    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers(IGNORE_URIS);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
                .antMatchers("/product/**")
                .hasAnyRole("ADMIN").and()
                .httpBasic().and().formLogin().and().authorizeRequests().anyRequest().authenticated();

    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("admin").password("{noop}admin").roles("ADMIN");
    }

    @Bean
    public PasswordEncoder bCrypt() {
        return new BCryptPasswordEncoder();
    }

和AuthorizationServerConfigurerAdapter

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

    private final AuthenticationManager authenticationManager;

    @Autowired
    public AuthorizationServerConfiguration(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        this.authenticationManager = authenticationConfiguration.getAuthenticationManager();
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients
                .inMemory()
                .withClient("my-client-id")
                .authorizedGrantTypes("authorization_code", "implicit")
                .authorities("ADMIN")
                .scopes("all")
                .resourceIds("product_api")
                .secret("{noop}secret").redirectUris("https://google.com").accessTokenValiditySeconds(0);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.tokenKeyAccess("permitAll()")
                .checkTokenAccess("permitAll()");
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManager);
    }
}

到现在为止还挺好。通过在浏览器中键入以下Url，我可以访问默认的Spring登录页面。

http://localhost:8080/oauth/authorize?response_type=token&client_id=my-client-id&redirect_uri=https://google.com

然后登录页面出现，我输入我的凭据。

登录后，我可以授予对“my-client-id”应用程序的访问权限。

最后，在我批准应用程序后，我可以在浏览器的URL栏中看到新生成的访问令牌，就像这样。

https://www.google.com/#access_token=f2153498-6a26-42c6-93f0-80825ef03b16&token_type=bearer&scope=all

我的问题是，当我还配置资源服务器时，所有这些流程都不起作用。

@EnableResourceServer
@Configuration
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId("product_api");
    }


    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .requestMatchers()
                .antMatchers("/**")
                .and().authorizeRequests()
                .antMatchers("/**").permitAll();
    }
}

我究竟做错了什么？当我尝试像以前一样访问oauth/authorize网址时，我得到以下内容：

为什么？如何访问登录页面并检索令牌？我错过了什么？