我有一个ouath2模块,服务器在端口9999上运行,当我请求“ localhost:9999 / oauth / token”时,我确实获得了令牌。 但是,即使auth服务器和REST端点都在同一项目中(不同的模块,但它们彼此了解),控制器似乎也不在乎请求是否包含令牌。
现在,有趣的东西来了:
如果我将此代码添加到application.yml中,则控制器完全不关心身份验证。
security:
basic:
enabled: false
oauth2:
client:
client-id: acme
client-secret: acmesecret
access-token-uri: http://localhost:9999/oauth/token
user-authorization-uri: http://localhost:9999/oauth/authorize
resource:
user-info-uri: http://localhost:9999/user
token-info-uri: http://localhost:9999/oauth/check_token
auth:
server:
url: http://localhost:9999/oauth/check_token/
clientId: acme
clientSecret: acmesecret
oauth2:
resource:
userInfoUri: http://localhost:9999/user
但是,当我删除它并尝试请求控制器时,我得到了:
{
"timestamp": 1472114046044,
"status": 401,
"error": "Unauthorized",
"message": "Full authentication is required to access this resource",
"path": "/gamification/api/ebubo"
}
有任何想法吗? 任何人?
@ComponentScan("the_actual_package")丢失