oauth2通过/oauth/token接口请求获取token,以下为oauth2源码中获取token代码能看到allowedRequestMethods中只存放了post的请求所以默认为只支持post请求。
但我们需要通过get请求或者别的请求去访问怎么实现呢?例如nigix做域名跳转时,默认将post的请求更改为get请求,这个时候/oauth/token就获取不到token了。
private Set<HttpMethod> allowedRequestMethods = new HashSet<HttpMethod>(Arrays.asList(HttpMethod.POST));
@RequestMapping(value = "/oauth/token", method=RequestMethod.GET)
public ResponseEntity<OAuth2AccessToken> getAccessToken(Principal principal, @RequestParam
Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
if (!allowedRequestMethods.contains(HttpMethod.GET)) {
throw new HttpRequestMethodNotSupportedException("GET");
}
return postAccessToken(principal, parameters);
}
@RequestMapping(value = "/oauth/token", method=RequestMethod.POST)
public ResponseEntity<OAuth2AccessToken> postAccessToken(Principal principal, @RequestParam
Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
根据以上需求优先想到的是通过修改配置文件往allowedRequestMethods中加入get方法,具体该方式未实现,以下为添加配置类实现配置更新
@Configuration
public class AllowedMethodConfig {
@Autowired
private TokenEndpoint tokenEndpoint;
@PostConstruct
public void reconfigure() {
Set<HttpMethod> allowedMethods =
new HashSet<>(Arrays.asList(HttpMethod.GET, HttpMethod.POST));
tokenEndpoint.setAllowedRequestMethods(allowedMethods);
}
}
添加以上类,重新启动完成后就能通过get请求/oauth/token获取token。
以上为全部内容,如有问题或建议希望大家指出。