1. 首頁
  2. 問答
  3. 爲什麼OAuth2AccessTokenSupport總是發送POST請求?

爲什麼OAuth2AccessTokenSupport總是發送POST請求?

2017-01-16 55 views
1

我正在使用Spring Boot + Spring Security OAuth2來使用Restful Oauth2服務。爲什麼OAuth2AccessTokenSupport總是發送POST請求?

我們的Oauth2服務始終期望HTTP GET,但OAuth2AccessTokenSupport始終發送HTTP POST。

結果:

導致405(不允許的方法);調用錯誤處理程序

protected OAuth2AccessToken retrieveToken(AccessTokenRequest request, OAuth2ProtectedResourceDetails resource, 
     MultiValueMap<String, String> form, HttpHeaders headers) throws OAuth2AccessDeniedException { 
    try { 
     this.authenticationHandler.authenticateTokenRequest(resource, form, headers); 

     this.tokenRequestEnhancer.enhance(request, resource, form, headers); 
     AccessTokenRequest copy = request; 

     ResponseExtractor delegate = getResponseExtractor(); 
     ResponseExtractor extractor = new ResponseExtractor(copy, delegate) { 
      public OAuth2AccessToken extractData(ClientHttpResponse response) throws IOException { 
       if (response.getHeaders().containsKey("Set-Cookie")) { 
        this.val$copy.setCookie(response.getHeaders().getFirst("Set-Cookie")); 
       } 
       return ((OAuth2AccessToken) this.val$delegate.extractData(response)); 
      } 
     }; 
     return ((OAuth2AccessToken) getRestTemplate().execute(getAccessTokenUri(resource, form), getHttpMethod(), 
       getRequestCallback(resource, form, headers), extractor, form.toSingleValueMap())); 
    } catch (OAuth2Exception oe) { 
     throw new OAuth2AccessDeniedException("Access token denied.", resource, oe); 
    } catch (RestClientException rce) { 
     throw new OAuth2AccessDeniedException("Error requesting access token.", resource, rce); 
    } 
} 

<b>protected HttpMethod getHttpMethod() { 
    return HttpMethod.POST; 
}</b> 

protected String getAccessTokenUri(OAuth2ProtectedResourceDetails resource, MultiValueMap<String, String> form) { 
    String accessTokenUri = resource.getAccessTokenUri(); 

    if (this.logger.isDebugEnabled()) { 
     this.logger.debug(new StringBuilder().append("Retrieving token from ").append(accessTokenUri).toString()); 
    } 

    StringBuilder builder = new StringBuilder(accessTokenUri); 
    String separator; 
    if (getHttpMethod() == HttpMethod.GET) { 
     separator = "?"; 
     if (accessTokenUri.contains("?")) { 
      separator = "&"; 
     } 

     for (String key : form.keySet()) { 
      builder.append(separator); 
      builder.append(new StringBuilder().append(key).append("={").append(key).append("}").toString()); 
      separator = "&"; 
     } 
    } 

    return builder.toString(); 
}

任何人都可以解釋我爲什麼OAuth2AccessTokenSupport總是返回POST和 如何發送HTTP GET請求

來源

2017-01-16 reddy90143

回答

0

要啓用令牌端點的GET請求,您需要添加在您的AuthorizationServerConfigurerAdapter中有以下內容:

@Override 
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { 
    endpoints.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST); 
}

至於爲什麼只默認的POST:我認爲這是由於GET請求可能發送用戶名和密碼信息作爲請求參數(這當然是密碼授予的情況)。這些可能在Web服務器日誌中可見,而POST主體數據不可用。

確實OAuth2用戶的RFC宣告請求訪問令牌時,客戶端必須使用HTTP POST(https://tools.ietf.org/html/rfc6749#section-3.2

來源

2017-01-19 10:04:51

相關問題

 相關問題