@ EnableOAuth2Sso不检查令牌是否已过期

Question

我已经在我的资源服务和用户界面之前实现了一个作为oauth2客户端的网关。除了当令牌到期我收到

<oauth> 
    <error_description>bfc5a9f6-0537-4ab9-91c1-e756501b429d</error_description> 
    <error>invalid_token</error> 
</oauth> 

检查，我发现网关正在考虑用户的认证为会话日志已经存在

2017-06-21 09:17:34.311 DEBUG 32482 --- [nio-8080-exec-6] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.oauth2.provider.OAuth2Authentication@a80f4caf: Principal: user; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=0:0:0:0:0:0:0:1, sessionId=<SESSION>, tokenType=bearertokenValue=<TOKEN>; Granted Authorities: ROLE_ACTUATOR, ROLE_USER 
2017-06-21 09:17:34.311 DEBUG 32482 --- [nio-8080-exec-6] o.s.s.access.vote.AffirmativeBased  : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@1aaae9c5, returned: 1 

每一件事情是工作好，而我的资源服务或UI不要

2017-06-21 09:17:34.532 WARN 32484 --- [nio-9001-exec-1] o.s.b.a.s.o.r.UserInfoTokenServices  : Could not fetch user details: class org.springframework.security.oauth2.client.resource.UserRedirectRequiredException, A redirect is required to get the users approval 

网关配置

@SpringBootApplication 
@EnableDiscoveryClient 
@EnableZuulProxy 
public class GatewayApplication { 

    public static void main(String[] args) { 
     SpringApplication.run(GatewayApplication.class, args); 
    } 
} 

@Configuration 
@EnableOAuth2Sso 
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter { 


    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
       .csrf() 
       .disable() 
       .authorizeRequests() 
       .anyRequest().authenticated(); 

    } 

} 

security: 
    oauth2: 
    client: 
     accessTokenUri: http://localhost:9191/uaa/oauth/token 
     userAuthorizationUri: http://localhost:9191/uaa/oauth/authorize 
     clientId: acme 
     clientSecret: acmesecret 
    resource: 
     user-info-uri: http://localhost:9191/uaa/user 
     prefer-token-info: false 
zuul: 
    ignored-services: '*' 
    routes: 
    authserver: /uaa/** 
    resource-service: /resource/** 
    ui: 
     path: /ui/** 
     strip-prefix: false 

UI配置或任何资源服务器

@SpringBootApplication 
@EnableDiscoveryClient 
@EnableResourceServer 
public class UiApplication { 

    public static void main(String[] args) { 
     SpringApplication.run(UiApplication.class, args); 
    } 
} 

security: 
    oauth2: 
    resource: 
     user-info-uri: http://localhost:9191/uaa/user 
server: 
    port: 9001 
    context-path: /${spring.application.name} 

我做什么期望，并试图做的是，网关检查如果令牌是有效的，如果它不将用户重定向到登录页面或使用刷新标记更新令牌？

Answer 1

交谈@戴夫 - syer对小胶质后，他告诉我，我们需要声明OAuth2RestOperations网关里面，因为默认情况下不会在spring-boot创建，它是需要请求刷新令牌在OAuth2TokenRelayFilter

所以只需加入下面固定的每件东西

@Bean 
public OAuth2RestOperations oAuth2RestOperations(OAuth2ClientContext oauth2ClientContext, OAuth2ProtectedResourceDetails details) { 
    OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(details, oauth2ClientContext); 
    return oAuth2RestTemplate; 
}