Spring mvc Spring OAuth2未重定向到访问令牌

我一直在尝试配置SpringOAuth2。我们取得了部分成功

为了测试我一直在使用SOAPui并将重定向uri设置为“urn:ietf:wg:oauth:2.0:oob”

我的系统的问题是，我可以去获取授权代码，但它不会重定向到授权服务器以获取访问代码。我一直在查看日志，我发现URL没有在那里定义，它没有执行/app/oauth/token？code=OB05Cb，而是在URL上执行？code=OB05Cb

调试：org.springframework.web.servlet.DispatcherServlet-呈现视图[org.springframework.web.servlet.view.RedirectView:未命名；URL[urn:？code=OB05Cb]]

然后，它显示在我的SoapUI上找不到的页面，并停止工作流

我相信我错过了某个截获器，而这个截获器并没有这样做。我不知道为什么它没有前进。有人能给我一些提示吗？谢谢

我使用的是SpringOAuth2版本2.0.3.0 4.0.5.1发布 3.2.5.1发布

这是我的配置文件

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:sec="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2.xsd">

<beans:bean id="tokenStore"
    class="com.nando.api.service.CassandraTokenStore" />

<beans:bean id="codes"
        class="com.nando.api.service.CassandraAuthorizationCodeService" />

<beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
        <beans:property name="tokenStore" ref="tokenStore"/>
</beans:bean>

<!-- Added this -->
<beans:bean id="authenticationManager" class="org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager">
        <beans:property name="resourceId" value="nando"/>
        <beans:property name="tokenServices" ref="tokenServices"/>
</beans:bean>

<beans:bean id="tokenExtractor" 
           class="org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor"/>

   <beans:bean id="userService" class="com.nando.api.service.DefaultUserService" />
    <beans:bean id="webServiceClientService"
        class="com.nando.api.service.DefaultWebServiceClientService" />
    <beans:bean id="clientDetailsUserService"
        class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
        <beans:constructor-arg ref="webServiceClientService" />
        <!-- might need or not to set the passwordEncoder -->
        <!-- <beans:property name="passwordEncoder" ref="passwordEncoder" /> -->
    </beans:bean>

<beans:bean id="oauthRequestFactory"
    class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
    <!-- Added this -->
    <beans:property name="checkUserScopes" value="true" />
    <!-- TODO arguments here -->
    <beans:constructor-arg name="clientDetailsService"
        ref="webServiceClientService" />
</beans:bean>

<beans:bean id="userApprovalHandler"
        class="org.springframework.security.oauth2.provider.approval.TokenStoreUserApprovalHandler">
        <!-- TODO here -->
        <beans:property name="requestFactory" ref="oauthRequestFactory" />
        <beans:property name="tokenStore" ref="tokenStore" />
        <beans:property name="clientDetailsService" ref="webServiceClientService" />
    </beans:bean>

<beans:bean id="resolver" class="org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver" />

<beans:bean id="requestValidator" class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestValidator" />

 <oauth2:authorization-server client-details-service-ref="webServiceClientService" 
 token-services-ref="tokenServices" user-approval-page="/oauth/userapproval" 
 error-page="/oauth/error" authorization-endpoint-url="/oauth/authorize" token-endpoint-url="/oauth/token" user-approval-handler-ref="userApprovalHandler">
 <oauth2:authorization-code
            authorization-code-services-ref="codes" />
        <oauth2:refresh-token/>
        <oauth2:password/>
 </oauth2:authorization-server>

<!-- Spring Security Authentication Managers -->

<beans:bean id="passwordEncoder"
        class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />

<sec:authentication-manager alias="userAuthenticationManager">
        <sec:authentication-provider user-service-ref="userService">
            <sec:password-encoder ref="passwordEncoder"/>
        </sec:authentication-provider>
</sec:authentication-manager>

<sec:authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
        <sec:authentication-provider user-service-ref="clientDetailsUserService"/>
</sec:authentication-manager>

<oauth2:resource-server id="oauth2ProviderFilter" 
            authentication-manager-ref="authenticationManager" token-extractor-ref="tokenExtractor" token-services-ref="tokenServices"/>

<beans:bean id="sessionRegistry"
        class="org.springframework.security.core.session.SessionRegistryImpl" />

<beans:bean id="webSecurityExpressionHandler"
        class="org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler" />

<beans:bean id="methodSecurityExpressionHandler"
        class="org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler" />

<beans:bean id="oauthAccessDeniedHandler"
        class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />

<beans:bean id="oauthAuthenticationEntryPoint"
        class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint" />


<sec:global-method-security pre-post-annotations="enabled"
        order="0" proxy-target-class="true">
        <sec:expression-handler ref="methodSecurityExpressionHandler" />
</sec:global-method-security>


<sec:http security="none" pattern="/resource/**" />
<sec:http security="none" pattern="/favicon.ico" />

<beans:bean id="corsFilter" class="com.nando.api.filters.SpringCrossOriginResourceSharingFilter"/>

<!-- Maybe change the create-session here -->
<sec:http use-expressions="true" create-session="stateless"
    authentication-manager-ref="userAuthenticationManager"
    entry-point-ref="oauthAuthenticationEntryPoint" pattern="/oauth/token">
    <sec:intercept-url pattern="/oauth/token" access="hasAuthority('OAUTH_CLIENT')" />
    <sec:http-basic />
    <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
    <sec:expression-handler ref="webSecurityExpressionHandler" />
    <sec:custom-filter ref="corsFilter" after="LAST"/>
</sec:http>

<!-- Here is where the Services endpoints are secured -->
<sec:http use-expressions="true" create-session="never"
    entry-point-ref="oauthAuthenticationEntryPoint" pattern="/services/**">
    <sec:intercept-url pattern="/services/**"
        access="hasAuthority('USE_WEB_SERVICES')" />
    <sec:custom-filter ref="oauth2ProviderFilter" before="PRE_AUTH_FILTER" />
    <sec:access-denied-handler ref="oauthAccessDeniedHandler" />
    <sec:expression-handler ref="webSecurityExpressionHandler" />
</sec:http>

<!-- General security -->
<sec:http use-expressions="true">
    <sec:intercept-url pattern="/session/list"
        access="hasAuthority('VIEW_USER_SESSIONS')" />
    <sec:intercept-url pattern="/oauth/**"
        access="hasAuthority('USE_WEB_SERVICES')" />
    <sec:intercept-url pattern="/login/**" access="permitAll()" />
    <sec:intercept-url pattern="/login" access="permitAll()" />
    <sec:intercept-url pattern="/scope/**" access="permitAll()" />
    <sec:intercept-url pattern="/scope" access="permitAll()" />
    <sec:intercept-url pattern="/logout" access="permitAll()" />
    <sec:form-login default-target-url="/" login-page="/login"
        login-processing-url="/login/submit" authentication-failure-url="/login?loginFailed"
        username-parameter="username" password-parameter="password" />
    <sec:logout logout-url="/logout" logout-success-url="/login?loggedOut"
        delete-cookies="JSESSIONID" invalidate-session="true" />
    <sec:session-management invalid-session-url="/login"
        session-fixation-protection="changeSessionId">
        <sec:concurrency-control error-if-maximum-exceeded="true"
            max-sessions="1" session-registry-ref="sessionRegistry" />
    </sec:session-management>
    <sec:csrf />
    <sec:expression-handler ref="webSecurityExpressionHandler" />
</sec:http>

</beans:beans>

我认为您必须在服务器端手动将代码交换为accessToken。这似乎不合逻辑。事实上，URL是[org.springframework.web.servlet.view.RedirectView:unnamed；URL[urn:？code=OB05Cb]]，而不是完整的内容，在我看来，似乎有什么地方出错了。不，这一切都正常。如果您稍微阅读一下规范，您将看到非常明确地定义了流。您需要将身份验证代码交换为访问令牌。我甚至无法转到/oauth/token。我已经检查了我添加的安全过滤器：DelegatingFilterProxy DelegatingFilterProxy=new org.springframework.web.filter.DelegatingFilterProxy（“springSecurityFilterChain”）；FilterRegistration.Dynamic securityFilterDynamic=container.addFilter（“securityFilter”，delegatingFilterProxy）；securityFilterDynamic.addMappingForUrlPatterns（EnumSet.allOf（DispatcherType.class），true，“/*”；试着这样做：http:///oauth/token ，添加标头Authorization:Basic和发送请求参数grant\u type=Authorization\u code&code=OB05Cb&redirect\u uri=