Spring Security OAuth2禁用基于jsessionid的会话
- 在我看来,
/v1.0/printconfig/
OAuth2受保护的资源位于后面OAuth2AuthenticationProcessingFilter
,并且您的客户端发送了cookie而不是令牌?如果正确,那么您将看到2.0.5中的默认行为(接受cookie,并让您在自己的配置中控制访问规则)。默认在2.0.6中更改(除非明确配置资源服务器,否则cookie将不起作用:[https](https://github.com/spring- - projects/spring-security-oauth/blob/master/spring-security-
- oauth2/src/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/ResourceServerSecurityConfigurer.java#L94)
- //github.com/spring-projects/spring-security-oauth/blob/master/spring-
security-oauth2/src
/main/java/org/springframework/security/oauth2/config/annotation/web/configurers/ResourceServerSecurityConfigurer.java#L94)。
