Spring 使用 Oauth2的第三方对接和token

本文章不对token的验证操作，只是第三方的模块对Oauth2的使用，使用场景，对一整套系统进行模块化开发，子模块的api采用主枝模块的Oauth2进行安全性验证

在pom.xml中添加依赖

<dependency>
    <groupId>org.springframework.security.oauth</groupId>
    <artifactId>spring-security-oauth2</artifactId>
</dependency>

在dev.yml文件中添加

security:

  oauth2:
    client:
      access-token-uri: http://localhost:8080/oauth/token
      client-id: locaca-66
      client-secret: dsmfksdmfs
      client-authentication-scheme: form
      grant-type: client_credentials
    resource:

      user-info-uri: http://localhost:8080/api/check_token

token的验证地址为 http://localhost:8080/api/check_token 

新增类

@RestController
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private ApplicationContext applicationContext;

    /**
     * CORS过滤器，填加CORS头
     * @return CORS过滤器，供Spring使用。
     */
    @Bean
    public CorsFilter corsFilter() {
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        final CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.addAllowedHeader("*");
        config.addAllowedMethod("GET");
        config.addAllowedMethod("PUT");
        config.addAllowedMethod("POST");
        config.addAllowedMethod("DELETE");