The specific cause of this problem is generally the following two points:
1. In the authorized section we generally authorize by using our own login action HTTP BASIC, while we use spring security only exposed the login interface, which means that the other interfaces are in spring Security protection, including the/oauth interface.
2. Use/oauth/authorize?grant_type=password&username=user&password=pwd&client_id=app after authorization via 1 post mode &response_type=code&redirect_uri=http://localhost way to authorize, this is possible, but in the next post way to/oauth/ Token this interface to get Access_token, will find this time authentication use is not the previous authorization of the authentication, but the use of the anonymous landing of the authentication, So the front of the authentication can not be used normally, it will be 401 authentication is required.
We can solve this problem in the following way, in Authenticationserverconfig this configuration, Enabling Authenticationserversecurityconfiguration Allowformauthenticationforclients allows the client to authorize authentication by using form , you can refer to the following code:
@Override public
void Configure (Authorizationserversecurityconfigurer oauthserver) throws Exception {
// Enable client to get the authenticated if using The/oauth/token to get a access token
//there is a 401 Authenticati On are required if it doesn ' t allow form authentication for clients when Access/oauth/token
oauthserver.allowformauthe Nticationforclients ();
}