Restricted token endpoint to HTTP POST by default.

zhuxinjun · Jan 27, 2015 · 04f7b1a · 04f7b1a
1 parent 4f06660
commit 04f7b1a
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/...h2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java b/...h2/src/main/java/org/springframework/security/oauth2/provider/endpoint/TokenEndpoint.java
@@ -42,6 +42,7 @@
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 
 /**
@@ -66,7 +67,7 @@ public class TokenEndpoint extends AbstractEndpoint {
 
 	private OAuth2RequestValidator oAuth2RequestValidator = new DefaultOAuth2RequestValidator();
 
-	@RequestMapping(value = "/oauth/token")
+	@RequestMapping(value = "/oauth/token", method = RequestMethod.POST)
 	public ResponseEntity<OAuth2AccessToken> getAccessToken(Principal principal, @RequestParam
 	Map<String, String> parameters) {