Могу ли я отправить учетные данные OAuth 2.0 в теле запроса вместо заголовка?

В настоящее время я использую spring security с OAuth 2.0 включен и все на месте и работает нормально!

http://localhost:8080/SpringSecurityOAuth2Example/oauth/token?grant_type=password&username=kalynpradhan@gmail.com&password=abc

Я отправляю учетные данные клиента в заголовке запроса, как показано выше, т.е. username=kalynpradhan@gmail.com а также password=abc

Могу ли я отправить конфигурацию OAuth 2.0 в теле запроса вместо заголовка запроса?

Есть ли какая-нибудь конфигурация, с помощью которой я могу заставить OAuth весной принимать токены в теле запроса?

ниже мои файлы конфигурации для весенней безопасности, использующей OAuth 2.0

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

    private static String REALM = "MY_OAUTH_REALM";

    /*
     * The token store is the store where all the tokens are stored, It can be
     * InMemory, JDBC, etc.
     */
    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private UserApprovalHandler userApprovalHandler;

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

    /**
     * SpringData JPA dataSource injected.
     */
    @Autowired
    private DataSource dataSource;

    /**
     * Autowiring the {@link CustomUserDetailsService} for configuring the
     * {@link UserDetailsService} which provides the required user details to
     * the security context.
     * 
     * This extra implementation of the userDetailsService is necessary because
     * after OAuth 2.0 version - 2.0.10.RELEASE the UserDetails service is not
     * automatically extracted from the context.
     * 
     * Here is a link to the documentation in the gitHub community. <a href=
     * "https://github.com/royclarkson/spring-rest-service-oauth/issues/19">
     * Documentation</a>
     */
    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        //@formatter:off
        clients.jdbc(dataSource);/*.withClient("my-trusted-client")
                .authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit")
                .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT").scopes("read", "write", "trust").secret("secret")
                .accessTokenValiditySeconds(120).// Access token is only valid for 2 minutes.
                refreshTokenValiditySeconds(600);// Refresh token is only valid for 10 minutes.
        //@Formatter:on
*/  }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.tokenStore(tokenStore).userApprovalHandler(userApprovalHandler)
                .authenticationManager(authenticationManager).userDetailsService(userDetailsService);
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.realm(REALM + "/client");
    }
}

WebSecurityConfigurerAdapter config

@Configuration
@EnableWebSecurity
public class OAuth2SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private ClientDetailsService clientDetailsService;

    @Autowired
    private DataSource dataSource;

    @Autowired
    private AuthenticationProvider authenticationProvider;

    /**
     * Defines custom authentication provider.
     */
    @Override
    protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
        authManagerBuilder.authenticationProvider(authenticationProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().anonymous().disable().authorizeRequests().antMatchers("/oauth/token").permitAll();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/students/**");
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Bean
    @Autowired
    public TokenStoreUserApprovalHandler userApprovalHandler(TokenStore tokenStore) {
        TokenStoreUserApprovalHandler handler = new TokenStoreUserApprovalHandler();
        handler.setTokenStore(tokenStore);
        handler.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
        handler.setClientDetailsService(clientDetailsService);
        return handler;
    }

    /**
     * This Approval store is used to direct the OAuth server to use the
     * tokenStore that is exposed as a spring bean and uses the database to
     * store all the tokens.
     * 
     * @param tokenStore
     * @return The Approval store which uses the tokenStore injected into the
     *         spring context as a bean.
     * @throws Exception
     */
    @Bean
    @Autowired
    public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
        TokenApprovalStore store = new TokenApprovalStore();
        store.setTokenStore(tokenStore);
        return store;
    }
}

Конфигурация сервера ресурсов

@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    private static final String RESOURCE_ID = "my_rest_api";

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(RESOURCE_ID).stateless(false);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.anonymous().disable().requestMatchers().antMatchers("/user/**").and().authorizeRequests()
                .antMatchers("/user/**").access("hasRole('ADMIN')").and().exceptionHandling()
                .accessDeniedHandler(new OAuth2AccessDeniedHandler());
    }

}