我需要撤销令牌端点。它似乎在spring framework中没有，所以我添加了一个自定义的端点。添加了两个具有相同功能的方法（GET，DELETE）（为了发挥作用）：

@FrameworkEndpoint
@RequestMapping(
    value = {"oauth"},
    produces = MediaType.APPLICATION_JSON_VALUE
)
@Validated
public class RevokeTokenEndpoint {

  @Autowired
  private DefaultTokenServices tokenServices;

  @ResponseStatus(HttpStatus.NO_CONTENT)
  @GetMapping(value = "revoke")
  public void revokeToken(HttpServletRequest request) {
    String authorization = request.getHeader("Authorization");
    if (authorization != null && authorization.contains("Bearer")) {
      String tokenId = authorization.substring("Bearer".length() + 1);
      tokenServices.revokeToken(tokenId);
    }
  }

  @ResponseStatus(HttpStatus.ACCEPTED)
  @DeleteMapping(value = "revoke")
  public void revokeToken(Authentication authentication) {
    tokenServices.revokeToken(((OAuth2AuthenticationDetails) authentication
        .getDetails()).getTokenValue());
  }
}

如果我尝试GET方法，令牌被成功撤销：

curl -X GET -H "Authorization: Bearer e7683428-d06b-429a-9e76-91df9521c897" "http://localhost:8082/oauth/revoke"

2019-08-22 14:26:37.814 DEBUG o.s.w.s.DispatcherServlet - Completed 204 NO_CONTENT

在DELETEmethod情况下-编号：

2019-08-22 14:28:53.551 DEBUG o.s.b.a.a.l.AuditListener - AuditEvent [timestamp=2019-08-22T11:28:53.550Z, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: A8B4925366067778DC83CDE4066F1A62, type=org.springframework.security.access.AccessDeniedException, message=Access is denied}]

问题

对于如何为DELETEmethod创建有效的oauth/revoke端点（解决AUTHORIZATION_FAILURE问题），是否有任何建议？

更多详细信息

请注意，我也尝试了DELETEmethod的GET类似功能。
我的安全限制是：

@Override
protected void configure(HttpSecurity http) throws Exception {
  http
      .authorizeRequests()
      .antMatchers("/actuator/**", "/oauth/revoke")
      .permitAll()
      .anyRequest()
      .authenticated();
}