15

I'm currently working on a Oauth2 implementation with Spring Security, and I found many documentations that use ResourceServerConfigurerAdapter along with the WebSecurityConfigurerAdapter.

I hope someone can tell me the differences between the two configurations because I really get confused in which configure(HttpSecurity http) method to use since both classes offer one.

I've found some similar questions here in stackoverflow but there are not clearly answered.

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
ZiOS
  • 433
  • 2
  • 5
  • 14

1 Answers1

6

From reading the JavaDocs I think the only purpose it's to separate the concerns for OAuth2 Resources authentication from the WebSecurityConfigurerAdapters which contains all sorts of security filters.

Additionally it seems like you should add @EnableResourceServer annotation and provide a @Bean of type ResourceServerConfigurer via ResourceServerConfigurerAdapter. The annotation will basically create another WebSecurityConfigurerAdapters with an hard-coded order of 3.

So to summarise you will have 2 or more WebSecurityConfigurerAdapters but one is specific to OAuth2 authentications.

nuvio
  • 2,555
  • 4
  • 32
  • 58
  • Thanks ! that makes the picture more clear .. but when I implement the ResourceServer and the WebSecurity it seems that the first one get overwritten by the second, do you have any explanation to that ? – ZiOS Aug 31 '17 at 13:31
  • If you found any solution for this, please let me know, I am having same issue. here is my question https://stackoverflow.com/questions/47627226/basic-auth-oauth-implementation-in-spring-boot – Dev Sabby Dec 04 '17 at 14:05
  • @nuvio, can you please look into this issue https://stackoverflow.com/questions/53537133/unable-to-access-resources-with-access-token-spring-boot-oauth2/53546987 – vjnan369 Nov 30 '18 at 05:48