How to disable default Spring OAuth2 REST APIs?

Question

We use the following version of spring-security-oauth2:

<dependency>
        <groupId>org.springframework.security.oauth</groupId>
        <artifactId>spring-security-oauth2</artifactId>
        <version>2.0.11.RELEASE</version>
</dependency>

When enabling the authorizationserver and configuring it, the framework enables default APIs like "/oauth/check_token" or "/oauth/token_key".

I don´t use these APIs (except "oauth/token") and want to disable them to prevent misusage. Currently I am overriding the mapping of these urls as a workaround. I tried to use an exclude filter on component scan, but it had no effect. Is there a more convenient way to disable those APIs?

Answer 1

According to Maven documentation :

Optional dependencies are used when it's not possible (for whatever reason) to split a project into sub-modules. The idea is that some of the dependencies are only used for certain features in the project and will not be needed if that feature isn't used. Ideally, such a feature would be split into a sub-module that depends on the core functionality project. This new subproject would have only non-optional dependencies, since you'd need them all if you decided to use the subproject's functionality.

However, since the project cannot be split up (again, for whatever reason), these dependencies are declared optional. If a user wants to use functionality related to an optional dependency, they have to redeclare that optional dependency in their own project. This is not the clearest way to handle this situation, but both optional dependencies and dependency exclusions are stop-gap solutions.

To use optional dependecies you must use the tag in the artifact