Reputation: 829
Spring oauth2 / HttpSecurity http / ResourceServerConfigurer and WebSecurityConfigurerAdapter
I use Spring security with oauth2 but i have a question and i not found any answer, in many example of project you have 2 times configure(HttpSecurity http).
And also
So my question why to configure and when configure the http security in WebSecurityConfigurerAdapter or ResourceServerConfigurerAdapter?
Upvotes: 1
Views: 1839
Answers (1)
Reputation: 6571
The ResourceServerConfigurerAdapter is configured for different endpoints (see antMatchers) than the WebSecurityConfigurerAdapter.
The difference between those two adapters is, that the ResourceServerConfigurerAdapter uses a special filter that checks for the bearer token in the request to authenticate the request via OAuth2.
The WebSecurityConfigurerAdapter is used to authenticate the user via a session (form login in the case of your given examples).
Upvotes: 3
Related Questions
- 'org.springframework.http.HttpStatus org.springframework.http.client.ClientHttpResponse.getStatusCode()' error with springweb 6.0.x and oauth2
- spring-security-oauth2 vs spring-security-oauth2-core in Spring
- Configure Spring Security 5 Oauth 2 to use access_token uri parameter
- Use OAuth2 with Spring Security OAuth2 and reactor netty in a webflux project without servlet api
- How to register a custom BasicAuthenticationFilter AuthenticationProvider in Spring Boot using Spring Security OAuth2
- Spring OAuth2 : tokenInfoUri generates ClassCastException with RFC 7662 endpoint
- How to implement resource server and auth server using spring oauth2 with DB?
- spring ldap security without xml