Reputation: 433
ResourceServerConfigurerAdapter vs WebSecurityConfigurerAdapter
I'm currently working on a Oauth2 implementation with Spring Security, and I found many documentations that use ResourceServerConfigurerAdapter along with the WebSecurityConfigurerAdapter.
I hope someone can tell me the differences between the two configurations because I really get confused in which configure(HttpSecurity http) method to use since both classes offer one.
I've found some similar questions here in stackoverflow but there are not clearly answered.
Upvotes: 15
Views: 11136
Answers (1)
Reputation: 2625
From reading the JavaDocs I think the only purpose it's to separate the concerns for OAuth2 Resources authentication from the WebSecurityConfigurerAdapters which contains all sorts of security filters.
Additionally it seems like you should add @EnableResourceServer annotation and provide a @Bean of type ResourceServerConfigurer via ResourceServerConfigurerAdapter. The annotation will basically create another WebSecurityConfigurerAdapters with an hard-coded order of 3.
So to summarise you will have 2 or more WebSecurityConfigurerAdapters but one is specific to OAuth2 authentications.
Upvotes: 6
Related Questions
- Replace WebSecurityConfigurerAdapter in Spring boot for ResourceServerConfigurerAdapter
- OAuth2 Whats the point of WebSecurityConfigurerAdapter rules since it has no priority over ResourceServerConfigurerAdapter
- Difference between AuthorizationServerConfigurerAdapter vs WebSecurityConfigurerAdapter
- Difference between WebMvcConfigurer and WebSecurityConfigurerAdapter
- spring security: @EnableResourceServer vs oauth2ResourceServer()
- Spring @EnableResourceServer vs @EnableOAuth2Sso
- WebSecurityConfigurerAdapter overrides EnableResourceServer?
- Relation between WebSecurityConfigurerAdapter and ResourceServerConfigurerAdapter
- Spring Boot and OAuth2, WebSecurityConfigurerAdapter vs ResourceServerConfigurerAdapter
- Spring oauth2 / HttpSecurity http / ResourceServerConfigurer and WebSecurityConfigurerAdapter