How to apply spring security oauth 1.0 to sepcific URLs

Question

I have a project which has some controllers as well as a list of REST APIs(starting with url '/api/') in the same project. Now I have to apply spring security oauth to only the REST APIs. I couldn't find any documentation on applying the same. Is there any built-in functionality in spring security oauth or should we go for some kind of filter that would filter oauth requests and return some possible error codes for URLs(controller urls and others) other than the REST APIs(/api/) Any help is greatly appreciated.

Thank you.

Maksym Demidas Maksym Demidas · Accepted Answer · 2013-06-03T08:19:15

There is dedicated OAuth project for spring security. You can apply it only to some URLs using multiple http config elements. It may looks like this:

  <!-- REST API -->
  <http pattern="/api/**">
    ....
    <custom-filter ref="oauth2ProviderFilter" before="PRE_AUTH_FILTER"/>
    ....
  </http>

  <http pattern="/login.htm*" security="none"/>

  <!-- Additional filter chain for normal users -->
  <http>
    <intercept-url pattern='/**' access='ROLE_USER' />
    <form-login .../>
  </http>

  <oauth:resource-server id="oauth2ProviderFilter" .../>

How to apply spring security oauth 1.0 to sepcific URLs

1 Answers