Spring oauth2 / HttpSecurity http / ResourceServerConfigurer and WebSecurityConfigurerAdapter

1
votes

I use Spring security with oauth2 but i have a question and i not found any answer, in many example of project you have 2 times configure(HttpSecurity http).

For example in https://github.com/spring-projects/spring-security-oauth/blob/master/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/SecurityConfiguration.java

And also

https://github.com/spring-projects/spring-security-oauth/blob/master/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/OAuth2ServerConfig.java

So my question why to configure and when configure the http security in WebSecurityConfigurerAdapter or ResourceServerConfigurerAdapter?

1
spring-securityspring-bootspring-security-oauth2

1 Answers

3
votes

The ResourceServerConfigurerAdapter is configured for different endpoints (see antMatchers) than the WebSecurityConfigurerAdapter.

The difference between those two adapters is, that the ResourceServerConfigurerAdapter uses a special filter that checks for the bearer token in the request to authenticate the request via OAuth2.

The WebSecurityConfigurerAdapter is used to authenticate the user via a session (form login in the case of your given examples).