Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ResourceServerConfigurerAdapter vs WebSecurityConfigurerAdapter

I'm currently working on a Oauth2 implementation with Spring Security, and I found many documentations that use ResourceServerConfigurerAdapter along with the WebSecurityConfigurerAdapter.

I hope someone can tell me the differences between the two configurations because I really get confused in which configure(HttpSecurity http) method to use since both classes offer one.

I've found some similar questions here in stackoverflow but there are not clearly answered.

like image 531
ZiOS Avatar asked Aug 31 '17 11:08

ZiOS


1 Answers

From reading the JavaDocs I think the only purpose it's to separate the concerns for OAuth2 Resources authentication from the WebSecurityConfigurerAdapters which contains all sorts of security filters.

Additionally it seems like you should add @EnableResourceServer annotation and provide a @Bean of type ResourceServerConfigurer via ResourceServerConfigurerAdapter. The annotation will basically create another WebSecurityConfigurerAdapters with an hard-coded order of 3.

So to summarise you will have 2 or more WebSecurityConfigurerAdapters but one is specific to OAuth2 authentications.

like image 184
nuvio Avatar answered Nov 16 '22 01:11

nuvio