Menu
What is the difference between using @EnableResourceServer and using HttpSecurity.oauth2ResourceServer()? Why should I use one or the other?
376
@EnableResourceServer is an annotation from the Spring Security OAuth project that is being replaced by new OAuth features in Spring Security 5. In essence, it loads ResourceServerConfiguration, which extends WebSecurityConfigurerAdapter and configures it, creating a filter chain that gives your application resource server functionality. Check out the docs or its source code for more info.
http.oauth2ResourceServer() is in the current Spring Security 5 reference and is the way to go. It creates a BearerTokenAuthenticationFilter that intercepts requests, extracts any Bearer Tokens and attempts to authenticate. For more details, check out the source code for the filter or for the configurer that creates the filter.
103
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
