EnableResourceServer breaks oAuth2 authorization server

Question

I implemented oAuth2 authorization server using Spring Boot version 1.5.2.RELEASE. The authorization server supports implicit flow. With the WebSecurityConfig below the login fo

Answer 1

The cause of the problem was wrong configuration of http security in the ResourceServerConfig class. The correct configuration is as follows:

@Override
public void configure(HttpSecurity http) throws Exception {
    http
            .requestMatchers().antMatchers("/api/**").and()
            .authorizeRequests().anyRequest().authenticated();
}

The requestMatchers will ensure that only requests on paths starting with "/api/" will be processed by this security chain. All other requests will be passed to the security chain defined in the WebSecurityConfig class. I was missing this in my config so all requests were processed by the ResourceServerConfig security chain and none request reached the WebSecurityConfig security chain.